General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Tunnel monitoring using internal src to external dst?

Is it possible to monitor VPN tunnels using an internal source IP on my tunnel interface and the external IP of the other system? I won't always have control/access to the other side of the tunnel, I may only know the local subnet(s) and the external IP.

mike406 by L2 Linker
  • 5188 Views
  • 6 replies
  • 0 Likes

IPsec tunnel Failover between Two PA

I've two Palo Alto firewalls, PA-500 and PA-820.My PA-500 is having 2 ISPs, so I've configured Tunnel monitoring as Failover on it. I think I've configured everything at right place on PA-500 which have 2 ISPs.I'm not sure with the configuration at other end at PA-820 as my destination subnet is same, how should I configure same destination to g...

Pune_IT by L0 Member
  • 5038 Views
  • 6 replies
  • 0 Likes

dp-monitor.log entry meanings?

We are running 8.1.4 on a pair of 820's, and having been having some issues with certain traffic. After some help and digging, we are seeing random hits an (entry below) for the Max % utilization for 100% in one part of the file, but NOT on show running resource monitor OR SNMP. The Avg hovers around 4-20%. When I watch the GUI, or Pan(w)achrome...

Sec101 by L4 Transporter
  • 6519 Views
  • 3 replies
  • 0 Likes

Google Snake game

We have students in our academy playing the Google snake game, obviously this is really a classroom mamangement issue.But we do have students in isolation and when Cover teachers that are unfamiliar with our monitoring software.Is there a way we can block this game on Internet Explorer and Chrome ?

Resolved! IKE1 tunnel up without interesting traffic

i have configured the ike1 tunnel with ASA.Right now there is no interesting traffic passing. i initiated the traffic via cli to test the tunnel i see on gui under status - tunnel info and ike info both are green also i see tunnel interface is green need to know how long phase 1 and 2 and tunnel interface will remain up without interesting tra...

MP18 by Cyber Elite
  • 5492 Views
  • 3 replies
  • 0 Likes

Resolved! PAN-OS 9.0?

Is there a list of features somewhere that PAN-OS 9.0 is supposed to support?Rumor is that 9 will support true HA in Azure with session persistance, but cant find anytihng on it, and curious how that will function with Azures lack of L2 support.

Muldov by L1 Bithead
  • 3553 Views
  • 3 replies
  • 0 Likes

Resolved! Which IP address should I use for IPSec tunnel monitoring

Hello, I made an IPSec Tunnel with Fortinet device, and it has some issue. So I want to set tunnel monitoring for the tunnel, but I'm confused about the destination IP. I set my tunnel interface ip(192.168.88.1/24), but at fortigate, it's not set. I got one IP addr of remote end(I guess it's loopback of forti device) Can I use that IP as destina...

yhlee1 by L2 Linker
  • 5059 Views
  • 2 replies
  • 0 Likes

Global Protect Dropouts

Hi, I keep getting dropouts, from global protect. It will say connected but I'm not able to remote to other machines that I know are on the network and then will disconnect and re-connect for some unknown reason like every minute or so. I looked through the logs but can't really figure out what is going on. Any nudge in the right direction w...

Capture.PNG

Resolved! 8.0 HA Failover and IPSec VPNs

I am getting ready to do a failover test. Runnig a pair of PA-5220s in HA Active/Passive. I see posts asking about what happens with IPSec VPN connections, but they are a few years old. Just want to confirm that with 8.0 the failover is still seamless and should not affect IPSec VPNs...?

mike406 by L2 Linker
  • 3030 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect Initial configuration

How are people configuring their PAN for clients to grab the inital GP configuration? Currently, the laptops are being imaged with Windows 10 and automatically connect to our internal network via certificate based authentication. GP is set to automatically attempt to connect to our outside interface. Once that is done, it grabs the configuration...

meischc by L1 Bithead
  • 6309 Views
  • 8 replies
  • 0 Likes

admin auth

Any plans to allow various external authentication support (AD, SAML, etc)?

jchitsaz by L1 Bithead
  • 8298 Views
  • 5 replies
  • 1 Likes

Automatization of Minemeld with API

Hi, Im trying to create node using "autofocus.sampleMiner" proto using API. When I try to get existing node config I get the following answer when I run /config/node/N HTTP/2 200server: nginx/1.11.3date: Wed, 02 Jan 2019 12:19:16 GMTcontent-type: application/jsoncontent-length: 227expires: Wed, 02 Jan 2019 12:19:15 GMTcache-control: no-cac...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels