General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Panorama 8.1 in VM question

Hi I was just checking out my VMWare vm setup for my Panorama VM. and it has 2 interfaces on it. how does that match up to the setup interfaces page so 1 is management and 1 is eth1 ? how can i tell and why have 2 ?

Resolved! GlobalProtect Client Profile Question

As the title my question in my mind is relatively straight forward.. when a globalprotect client sucesffuly makes a vpn connection... is there any local profile settings saved to a file on the pc / mac? If so, where are these logs saved / folder path? On Macos...On Windows...

carterg by L2 Linker
  • 4264 Views
  • 1 replies
  • 0 Likes

Can we export Security Policies and Service Objects to from Firewall to Panorama?

Hi All, I have configured some security policies and service objects on my lab environment which consists of VM-100 Firewall for ESXi running PAN OS 8.1.0. Can I export my settings to production environment which consists of 8 ESXi hosts, Panorama and VM-500 for NSX per host. Would I be able to export securuty policies from VM-100 for ESXi to Pa...

Universal policy Implicit Deny blocking Intrazone Traffic

Hi All, I configured the implicit deny (Universal Policy) policy at the bottom of security policies but after that, I could see that some of the Intrazone access got denied by the implicitly deny policy. How we can achieve the Implicit deny policy without affecting the intrazone connections ?? Thanks in Advance...

gpsriram by L0 Member
  • 3198 Views
  • 2 replies
  • 0 Likes

Do not see deny in traffic logs for traffic to internal server accessible via Public IP

We have server reachable via Public IP say on port 13001 and 13002 We have Security rule Source any Zone outside Destination 173.82.x.x IP of server Zone inside port 13001 Here i have not included the port 13002. I have correct NAT policy for this. When i see traffic logs i see Source any destination server public ip address port 13002 a...

MP18 by Cyber Elite
  • 3258 Views
  • 3 replies
  • 0 Likes

Migrating multiple HA pairs to Panorama

Hello, We need to migrate multiple firewall clusters to Panorama. I read the guides but there are still some questions about objects and IP addresses, certificates, etc... Once I have migrated one cluster, what about the other ones if they have some objects with the same IP addresses (local networks, DMZ, etc..). Will they be imported ? Do I nee...

Hurtolak by L0 Member
  • 2173 Views
  • 1 replies
  • 0 Likes

Session Ownership in Active/Active HA scenario

Hi There, I will be greatful if anyone can please help me to understand the below which is taken from https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/high-availability/session-owner.html "You configure the session owner of sessions to be either the firewall that receives the First Packet of a new session from the end host or the fire...

Configuring OSPF & Multicast in Palo Alto firewall sub-interface

We have a requirement to configure OSPF & multicast in a sub-interface of Palo Alto for one of our customers. I would like to understand how it would impact the CPU, memory and throughput and the guidelines and best practices to be followed while configuring OSPF. A comparison against having static routes vs processing OSPF routes. Please su...

MGRashmi by L2 Linker
  • 4055 Views
  • 2 replies
  • 0 Likes

Resolved! HA link port failures and failover

I have a pair of 5220s configured with HA1, HA1 Backup, HA2, and HA2 Backup links in use. All HA links show to be up and running. I have left all of the other knobs for tuning link and path monitoring off, taking all of the defaults. No preemption, etc. I am running in an Active/Passive configuration. When I disconnect HA1 and HA1 Backup, at n...

Global Protect client for linux

Hey all,I've just updated the global protect version to 4.1.8In the docs, it says that the client supports linux.I've followed that doc:https://docs.paloaltonetworks.com/globalprotect/4-1/globalprotect-app-user-guide/globalprotect-app-for-linux/download-and-install-the-globalprotect-app-for-linux#It says I should download the package "PanGPLinux...

MPI-AE by L4 Transporter
  • 11540 Views
  • 9 replies
  • 0 Likes

Resolved! PA 3050 PAN-OS Upgrade Path

I am currently looking to upgrade my HA pair of 3050s from 7.1.10 to 8.1.6 and per Palo Alto's best practices guide, it is recommended to upgrade to the latest maintenance release prior going to the next major one. As it stands per that best practice guide, I would be to going to 7.1.22, 8.0, 8.0.16, 8.1, 8.1.6 and I am wondering if anyone has d...

PAN OS 8.1.5 - Thoughts?

Hi there! Has anybody had the chance to play with PAN OS 8.1.5 yet in Production? Are there any noticable issues? I've been locked into this killchain of bugs ever since we made the leap to 8.1.0, and I'm just wondering if this build will be the "stable" release.

Fr4nk4 by L2 Linker
  • 16865 Views
  • 18 replies
  • 0 Likes

Resolved! Unallowed to apply NAT rule

Hello, I'm trying to configure double NAT rule (SNAT + DNAT) using Panorama 8.1.4 managing PA 5220 devices running PanOS 8.0.14. I can valid / commit configuration on Panorama, but when pushing config to devices I get following error message : vsys -> vsys4 -> rulebase -> nat -> rules -> Exchange-vers-SMTP -> dynamic-destinatio...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels