General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Panorama modular configuration

I had a few scenarios where we needed to push configuration from Panorama to different geographic locations where most of the configuration is common but small part might be different for each geographic location while the configuration is part of the same object. For example:I want to use Panorama to configure global protect gateway on multiple...

Internal Gateway Tunnel Mode

What are the implications of using Internal gateways in Tunnel mode? I have 3 Palos on-prem at my datacenters. I have 7 total locations connected via MPLS. I am thinking about using the Internal Gateways in Tunnel mode to prevent cross talk within subnets and force all communications to go through the firewalls. Thoughts?

Natting Palo Alto's Management Address?

Hello. I currently have the management interface on my PA configured with a IP address on my outside/untrusted network. I would like to change the management address to an IP on one of my inside/trusted networks. When I change my management address, how do I configure NAT for this new management address to allow access to outside for Panorama...

JoelGuy by L0 Member
  • 6677 Views
  • 6 replies
  • 0 Likes

Resolved! How to Deploy Scripts Using Msiexec

I want to know how to create a custom MSI or MSIEXEC script to install the VPN client and set up and run a log on script to map to network shares then remove the drives on diconnect... I am told it is possible but I cannot find any how to's on it. I have Orca and have edited the msi installer to include my portal information. and I have go as fa...

Fowarding to syslog- best practice

Currently we forward nearly all of the firewall's logs to our syslog server, but the amount of irrelevant minutiae is over-whelming the syslog server. Is there a best-practice for what information should be forwarded to syslog? I don't want to miss anything important but I ready want to eliminate the un-important. Thanks

fmurray by L1 Bithead
  • 4766 Views
  • 3 replies
  • 0 Likes

Resolved! How to determine link and transceiver status on AUX ports on a PA 5220 via CLI

I am trying to figure out how to determine the link and transceiver status on the AUX ports on a PA 5220, when used in HA1 mode. I know that via the CLI, you can determine the transceiver status with the following command, but I do NOT see the AUX ports listed: show system state filter sys.s1.p*.phy Is there another CLI command to show link and ...

Determine PanOS version from generated logs

I have one problem. I have a system where logs are coming from palo alto devices with different version of PanOS (v6.1, v7.1, v8.0 and v8.1). I want to identify which PanOS version is the system running by looking at the logs only. Can you please tell me how can I know it? Currently, I am counting the number of fields in the log. For example, TR...

gnikesh by L1 Bithead
  • 3785 Views
  • 2 replies
  • 0 Likes

Resolved! Radius protocol CHAP does not Work

We have RADIUS profile for users accessing the PA.Seems when we use CHAP as protocol it does not work. When i Use Auto in Protocol Radius Auth does work. Need to know what can be the reason for CHAP protocol not working?

MP18 by Cyber Elite
  • 3804 Views
  • 2 replies
  • 0 Likes

Error Enqueuing Export Job

Beginning approximately November 2018, we have been unable to successfully export a custom report into any format, always seeing a popup stating "Error enqueuing export job" after an extended wait period. Attempted same export in both FireFox and IE in standard and safe-mode for both with the same result. Chrome I have been told will successfu...

Captive portal for wi-fi guest users

Hello all!How must I configure the PA so that the guest users using wi-fi are redirected to the Captive Portal when accessing https without the need to install certs on the guest devices? Right now it's working for http sites, but not for https, in this case those users don't go though Captive Portal.Any suggestions? Thanks!

Block TLD and Security Profiles in Monitor and Log Details

I am working on blocking a TLD using a URL filter. I have multiple URL Filtering Profiles. I have the TLD block working, but the lack of security profile information in the Monitor tab view and detail logs makes it difficult to troubleshoot. Is there a way to display what security profile(s) are being hit? I understand these are tied to the rule...

mike406 by L2 Linker
  • 4458 Views
  • 5 replies
  • 0 Likes

Resolved! OSPF routing - Metric question

Hi,My setup is like below.e1/1 - To Internete1/2 - To MPLS WAN - Learns remote site routes via OSPF as type-2 external routes.e1/3 - Internal networkTunnel.x - One tunnel to each of the 9 remote sites.My network works fine and learns remote routes via WAN and Tunnel. However the tunnel routes are taking preference because they are learned as Oi ...

smunzani by Not applicable
  • 4870 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels