This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 416 Views
  • 0 replies
  • 2 Likes

Resolved! Qos on application and class 1 and 4

I have created qos policy for application http-video and is defined in class 1

 

However when i run below commands

show session all filter application http-video qos-class 1

 

show session all filter application http-video qos-classs 4

 

I see the applicati

...

MP18 by Cyber Elite
  • 2459 Views
  • 3 replies
  • 0 Likes

leaf and spine and security

Hi,

In a spine and leaf ( vpc ) ,where we should place the firewall  to protect the data center ? 

If  we use layer 3 firewall  all routing  process will be shifted to the fw, spending huge amount on spine won't be beneficial ? 

Layer 3 or layer 2  reco

...

sib2017 by L4 Transporter
  • 4048 Views
  • 1 replies
  • 1 Likes

Route & Path Selection

I have a Cisco backround & I am currently studying Virtual Routers & Static Routes in the PA 8.0 admin guide.  I am trying to understand how Metrics are used in the firewall because it sounds like Administrative Distance does the same thing.  Can som

...

Resolved! Global Protect - Linux Fedora , CA trusted cert error

Hi There,

I'm having the same issue but not on self signed certificate and on linux ( Fedora 29) 

Global Protect is configured with the certificate signed by the Authorized CA.

The Chain is:

DigiCert Global Root CA
DigiCert SHA2 Secure Server CA

Server cer

...

Resolved! qos traffic stats - regular traffic and default group

created qos for application and apply it to class 1

 

it is applied to the interface with 10Gig lan connection.

 

traffic stats shows default group====regular traffic==40 --- assume 

 

does it mean that total traffic going via interface is  40?

 

also defaul

...

Capture1.PNG
MP18 by Cyber Elite
  • 4868 Views
  • 5 replies
  • 0 Likes

Global Protect Certificate

Hi

 

I configured global protect, but when clients try to connect through the agent, they got "Gateway "name":The server certificate is invalid, please contact your IT administrator".

 

For the configured certificates, I configured self-signed certificat

...

myasin by L2 Linker
  • 4863 Views
  • 3 replies
  • 0 Likes

Change Management IPs

Hi

 

We have Panorama managing 6 PA FWs (3 HA Clusters). We want to change the management net of Panorama and Firewalls.

Now logically we will change management IP of Panorama first. Then the Firewalls will lose connectivity and probably logs will be lo

...

PA-200 HA Sync

Hi,

I have a message when I attempt to run a commit:

 

"The running configuration is not currently synchronized to the HA peer, and therefore, this commit will only be applied to the local device.

Please synchronize the peers by going to the dashboard an

...

sync.jpg
s_quasar by L3 Networker
  • 5128 Views
  • 15 replies
  • 0 Likes

FQDN refresh problems

Hell guys,

We have a problem that the FQDN refresh fails nearly everytime. What I mean with "nearly" everytime is, that there are periods in which the FQDN refresh is running smoothly, and then suddenly it fails again.

Example: A few days ago the FQDN

...

Resolved! user if agent and switching between ids

we have configured rules with group mapping using LDAP.

We have one user where he switch between user ids and when he trieds to login to server with user id not allowed in list he gets

denied.

 

should he log off and log on as best practice when he switc

...

MP18 by Cyber Elite
  • 3260 Views
  • 5 replies
  • 0 Likes

8.1.4 CP Normalizing

All of our users who auth over CP are now normalizing as 'domain.com\user' although we need them to be user@domain.com.

 

The authentication profile they go through has the %USERINPUT%@%USERDOMAIN% modifier.  Domain is filled in & login attribute is 'u

...

Resolved! Minemeld Proxy error

Hi,

 

I've setup Minemeld to use the corporate proxies based on this thread and I'm still getting this error:

 

"ConnectTimeout: HTTPSConnectionPool(host='www.dshield.org', port=443): Max retries exceeded with url: /block.txt (Caused by ConnectTimeoutErr

...

otlaP5 by L0 Member
  • 5001 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama Managed collectors - Default and M500 Log collector

We have Panorama M100 in Panorama Mode.

They are in HA pair.

 

Also we have 2 M500 as dedicated log collector mode.

 

Under Panorama managed collectors  I see default is also checked along with 2 dedicated log collectors.

 

Need to know why default option i

...

Capture1.PNG
MP18 by Cyber Elite
  • 2840 Views
  • 6 replies
  • 0 Likes

Resolved! Split tunnel VPN inclusion rule - traffic dropped

Hello Community,

I need to allow traffic to come down the VPN tunnel rather than the Split Tunnel.
I have addred a VPN tunnel inclusion rule on the GlobalProtect Gateways as described in this article:


https://www.paloaltonetworks.com/documentation/80/pa

...

000000 by L1 Bithead
  • 2046 Views
  • 2 replies
  • 0 Likes
  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks