General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! AWS Multi-VPN Tunnel with Palo Alto NGFW - Flow Issue

My PA NGFW managed to setup VPN tunnels with AWS VGW. AWS given 2 sets of VGW where each of the VGW comes with 2 links that will connect to NGFW 2 ISP link respectively with different set of public IP Address.. Below are the setup flow:NGFW ISP1 -> AWS Tunnel1 (vgw1)NGFW ISP1 -> AWS Tunnel2 (vgw1)NGFW ISP2 -> AWS Tunnel3 (vgw2)NGFW ISP3...

Resolved! Migrate config from Panorama template to local device

Just getting my head around the ins and outs of Palos, and some initial lab setup we had leveraged a couple of PA-220s and a virtual instance of Panorama. Using that config, I'm building a standalone PA-220 and want to recycle the bulk of the config from what I'd tested with, however, importing that is shown as the config from Panorama, which w...

cdawson by L0 Member
  • 3767 Views
  • 2 replies
  • 0 Likes

Resolved! URL filtering action preference when a same URL is included in 2 different custom categories.

Hi All, What action would URL filtering prefer if the same URLs are placed in 2 different custom categories with different actions in a profile. Example custom_URL_category_1 = *.somesite.comcustom_URL_category_2 = *.somesite.com On the URL filtering profile custom_URL_category_1 = alertcustom_URL_category_2 = block which one would take preferen...

CRL revocation traffic identified as ms-update

Is this an expected behaviour? We where somewhat surprised that the application included this traffic. It includes all SSL CRL traffic (like establishing remote desktop or visiting websites), independent if its related to Windows Update.

Resolved! PA220 as a router?

Hi,We are planning to have paloalto PA220 firewall in our new sites and instead of purchasing new cisco routers (ISR 4000 series), we will just use the PA220 as a router.Our link is via ipvpn (not IPSec) with GRE tunneling. And we will be using EIGRP as routing protocol.Is this a good move? or not? Appreciate your advise. Cheers! Ben

bentot by L0 Member
  • 4249 Views
  • 2 replies
  • 0 Likes

IPSEC VPN IKE Phase 1 Goes down after couple of hours

Hi Guys, Got a quick query. We have implemetmented new pa 3050 firewall in our perimeter. Two IPSEC vpns configured and working fine. We notice, after couple of hours, the Status of first led goes red. but, the second status led stays green. During this time remote end complained that they cannot transfer file. Once we issue the following comman...

irshad.n by L1 Bithead
  • 6030 Views
  • 3 replies
  • 0 Likes

Decryption with Wildcard SSL-certificate?

Does Palo Alto support decryption with Wildcard SSL-cert?Ref.:In order to determine if a connection needs to be decrypted or not, the firewall relies on the (CN) common name configured within the certificate and compares that to the security policy. ( https://live.paloaltonetworks.com/t5/Management-Articles/SSL-Decryption-Rules-Not-Matching-FQDN...

pivvre by L2 Linker
  • 12571 Views
  • 12 replies
  • 0 Likes

Global Protect Auto Start

We are looking into adding Global Protect as part of our deployment of newly reimaged computers. Within my company's work environment, we want Global Protect to start up only when the user clicks on the shortcut icon for the application. We do not want to have it auto start upon restarting the computer. Is there a way to disable this feature so ...

Resolved! Security Policy - with Service\URL category configuration

I have a Security policy rule configured as below1.source and destination any2. User - any3. Application - Any4. Service ports open for http5. Url category allowing access to custom created URL category in which only search engines google and bing's URL is defined6. Action - Allow7. Profile - NillNote that the URL category is configured in Servi...

krdeepu by L0 Member
  • 5287 Views
  • 1 replies
  • 0 Likes

name that security profile

I am looking for a more descriptive name for my security profile ? I have vulnerablity protection, anit-virus, anti-spyware and wildfire included on the profile that I have added to a majority of my rule. currently it is name All PE alert

jdprovine by L4 Transporter
  • 5686 Views
  • 13 replies
  • 0 Likes

Force what Global Protect Portal to use

Hello, Our users will have 2 Global Protect Portals to choose from. The users sometimes log in to windows with a smart-card and sometimes with a normal AD-account (Username and password). Not sure if it's possible but can we force what portal they connect to based on what account they log in on? Theres one portal for smart-card users and one fo...

xen-pv by L1 Bithead
  • 3297 Views
  • 4 replies
  • 0 Likes

Probably a strange question...but Linksys RV082 and PA VPN tunnel anyone?

HI Been trying to get a VPN tunnel working between a Linksys Rv082 and Palo Alto. (dont ask...) But no luck in the testing, i based my PA config on the Linksys Rv082 settings, wich i got from the person that is on the other end, but so far - no success. Anybody tried this before ?I would appreciate any experiance or pointers. i provided a link...

Resolved! Captive Portal errors

Hello Early today the captive portal stopped working and UserID didn't get any user mappings. Users couldn't be able to login by SSO or captive portal. After some investigation, we restarted the l3-service and it come back working. The l3svc_ngx_error.log show us this errors: Error: pan_parse_bc_params(panos_addons/pan_l3svc_utils.c:2294): inval...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels