General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Upgrade PanOS on PA-220-OSS

For an upgrade of our small branch offices we have ordered 11 PA-220's and 11 PA-220 On-Site Spares. Before we send them around the globe, the planning was to upgrade all the devices to the latest software version (8.0.4).The PA-220's didn't have any problems after we registred them in the portal. Before with our PA-200-OSS devices it was possib...

mtijhoff by L1 Bithead
  • 4309 Views
  • 4 replies
  • 0 Likes

Resolved! HA Pair Dashboard Resource Information Widget Session Count

I have a pair of PA-4020's in HA active/passive. I just did a commit (which went fine, except the synchronization failed and I had to push the config to the passive peer). I then looked at the passive and the information in the Resource Information widget on the Dashboard is a little suspicious. Again, this is immediately after a successful c...

bhelman by L2 Linker
  • 7012 Views
  • 6 replies
  • 0 Likes

Ipsec proxy Tunnel issue with multiple tunnels

HI Team, I have configure Ipsec between PA and Cisco ASA, IPSEC is up but not traffic is passing. During the troubleshooting I have found for the proxy ID's configure in palo alto for some of the proxy id's only encapulation packet paloalto is sending and there is no decapusulation packet increasing for the proxy tunnel. But in the same Ipsec t...

Aruba Wireless Authentication User-IP Mapping Question

Hi, I have an Aruba Instant Cluster with an SSID set up to user a radius server to authenticate users. The cluster controller is configured to send syslog data to a Paloalto User Agent running on a Windows server. I've had this set up for a time but am now moving in to a updated OS (Windows 2016) and updated UA (8.0.10-7). My question revolves a...

Dan by L1 Bithead
  • 13665 Views
  • 9 replies
  • 0 Likes

Resolved! custom groups using ldap-filter/query to use with GlobalProtect

Hello. I'm currently working on a setup involving Global protect for teleworking. the company has users who are allowed to connect remotely with their id, and users who aren't. the decision for this is based on a user-attribute: msNPAllowDialin (of type boolean)-->if set to allow --> useer should be able to logon to GP portal/gatewayif se...

System disk space issue on PA 5050

PA 5050s on PAN OS 7.1.7 in HA pair active/passive mode always have high systme disk space issue. this is output from active one- ========show system disk-spaceFilesystem Size Used Avail Use% Mounted on/dev/md2 3.8G 3.4G 269M 93% //dev/md5 7.6G 2.9G 4.4G 40% /opt/pancfg/dev/md6 3.8G 1.9G 1.7G 54% /opt/panrepotmpfs 2.0G 116M 1.9G 6% /dev/shmc...

Processes

Good morning!. I have a question about processes. Somebody know what is process "fpp_dp"? because I see that this process is consuming too much CPU What about this process?fpp_dp1,fpp_dp2, etc... Regards

Resolved! PA 3020 boot error

when i reboot this PA 3020 i see below on console Starting pan_hardserver: [ OK ]Starting pan_lunasa: mv: cannot create regular file `/opt/pancfg/hsm/export/': Is a directory 019-01-18 11:41:10.109 -0800 Error: sysd_construct_sync_importer(sysd_sync.c:328): sysd_sync_register() failed: (111) Unknown error code2019-01-18 11:41:11.113 -0800 Error:...

MP18 by Cyber Elite
  • 14821 Views
  • 6 replies
  • 0 Likes

PAN HA Pair Shows Antivirus Mismatch But Are Correct On Device Page

Totally new to PAN...So I upgraded a pair of PA500s in HA to 7.1.17, and since then (I believe) the dashboard on each shows Antivirus Mismatch. When I fly over the "Antivirus Mismatch on either's dashboard, both show the active PAN as having the older version). However, on the DEVICE> Dynamic Updates tab both devices show 2861-3371 downloade...

PAN-OS Manual Upgrade

Hi All, I were tried to upgrade the PA-850 from PAN-OS 8.0.7 to PAN-OS 8.1.0. I have uploaded the image but it didn't list the image. Any input on this ??

gpsriram by L1 Bithead
  • 2537 Views
  • 2 replies
  • 0 Likes

Resolved! override traffic packet capture

Hi, all I have questions about Application Override traffic packet capture. Q1. when i enable App override, Overridden traffic is offloaded without reaching Dataplane. is it correct? Q2. Overridden Initial packet such as UDP when session setup is offloaded? Q3. I think any traffic that is offloaded can't do packet capture without disable hardwar...

hbshin by L2 Linker
  • 3449 Views
  • 1 replies
  • 0 Likes

Recommended PAN OS 8.1.3 or 8.1.4 ??

Hi All, What will be the recommended PAN OS for Perimeter firewall ?? 8.1.3 or 8.14 . I got the update from support team as 8.1.3 is not a stable but initially it was suggested by SC. Thanks in Advance

gpsriram by L1 Bithead
  • 2560 Views
  • 2 replies
  • 0 Likes

Panorama/Firewall performance

Historically, for a LONG time, we have created an object for every IP address and every port (for port based rules). Over the years, this has lead to our config being HUGE. Last tech support file from Panorama is 85MB. With thousands and thousands of objects, my opinion is that's contributing to the performance issues we see; the fact that al...

Resolved! Install MineMeld behind the proxy server

Having issue to install the MM behind the proxy, the IP address of MM is whitelisted for any proto/url in the proxy configure.While the installation is started thru the command sudo apt-get install minemeld I do see the requests from MM is comming to the proxy and the process of the install seems like goes well enought until at some points it f...

ust_lynt by L0 Member
  • 7624 Views
  • 2 replies
  • 0 Likes

Resolved! Question about url filtering response page

we have configured url filtering where certain categories are blocked and user get the response page.but under networkinterface management profile the response page is unchecked need to know how without checking the response page users are getting response page that certain site is blocked?

MP18 by Cyber Elite
  • 3498 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels