General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

"Install media mount failed" when trying to create bootstrap USB

I am attempting to create a bootstrap USB on a PA-200. The Palo site provides pretty good procedure documentation, but not much for troubleshooting. I have managed to create the bootstrap.tar.gz file and upload it to a PA-200 running Pan-OS 8.0.3. I have tried 4 different brands/models of USB sticks, but when running the create bootstrap process...

GlobalProtect - Windows 7 Issue

The company I worked for observed an unusual error today with just Windows 7 users of GlobalProtectWindows 10 & Macos users were unaffected. We use okta verification to allow authentication btw In a nutshell, did some testing in virtual machines running latest patched version of Windows 7 and Windows 10All windows clients were able to connec...

capita.png
Windows 7 2018-09-13 16-01-38.png
Windows 10 2018-09-13 16-08-02.png
carterg by L2 Linker
  • 11752 Views
  • 3 replies
  • 0 Likes

Resolved! CDR report

Did anyone receive a threat report from palo alto and hushly? "Here is your Palo Alto Networks - 2018 Cyberthreat Defense Report you requested"

jdprovine by L4 Transporter
  • 3064 Views
  • 2 replies
  • 0 Likes

Resolved! Traffic Reports Bytes Field Empty

This probably has a very obvious answer, but google searches for the solution wound up showing me irrelevant pages...probably my fault as well. I am running various traffic reports, and all of them lack value in the bytes field. Any idea what is wrong?

2018-10-03 07_52_18.png
colesch by L2 Linker
  • 4146 Views
  • 4 replies
  • 0 Likes

Panorama - Commit getting stuck at 0%

I have got PAs in two DC, each DC have PA in active-passive unit, when I commit to one of the pairs in one of the DC, the committ is stuck at 0%. I see the Panorama is connected to "Passive" FW instead of the active FW , could be the reason why the commit is stuck at 0%.Does the Panorama have to be connected to the active unit for the commit to ...

Resolved! MineMeld can not get O 365 JSON format list

Hello [Failure event]In the case of O365 's xml format, when MineMeld received traffic after ClientHello, I got a list but if I set config for JSON support I can not get a list. [Prerequisites]MineMeld will go through Paloalto and do Internet communication. [Question]I think that the packet flow that can be checked with Paloalto is incorre...

OSPF, VPN, routing and distribution

I'm trying to solve a routing conundrum to improve a remote site and provide redundancy, and hoping others may have some solutions. The short version is that we have the remote site with basic commodity internet using VPN to connect back to two datacenters. The datacenters in turn have direct links to each other, and all are running OSPF. The is...

PAN OSPF.PNG

Resolved! 802.1x wired authenicaton with MS CA and paloalto

Dear Sir,I am beginner in 802.1x authenication and paloalto.So please help explained and guide.I want to use 802.1x with MS CA.Can i use paloalto firewall as a policy enforcer for 802.1x authenication ?can use PA as a radius server for user log and mornitor ?

crypto by L2 Linker
  • 5603 Views
  • 1 replies
  • 0 Likes

Authtenticate non web services such as Telnet/FTP without Global Client

Migrating a Cisco fw to a Palo Alto and the Cisco has the ability to authenticate users to external Radius for FTP transfers based upon policy rules - the end user simply gets a user name and pass prompt which works across all platforms and can be scripted for automation. I know the Palo Alto has the ability to auth requests that are web based ...

Juan_R by L0 Member
  • 3215 Views
  • 2 replies
  • 0 Likes

Resolved! MFA "SSL Connect Error"

I am testing Multi Factor Authentication with Okta. I have configured everything (including certificate profile) as per the guide as well as Okta specific YouTube video, The first factor (active directory auth) is working fine, however, I am getting "SSL Connect Error" in the authentication logs. I could see the 443 connections going to Okta. Ho...

Arris (AT&T Fiber) to PA-220

All, I have an Arris (BGW210-700) set up as 192.168.2/24 (DHCPed) and have successfully configured the IP Passthrough to the PA-220. However, I am unable to get outbound from the PA-220. Has anyone run across this? I have the Arris going into 1/1 (as WAN), and then providing internal routing / DHCP, etc. This was working when I had Frontier / V...

ckg1999 by L1 Bithead
  • 3382 Views
  • 2 replies
  • 0 Likes

Resolved! Allow internet only after HIP fail

We are looking to configure the firewall rules where if a known user fails the HIP check, the user has access to only the internet, and not the intranet. I currently have the rules configured such that failing the HIP check allows the user to access to both the internet and the intranet. We tried blocking RFC1918 in the destination address field...

mikembau by L0 Member
  • 2490 Views
  • 1 replies
  • 0 Likes

Pan-configurator predefined.xml

Hello, I am using Pan-configurator to create some scripts, and i am wondering how to update predefined.xml file. Can we update this file manually or automatically? Kind regards.

Resolved! Hardware Requirements to PA - 5050

Hi, i need Hardware Capabilities ( type of Cable, Chassis Height , Data Ports , managment ports ... ) of Palo alto PA-5050 to install in Data center of our customer in cluster with two WLC. Thanks,

RosVerde by L0 Member
  • 3125 Views
  • 2 replies
  • 0 Likes

IP pool problem

Hello,I have an IP pool for GP users and IP are no being clearing when users disconnect the VPN, to clear this IPs we have to reboot the FW,Is there other way to clear this addres ? this must be cleared automatically after disconnect? Regards

Marivi by L2 Linker
  • 7210 Views
  • 9 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels