General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 371 Views
  • 0 replies
  • 2 Likes

Resolved! Captive Portal and MFA

 

I have configured captive portal with MFA.

Primary auth method is radius and secondary is duo-security.

 

Under network  

 

Global Protect

 

Portal config is done

 

Do I need any config under gateway???????

 

My understanding is that we need  gateway config on

...

MP18 by Cyber Elite
  • 1941 Views
  • 1 replies
  • 0 Likes

Resolved! Purpose of Authen Profile under Global Protect Gateway

 

We have configured MFA using CP and using RSA as Second  authen.

 

Under Network

 

Portal                   Authen--------------Radius

 

Gateway             Authen ----------------Radius

 

Under Device

 

CP  -  Authen ---------RSA

 

Why we need Authen profile u

...

MP18 by Cyber Elite
  • 2177 Views
  • 3 replies
  • 0 Likes

show counter global filter delta yes -----drops

when i run command

 

show counter global filter delta yes

 

i see below counters incrementing  need to understand which are these drops and why PA is dropping these packets?

do they impact the performance of the PA?

 

flow_tcp_non_syn_drop    

 

flow_fpga_egr

...

MP18 by Cyber Elite
  • 4243 Views
  • 2 replies
  • 0 Likes

Resolved! logical int counters - packets dropped

 

 

Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 21513660
bytes transmitted 2835
packets received 358561
packets transmitted 21
receive errors 0
packets dropped 35853

...

MP18 by Cyber Elite
  • 4126 Views
  • 4 replies
  • 0 Likes

Palo alto HTTPS decryption?

Hi all,

 

I am using PA-850. I configure to decrypt HTTPS, and use AD group policy to install certificates on client, it works well with AD users. but we have other situation that client is not AD users. do we have any ways to redirect client to the UR

...

Chivas by L2 Linker
  • 4513 Views
  • 6 replies
  • 0 Likes

Resolved! Wildcard certificate on PA firewalls

Hi Team,

 

I'm trying to create a CSR in Panorama in order to get a wildcard certificate from our third party CA.

 

In order platforms, I define as common name the format *.mydomain.com but in Palo Alto I'm getting an error: Failed to generate certificat

...

Stickied post for recommended versions?

Just wondering since this is a topic that comes up often and I actually just asked TAC about it myself, should we maybe have a stickied post on here that documents the recommended versions for each software track?  I realize Palo Alto doesn't publish

...

jsalmans by L4 Transporter
  • 2977 Views
  • 3 replies
  • 3 Likes

Resolved! Real time alerts for threats?

Is there such a thing with PAN?  IE if the logs generate a critical alert can is there some logic to fire an email or generate a report with the relevant information? 

drewdown by L4 Transporter
  • 6075 Views
  • 10 replies
  • 0 Likes

App id “Non-syn-tcp”

I see a lot of non- syn-tcp from from few specific zone. I am sure that there is no asymmetric routing. If that has to be the case how to determine exact causing factor.

Thanks

Sanssj by L2 Linker
  • 5421 Views
  • 3 replies
  • 0 Likes

Resolved! OSPF Inbound Route Filter

Hi,

I see in the admin guide that it is possible to filter the default route so that it is not learnt by the OSPF process.

Is there any way of applying a more granular filter so that I can restrict the Palo Alto OSPF process to only learn 10.0.0.0/8 ro

...

adevine by L1 Bithead
  • 8769 Views
  • 7 replies
  • 0 Likes

Resolved! Qos on application and class 1 and 4

I have created qos policy for application http-video and is defined in class 1

 

However when i run below commands

show session all filter application http-video qos-class 1

 

show session all filter application http-video qos-classs 4

 

I see the applicati

...

MP18 by Cyber Elite
  • 2441 Views
  • 3 replies
  • 0 Likes
  • 23680 Posts
  • 108 Subscriptions
Labels