General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Panorama templates for an Active/Passive setup?

I'm in the process of setting up our new firewalls. I went ahead and set up management on each of them, got them updated, got them paired up into Active/Passive, and am now following the Palo Alto 8.1 guide to migrate an HA config over to Panorama. I'm almost to the end but I have a question concerning the templates. The instructions say to d...

jsalmans by L4 Transporter
  • 3950 Views
  • 2 replies
  • 0 Likes

Resolved! 5250 HSCI port compatibility?

Greetings all, I should be getting our new 5250 firewalls in any day now and I'm trying to get my cable shopping list together so we can start working on our install process. I noticed the HSCI port for the A/S config uses a 40/100 port and, giving the units will be close together, I was thinking I'd like to get a twinax style cable instead of ...

jsalmans by L4 Transporter
  • 3892 Views
  • 1 replies
  • 0 Likes

Behaviour of VPN tunnels in HA pair during the failover

HiCan anyone please explain the behaviour of VPN tunnels during the failover on PAN.Does the ISAKMP and IPSEC SA table gets passed on to the standby unit ?Does the VPN tunnels will re-estalish the session again on the new active unit after the failover? what would be the downtime that the users will experience for vpn tunnels? Regards,

R_Sharma by L2 Linker
  • 11034 Views
  • 3 replies
  • 0 Likes

Resolved! different wildfire version

Hello, We have a couple of PA3020 but only one of them have different wildfire version as currently installed once we saw failed wirdfire update messages. Is it normal behaivior to have a different wildfire verison instllaed even though it is the same model? what could be the reasons of failing update? devsrv.log2018-12-27 14:18:172018-12-27 14...

Panorama Templates and default vsys settings?

What is the purpose/consequence of a having a template with a default vsys set to either : vsys1 or None -This is found under: panorama/templates/(specific template name)/Default VSYS/(option of vsys1 OR None) I'm finding that our firewalls with multiple vsys defined, have the setting to "None". On our global templates (templates used across mu...

Sec101 by L4 Transporter
  • 7485 Views
  • 1 replies
  • 1 Likes

What the heck is in /pancfg?

Hi all, I'm trying to figure out what is taking up all the space in the /opt/pancfg filesystem on my Panorama appliance. I've deleted all the old saved configurations and lowered the number of config audit versions from 100 to 50. (Each of these versions is about 500K.) I've taken a look at what anti-virus, wildfire, and content updates are s...

Resolved! Is there any command to modify tls response version for ssl decryption forward proxy

When a client's browser disabled TLS1.0 and connect to a website which is only support TLS1.0.Is there any way to let PA firewall response TLS1.0 to user? Because before we replaced our customer's firewall, their firewall was CheckPoint CP5800.In same situation CP5800 responsed TLS1.2 to clients, so they browse the website works fine, but now t...

OVA file

pa-vm-esx-8.0.ova I need to download the OVA file for training purposes. How do I go about getting a file?

File Blocking - No URL?

Hi I have various response pages configured to allow the user to click and send an email when hitting a blocked site. The URL one works fine - user clicks continue, new email pops up with the following placed in the email : URL and user name. For File blocking, I cannot get the URL to go in to the email, it's always the IP address instead that...

Url blocking

Hi guys, surely a stupid question, but cannot find out.PA (a 5060 couple), as seen in the screenshot, allows the connection but blocks the corrispective URL.How can I allow the URL too? Thanks

Threat_small.png
Shye80 by L1 Bithead
  • 2013 Views
  • 1 replies
  • 0 Likes

Resolved! difference between restart process and restart core process

1> debug software restart processauthd authentication processconfigd configd processlogd logd processmanagement-server Management server processmdb Mongo DBntp Restart and re-synchronize NTP servicereportd reportd processsnmpd snmp processuser-id User-ID processvld-0-0 VLD process for LD1vld-1-0 VLD process for LD2vld-10-0 VLD process for LD1...

MP18 by Cyber Elite
  • 10531 Views
  • 2 replies
  • 0 Likes

Configure VPN from Android Phone to Access VPN

Hello All, I am trying to configure my android phone to connect to palo alto vpn. I use IPSEC Xauth PSK as Type and the IPSEC identifier do i need to put the Group Name and Group password from X-auth support. Can someone confirm me this.

Denis by L2 Linker
  • 3749 Views
  • 1 replies
  • 0 Likes

Resolved! API + (new) zones

Hey all, i have started to work with the API and Postman lately in order help with making the setup process of new boxes a little easier & faster. While I have been able to get most of the basics done (Management IP, DNS, NTP, etc.) I am now struggling with creating new objects in the configuration through the API, starting with the zones th...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels