General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 837 Views
  • 1 replies
  • 8 Likes

Zones

Is it possible to use DG layering to solve DaaS Zone issue??

1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’.
2. Assign Seattle DQT firewall to DG-AWS_DQA
3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it

...

kpotru by L1 Bithead
  • 1554 Views
  • 3 replies
  • 0 Likes

IPSec Tunnel from vsys1 to vsys2

Hello All,

 

I have a design issue to mull over, and one of the options is to look at having ipsec tunnels between vsys isntances on the same box.

 

So, I have vsys1 as my default vr, what I may need to do is turn up vsys2 and have certain traffic in vsy

...

Resolved! Configure IPSec between Palo Alto devices

We have two vpn Palo Alto devices.

One in our HQ departement and one in a remote location.

I need to setup an IPSec VPN tunnel between these sites with the Palo Alto devices but I never did this before.

On the Palo Alto website I found this article whic

...

ZEBIT by L3 Networker
  • 2455 Views
  • 4 replies
  • 0 Likes

Rule base documentation

PA Best practice says you should have your rules documented on the rules and some where other than your rule base. Anyone doing that? and if so how

jdprovine by L4 Transporter
  • 3143 Views
  • 15 replies
  • 0 Likes

Resolved! Redistributing Tunnel interface into OSPF no longer working

Hi,

I have a strange scenario here. To summarize, I had previously configured GlobalProtect on a Palo firewall and configured the Palo to redistribute that network range on the tunnel interface into OSPF. This worked without any problem.

 

Now, the IP a

...

Bocsa by L3 Networker
  • 2664 Views
  • 3 replies
  • 0 Likes

Monthly Graph Reports (Pie&Line Charts)

Hi,

we have to build monthly PDF reports with nice graphs like Pie&Line Charts  for the management. Unfortunately PDF summary reports are the only one which contain graphs (despite the ACC Widgets) and are generated only everyday. Is it possible to ge

...

Resolved! HA Sync with different Configuration

I have two firewalls previously on HA (Active-Passive mode). We had to shutdown the passive device due to some troubleshooting. Then we had to roll-back the config of the active PA.

 

Here's the current setup. (HA links not yet cabled)

Active PA - lower

...

User-ID Policy not being used

We have an agentless User-ID setup. Firewall is able to pull user accounts from the AD.

User-ID based policies were created on top of IP-Based policies.

 

However, some user traffic can be seen using the user-id based policies, some users can be seen us

...

Resolved! Subinterfaces and Policy based routing

Hi, so I've configured a new L3 subinterface on an existing L3 interface, both with IP addresses and I thought it was going to work. I've got a PBR rule in place on the previous hop, a HP switch, which diverts some traffic to this new subinterface. I

...

Library network PBR plan.jpg
2018-02-27_161058.jpg

GlobalProtect Certificate auth debug

could anyone please advise a good way via cli to debug certificate authentication.

 

I have followed most of the log files but cannot find one related to GP authentication.

 

many thanks in advance...

Mick_Ball by L7 Applicator
  • 1535 Views
  • 1 replies
  • 0 Likes

API - list just device groups in panorama

Hi All,

 

Does anyone has any idea on how to list just the name of device groups in panorama using the api

 

if i do the following path:

 

https://mypanorama/api/?type=config&action=get&key=<my key>/config/devices/entry[@name='localhost.localdomain']/devic

...

Harshit by L3 Networker
  • 1997 Views
  • 1 replies
  • 0 Likes
Top Solution Authors
Top Liked Authors