General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 321 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3677 Views
  • 2 replies
  • 14 Likes

Resolved! MineMeld install error bower install

Hi all,

 

I have installed successfully minemeld on a test Ubuntu 16.04.

I try to do the same now in production and get an error on bower install :

fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["bower", "install", "--allow-root"], "delta":

...

User Acitivity Reports - Denied Traffic

Afaik the User Activity Reports only show allowed traffic from the users. I am trying to find the URL from an IP, which I can see the user have been trying to visit, but got denied.

Is there anyway to do so?

 

The IP is a service from Amazon, and theref

...

Unable to block Skype

Testing target is Skype which came with Windows 10.

Use the method in the link below and was work (for 1-2 days)

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Block-Skype/ta-p/52103

 

Then 1 day suddenly found that it not working any

...

jeremylo by L3 Networker
  • 1581 Views
  • 1 replies
  • 0 Likes

Always-ON VPN in the internal network.

Hello,

 

I am looking to configure an always-on VPN with full tunnel access and enable"Enforce Global protect for Network access".

This basically means that users have to connect GP portal to access network when logging in to their machine when off-prem

...

Resolved! Cannot ping INTO mgmt interface, but can ping out?

Did something the other day and now i cannot ping/https/ssh to the firewall on its management interface, even though from the firewall i can ping out.

 

I dont think this is a routing issue as i can do it the other way(out of the device), and the devic

...

welly_59 by L3 Networker
  • 10369 Views
  • 13 replies
  • 0 Likes

OCSP unknown status

Hi team,

 

I am configuring Firewall as CA and local OCSP responder to use in GP VPN with client cert authen.

However, all the client cert that I generated from the Firewall got "unknown" status in OCSP. So I client cannot authentiate by this cert.

 

Can

...

Packet Dropped

Hi Team,

 

Need your help.

While running global counter I can see continously packets are gettignn dropped with below error.

 

a609598@paf-ld6-mvs-01-01(active)> show counter global filter packet-filter yes delta yes severity drop

Global counters:
Elapsed t

...

IPsec packet drop , once the ecmp is enabled

Hi Team 

 

we are facing packet drop issue on ipsec traffic once the ecmp is enabled . 

we have two ISP and wish to balance the traffic and using balanced round robbin for the same , once this is enabled ipsec packet drop occurs and if we disable ecmp e

...

Rameshwar by L3 Networker
  • 4651 Views
  • 12 replies
  • 0 Likes

Active/passive HA on PA5020

I am using this link https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-High-Availability-on-PAN-OS/ta-p/54086 to try to configure active/standby HA on my 5020 and I am confused about the ports (control links (CL) ha1, CL ha

...

Capture.JPG
jac101 by L2 Linker
  • 2040 Views
  • 3 replies
  • 0 Likes

PANOS 8.1.2 RADIUS / IPv6

Hi,

Since upgrade to PANOS 8.1.2 RADIUS (for firewall administration) tries to connect to the IPv6 address of the Microsoft NPS server:

 

2018-07-10 09:33:14.305 +1200 debug: pan_make_radius_request_buf(pan_authd_radius_prot.c:384): RADIUS request type:

...

SARowe_NZ by L3 Networker
  • 1504 Views
  • 0 replies
  • 0 Likes
  • 24192 Posts
  • 100 Subscriptions
Top Liked Authors
Labels