General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Strangeness with EDL - for Office 365

Hi I have minemeld mining O365 address for my PA's. Moved to the new API as well. I have a hybrid Exchange setup.I have moved some mailboxes up to the cloudWhat I have found recently is mail stops flowing I have a rule that basically say MS Public IPv4 to my beachhead port 25 smtp O365 attempts to talk to me and gets blocked.I check the src ad...

Resolved! DNS proxy not accepting tcp connections

Hi so my setup 5220vlan 20 ... my named dns server 10.43.20.100 and 10.43.20.102 ... dns1 and dns2on the pa on interface with vlan 20 10.43.20.1 I have configured dns proxy. works well for dns via udp but tcp doesn't workso tcpdump -pni eth0 host 10.43.20.1 and port 53 -c 20 & dig @10.43.20.1 _ldap._tcp.abcde.com SRV[1] 25943;; Truncated, re...

Passive Panorma - Shows Commit failed for few managed devices

We have M100 in active and Passive mode. On Active Panorma under managed devices I see commit succeded for all firewalls when i log into passive panorama it shows commit failed for few firewalls - template and shared policy? How can i fix the commit failed on passive M100?

MP18 by Cyber Elite
  • 1710 Views
  • 1 replies
  • 0 Likes

Resolved! Email Profile - Choosing Location as Shared or Vsys

I had configured the Template say Corp Under email profile I have selected the Location as vsys shared is not checked in. When i go to log settings then system then under email I do not see email profile which i created If i change the email profile location to shared then under log settings, system i can see the email profile name. Need t...

MP18 by Cyber Elite
  • 2789 Views
  • 2 replies
  • 0 Likes

Resolved! DNS Proxy with vwire

Question is it possible to create and use a dns proxy when in vwire mode. I would think that a vlan with an ip would need to be created in Interfaces- Vlan to facilitate this. Thought I would query to see if anyone had tried this. One issue that comes to mind is vwire layer 2, vlan with ip layer three probably will not work but I'm curiuos. Than...

icloud email receiving but not sending

I can see the traffic using smtp on port 587 but everything end tcp-fin. Tried turning off decryption to me.com. Traffic hit the rule that allows any traffic out for this particular user and they are also exempt already from decyrption. What should be the next troubleshooting step? Thanks

Resolved! Configuration changes not allowed on the passive Panorama--dynamic updates

Panorama M100 is in active and passive mode.Active PAnorama has latest app version.Each Panorama has separate connection to Internet for dynamic updates and they do not get syn. when on passive PA i click on download for app and threat version it gives error Configuration changes not allowed on the passive Panorama?

MP18 by Cyber Elite
  • 8411 Views
  • 3 replies
  • 0 Likes

Security Policy Granular to Address Group?

I have a group of computers that I want to apply a different security policy with a different Security Profile to. I have created 2 Security policies.The first policy = Internet Out allow any - Trusted Zone to Untrusted Zone with the default 'basic file blocking' Security profile.The second policy = Internet Out allow any - Trusted Zone with S...

catrock by L2 Linker
  • 3857 Views
  • 4 replies
  • 0 Likes

Resolved! Simple Explination of Share Levels

I have read all the documentation, and have a test environment for MineMeld, but I still cant work out what share levels are being used for.I was of the beleif that it was green=good (i.e. whitelist these) and red=bad (i.e. block these) however this doesnt seem to be the case in most the current prototypes.@lmori Said the following, but I am not...

Aggressive cleaning feature

Hi,I have a doubt regarding the aggressive disk cleaning feature introduced starting in PANOS 8.0.7. Details below.To enable aggressive cleaning:> debug software disk-usage aggressive-cleaning enableTo check if enabled (if enabled, this command will return output with True)> show system state | match aggressive-cleaningBut my doubt is, wha...

SSL_ERROR_NO_CYPHER_OVERLAP

All clients are intermittently seeing "SSL_ERROR_NO_CYPHER_OVERLAP" when browsing secure web pages. This began just about half an hour ago. Any Ideas?

Erro: Threat database Handler failed (Module: device) commit failed

Hi, i have to test the lab in eve-ng with palo alto 7.0.1 image and i can't commit to save the configuration as well as ip-address cannot set into this for management interface. Are we need to set the management ip address same EVE-ng ip address or same prefix range? How can i do the set ip address to reachability to internet? How can i fix thi...

IP error2.JPG
IP error.JPG
commit error.JPG

PA VM Interface Issue

Dear All, I setup test lab with vmware workstation. only ethernet1/1 interface is up. Others are down mode. I have attached screen also . Please advice me. Thanks,Lakshitha.

Resolved! expired dhcp leases PA-3020 8.0.7

Hi all,there is a dhcp server for a network with a lease time of 14 days. When I open the allocation, there are a lot of expired dhcp leases.Doesn't the firewall automatically delete them?

MPI-AE by L4 Transporter
  • 6296 Views
  • 6 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels