General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

App id “Non-syn-tcp”

I see a lot of non- syn-tcp from from few specific zone. I am sure that there is no asymmetric routing. If that has to be the case how to determine exact causing factor.Thanks

Sanssj by L2 Linker
  • 7365 Views
  • 3 replies
  • 0 Likes

Resolved! OSPF Inbound Route Filter

Hi,I see in the admin guide that it is possible to filter the default route so that it is not learnt by the OSPF process.Is there any way of applying a more granular filter so that I can restrict the Palo Alto OSPF process to only learn 10.0.0.0/8 routes? Similiar to an inbound Cisco distribute-list?Cheers

adevine by L1 Bithead
  • 10459 Views
  • 7 replies
  • 0 Likes

Resolved! Qos on application and class 1 and 4

I have created qos policy for application http-video and is defined in class 1 However when i run below commandsshow session all filter application http-video qos-class 1 show session all filter application http-video qos-classs 4 I see the application http-video on both? need to know why i see the application http video in the class 4?

MP18 by Cyber Elite
  • 3228 Views
  • 3 replies
  • 0 Likes

leaf and spine and security

Hi,In a spine and leaf ( vpc ) ,where we should place the firewall to protect the data center ? If we use layer 3 firewall all routing process will be shifted to the fw, spending huge amount on spine won't be beneficial ? Layer 3 or layer 2 recommended ?Thanks

sib2017 by L4 Transporter
  • 5164 Views
  • 1 replies
  • 1 Likes

Resolved! Global Protect - Linux Fedora , CA trusted cert error

Hi There,I'm having the same issue but not on self signed certificate and on linux ( Fedora 29) Global Protect is configured with the certificate signed by the Authorized CA.The Chain is:DigiCert Global Root CADigiCert SHA2 Secure Server CAServer certificate. It works perfect on Windows. On Linux, Fedora.I get the error Error: Gateway exgw: The ...

Resolved! qos traffic stats - regular traffic and default group

created qos for application and apply it to class 1 it is applied to the interface with 10Gig lan connection. traffic stats shows default group====regular traffic==40 --- assume does it mean that total traffic going via interface is 40? also default group traffic ==== regular traffic?? when i click on bandwidth tab on left hand side it shows ...

Capture1.PNG
MP18 by Cyber Elite
  • 6056 Views
  • 5 replies
  • 0 Likes

Global Protect Certificate

Hi I configured global protect, but when clients try to connect through the agent, they got "Gateway "name":The server certificate is invalid, please contact your IT administrator". For the configured certificates, I configured self-signed certificate as a certificate authority, and then configured Global-protect certificate signed by the create...

myasin by L2 Linker
  • 6032 Views
  • 3 replies
  • 0 Likes

Change Management IPs

Hi We have Panorama managing 6 PA FWs (3 HA Clusters). We want to change the management net of Panorama and Firewalls.Now logically we will change management IP of Panorama first. Then the Firewalls will lose connectivity and probably logs will be lost. So is there any best practice guide for this process?What all should be taken into considerat...

PA-200 HA Sync

Hi,I have a message when I attempt to run a commit: "The running configuration is not currently synchronized to the HA peer, and therefore, this commit will only be applied to the local device.Please synchronize the peers by going to the dashboard and clicking on 'Sync to peer' on the High Availability widget.The following component(s) are misma...

sync.jpg
s_quasar by L3 Networker
  • 7488 Views
  • 15 replies
  • 0 Likes

FQDN refresh problems

Hell guys,We have a problem that the FQDN refresh fails nearly everytime. What I mean with "nearly" everytime is, that there are periods in which the FQDN refresh is running smoothly, and then suddenly it fails again.Example: A few days ago the FQDN refresh failed for the 365th time. We then disabled the DNS Proxy because there was something in ...

Resolved! user if agent and switching between ids

we have configured rules with group mapping using LDAP.We have one user where he switch between user ids and when he trieds to login to server with user id not allowed in list he getsdenied. should he log off and log on as best practice when he switch between user ids?

MP18 by Cyber Elite
  • 4391 Views
  • 5 replies
  • 0 Likes

8.1.4 CP Normalizing

All of our users who auth over CP are now normalizing as 'domain.com\user' although we need them to be [email protected]. The authentication profile they go through has the %USERINPUT%@%USERDOMAIN% modifier. Domain is filled in & login attribute is 'userPrincipalName'. All users who are gettng mapped through AD instead of CP are showing corre...

Resolved! Minemeld Proxy error

Hi, I've setup Minemeld to use the corporate proxies based on this thread and I'm still getting this error: "ConnectTimeout: HTTPSConnectionPool(host='www.dshield.org', port=443): Max retries exceeded with url: /block.txt (Caused by ConnectTimeoutError(<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f2bee031f10>,...

otlaP5 by L0 Member
  • 5957 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama Managed collectors - Default and M500 Log collector

We have Panorama M100 in Panorama Mode.They are in HA pair. Also we have 2 M500 as dedicated log collector mode. Under Panorama managed collectors I see default is also checked along with 2 dedicated log collectors. Need to know why default option is checked along with M500?

Capture1.PNG
MP18 by Cyber Elite
  • 3938 Views
  • 6 replies
  • 0 Likes
  • 24394 Posts
  • 123 Subscriptions
Top Solution Authors
Labels