General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 923 Views
  • 1 replies
  • 8 Likes

Schedules expired

Hi Community

 

I see when the schedule policy has expired the rule continue as a enable rule but It doesn´t work because the rule has expired,

Can you tell me how I can find the expired schedules?, is it possible to configure somehow when the rule has e

...

ftrimino by L0 Member
  • 2222 Views
  • 3 replies
  • 0 Likes

High Available address unable to ping

Hi

 

So I have a active/active cluster.

I have a highly available ip 10.33.80.1 on vlan 80 I also have 10.32.80.1 on the same interface.

 

from 10.33.80.11 I can't ping 10.33.80.1, from 10.32.80.7 I can't ping 10.33.80.1.

 

10.33.80.1 is the dgw for 10.33.8

...

Blocking Bittorrent

Hi Everyone,

 

Is there a way to limit the sessions on bittorrent with Palo Alto ?

 

You can only enable a session limiter based on a service, but not on an application i think?

 

Anyone has some suggestions ?

 

Goal-> Limit bittorrent traffic. Users

...

Resolved! Source User Missing. Device has User Mappings.

I'm sure this is probably a rookie mistake, but I have to ask...

 

I've set up our Meraki access points to syslog to my PA500 firewall.  I'm successfully getting user-id to IP address mappings (I can see them in the output of "show user ip-user-mapping

...

Resolved! QoS: why is it capped at 1 Gbps?

Is it a physical limitation, or a software limitation?

 

The PA-3020 has gigabit ports, which can be combined into aggregate interfaces that support multi-gigabit combined throughput.  However, it you enable QoS on an aggregate interface, no matter how

...

fjwcash by L4 Transporter
  • 2789 Views
  • 2 replies
  • 0 Likes

Google Hangouts audio-video detecting as STUN

I am noticing an issue were clients are using Google Hangouts, but the APP-ID is detecting the session as STUN over UDP/TCP port 19302-19309, instead of the APP-ID signature of google-hangouts-audio-video.  Has anyone else noticed this behavior?

 

The

...

log snapshot.JPG

Resolved! Deleting Aggregate Interface

Good Morning,

 

can someone verify that the following command is correct for removing an aggregate-ethernet interface?

 

          delete network interface aggregate-ethernet ae1 layer3 units ae1.82

 

I am a litte leary of implementing this command due to

...

global protect multiple portal issue

We want to configure Portal level redundancy in Global protect .If we bind 2 IPs of 2 different location firewalls to our portal address then how does clinent interpret the DNS resolution .after how much time client will try on another system 

NIRAVK9 by L1 Bithead
  • 4590 Views
  • 13 replies
  • 0 Likes

ASK: GP with 2 network access

Hi All,

Anyone have tried to create 2 network access within PAN-GP on PANOS 6.1?

So, basically I want to create 2 PAN-GP Profile, one with split-tunnel, another one without split tunnel.

 

Already read some article, said that I'll need PAN-GP license and

...

Customer Account Personal Email

I bought a pa-220 for my own personal lab through my employer's pa vendor and I would prefer not to use my company email account just in case I were to leave my company. If that would happen, a year from now when my licenses expire, I won't be able t

...

Routing via PBF vs OSPF

I’m working on an implementation for about 15 branch offices where my organization is replacing an inconsistently-configured mix of SonicWALL and PA hardware with mostly PA-220’s. Each office has a Metro-Ethernet connection (100 Mbps at branches and

...

locampo by L2 Linker
  • 2161 Views
  • 3 replies
  • 0 Likes

Resolved! Forwarding Decisions in PANOS

Hey guys. Fairly new to PANOS and also coming from the perspective of having been a longtime IT generalist with a large interest in networking to finally having a role as a dedicated SEM network engineering role. Having said that, we recently encount

...

locampo by L2 Linker
  • 3947 Views
  • 5 replies
  • 0 Likes

I want know CPU resouse mesage

What is mean???

 

flow_lookup       flow_fastpath     flow_slowpath     flow_forwarding   flow_mgmt         flow_ctrl         nac_result       flow_np           dfa_result       module_internal   aho_result       zip_result       pktlog_forwardinglwm  ...

awawa100 by L2 Linker
  • 2071 Views
  • 2 replies
  • 0 Likes

Resolved! SSL Website won't load with decryption enabled

Hello.

 

One of my users was trying to go to:

 

https://mn.b3benchmarking.com/Launch

 

We have SSL forward proxy enabled.  If I exclude the site from decryption is comes up fine.  We are not using any decryption profiles.

 

Can anyone tell my why the sites w

...

dannon by L3 Networker
  • 3844 Views
  • 3 replies
  • 0 Likes
Top Solution Authors
Top Liked Authors