General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! GUI shows interface CLI shows Int not found

Web gui shows interface eth1/23 But cli show interface ethernet1/23Server error : Interface 'ethernet1/23' not found show system state | match capacfg.general.is-admin-login-saml-capable: Falsepeer.cfg.general.is-admin-login-saml-capable: Falsesys.s1.ha1.capability: [ auto, 10Mb/s-half, 10Mb/s-full, 100Mb/s-half, 100Mb/s-full, 1Gb/s-half, 1Gb/s-...

MP18 by Cyber Elite
  • 5177 Views
  • 4 replies
  • 0 Likes

Resolved! QoS statistics pop-up no longer shows a graph

Anyone come across a situation where the QoS Statistics pop-up dialog no longer shows a graph of traffic? With PanOS 6.x, this dialog worked great. With 7.1.x on the PA3020 it worked great. But With PanOS 7.1.21 on PA500 and PA200, I just get an empty gray area. Using Google Chrome 72 on Ubunutu Linux 18.04.

fjwcash by L4 Transporter
  • 3818 Views
  • 3 replies
  • 0 Likes

Evnet IDs descriptions

I am looking for a KB article or document which explains event IDs related to System logs. For e.g. Logs> System > type (general)- event ID (system-start). How many type of event IDs are in PAN firewalls system logs & their descriptions ?

Schedule Restart of Firewall

Is there any web/gui interface option to schedule a reboot/restart of a PA 3000 series firewall running 8.1.5? Any command line level option? We'd like to restart the firewalls middle of the night without IT being awake to do so. Mike

mlarish by L1 Bithead
  • 15106 Views
  • 3 replies
  • 1 Likes

sync panorama config to FW

Hello I have 2 FWs(HA pair) managed by panorama and I I followed below instruction and applied on 1 of them(the primary one) now cannot see any configs from panorama on the device.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfkCAC And now I've "enabled Device and Network Template" and "enabled Panorama policy and o...

qd_056 by L2 Linker
  • 3943 Views
  • 1 replies
  • 0 Likes

SSL Decryption

Hi guys,Nowadays I am playing with a PA-VM (no license) and decryption policy. Basically there are many articles and that explain how Decryption policy works and how to set it up. I have checked and double checked my setting and I cannot make facebook.com for instance work when I enable the Decryption. Here are the rules:Decryption RulesSecurit...

PaloForum-Decryption.JPG
PaloForum-Security.JPG

Resolved! User Credential Detection- False positive

What method is everyone using to handle false positives for credential phishing? Does everyone just create a custom URL category and drop in the sites where users use corporate email as their user ID?

Windows 10 Release Cycle and Global Protect Client

Hi All, I'm currently working in an environment which is trying to keep up with the latest Windows 10 release cycles with their Windows as a Service model which brings out releases every 6 months. We have found that with our AV products, our vendor has struggled to keep pace the Microsoft's development of Windows 10 and as a result we have had...

NQ1234 by L0 Member
  • 7396 Views
  • 3 replies
  • 0 Likes

Firewall migration, testing rules

Is there a way to test the rules on a new Palo alto vs the existing firewall it will be replacing without affecting traffic? Something like TAP mode but that can block traffic like an in production firewall?

gonzox98 by L0 Member
  • 2953 Views
  • 2 replies
  • 0 Likes

VPN site-2-site configuration and OSPF

Hello forum members, I have been testing the VPN site-2-site configurations on my Palo Alto VM lab, prior to deploying on our production environment. I have successfully set up a VPN connection where both firewalls use static routing. Trouble I'm having now is setting up the VPN connection where the 3rd party site uses static routing and my corp...

topology.PNG
interfaces.PNG
tunnel.PNG
VR.PNG
rchung54 by L2 Linker
  • 9446 Views
  • 10 replies
  • 0 Likes

Resolved! ping from vr

All, is there an easy way to designate a vr as aq source when pinging ? Like ping host a.b.c.d virtual-router myvr ?So far I only found a way to specify a source interface but the I need first look up a source interface in the specific VR. Any easier way ?

lafrank by L0 Member
  • 9600 Views
  • 5 replies
  • 0 Likes

A few questions

I am planning to install another vsys in the 7080 firewall my queries how many max vsys can be created for the 7080 firewall How may Site2Site tunnels it supports for each VsysHow many RAVPNs it supports for each VsysHow many connections it can handle for each Vsys ( in respective to RAM and CPU )\ is there any downtime required for creating t...

HemanthV by L2 Linker
  • 2379 Views
  • 1 replies
  • 0 Likes

Virtual Wire migration

Hi All.I am in a postion that we would like to migrate our current cconfiguration of multiple trunk 10g links supporting a vlan with subinterfaces and vsys's to virtual wire mode on the existing chassis, (i.e. 7050, or 5060). As I understand it, we would need at least 2 interfaces for each trunk for both sides of the vwire, and then have matchin...

dwmaas by L2 Linker
  • 3223 Views
  • 2 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels