General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Aruba AP Tunnel Problem

Hello, I'm having problems with Aruba AP connection through a FW. I got my APs in the inside zone, and the controller is in a DMZ. Previously I had a security rule that allowed aruba-papi and syslog app and the AP connected to the controller without any problems. But After I updated the firewall to 7.1 (now 7.1.19) the rule has not been working ...

gmunoz by L1 Bithead
  • 9260 Views
  • 3 replies
  • 0 Likes

Youtube working from - youtube application in phone

Hi Team as per the requirement youtube needs to be blocked , we have blocked youtube with applcation , url category and it is blocked on browser. but when customer accessing the youtube application it is not getting block even though it is hitting the deny policy . we have tried decrytion as well but no luck . Any suggestions ?

Rameshwar by L3 Networker
  • 2441 Views
  • 1 replies
  • 0 Likes

inbound ssl decrypt and iphone

Hi Seems like I am having issues with iphones and inbound ssl decrypt with 8.0.12 any one else having this issue. seems like 0-200k of data is okay, after that ... dies in the arseA

Trigger/logs DoS policy

Hello, We would like to be notified when there is a high number of requests to our servers, and even to control them in time. Aside to be able to see an event in the logs (as it is the case with the flood in the sessions) The configuration we are looking for does not require (and should not) limit the number of concurrent connections. We should...

BigPalo by L4 Transporter
  • 3588 Views
  • 2 replies
  • 0 Likes

Can't Update License from License Server

I recently bought a used PA-200 off ebay just to play with and learn on. It's been factory reset and has no licenses loaded. I am unable update the license from the license server. I do not have a support contract. I suspect I'm just hosed, but wanted to ask just in case whether I have any options.

Resolved! GlobalProtect with Certificate Profle

I have configured GlobalProtect to use Authentication Profile using LDAP (sAMAccountName) and a Certificate profile. I have user certificates pushed through Group Policy. The configuration works. However, I noticed a few things 1) If I login as UserA and delete the certificate from UserA's personal store, VPN will not connect (this is expected...

ce1028 by L4 Transporter
  • 7370 Views
  • 5 replies
  • 0 Likes

Resolved! Received conflicting ARP on interface ethernet

Hi all, after exporting the old config from my old pa500 to the 820, I had an old interface that was for my wifi vlan, that used to be a physical int on the 500 but I needed to remove it since now the 820 only has 4 ethernet ports, I reset it as a sub-int on the 820, but now I'm getting this message "Received conflicting ARP on interface ethern...

cdcirexx by L3 Networker
  • 19234 Views
  • 7 replies
  • 0 Likes

502 Bad Gateway Errors

I've recently noticed that I've started to receive '502 Bad Gateway' errors when trying to connect to a couple of specific websites (two so far). I use a PA-200 as my home network boundary device, running 8.0.3. I know that it's an issue with my firewall because I've tapped into the ISP feed directly, bypassing the firewall, and the site conte...

Sbarlock by L1 Bithead
  • 17788 Views
  • 5 replies
  • 0 Likes

Guest Captive Portal Auto-Registration Page

Hi, my customer have an PaloAlto 5050 , and he need to configure captive portal wifi guest access,my question is : is it possible using palo alto captive portal to have a form with the following information to fill (by the guest) first namelast nameemailphonethe customer have to accept the terme and the use condition ; before getting access , an...

Resolved! SSL Decryption just some users

Hello everybody, I'm struggling thinking how i can do this. I've implemented SSL Decryption in the Palo Alto FW and i just tried with two IP's with a succesful result. Now i would like to open the range. I want to apply that decryption rule to an OU of my domain but i don't know how to do it. Well, actually, i don't know if it's possible. So, t...

Deleting Security-Policy Rules from CLI

I'm trying to find a way to mass delete a couple of rules from the CLI. Is there a way to do this?I know you can run something like: > show running security-policy | match Minemeld|MineMeldBut I have not found a way to actually remove one of the matches the command above returns.

fospina by L0 Member
  • 5269 Views
  • 1 replies
  • 0 Likes

Resolved! Office 365 and SSL decrypt

Hi I have my PA's setup with O365 ip address and URL's using minemeld. Cool. But I would like to decrypt that traffic and I find that de crypt ssl breask lots of O365 stuff. Does somebody have a list of stuff I can de crypt or what I can't decrypt or is there a way of asking MS O365 to change my tenant to allow decrypt ? Or do i have to just put...

PA 820 MM Fiber interface will not come up with WAN Provider

I have a palo alto 220, a switch with fiber port, and a palo alto 820 with fiber port. We use AT&T 1G fiber for wan connectivity. If a palo alto is connected directly to the MM fiber wan the interface will not come up. When a switch is used as a media converter, the fiber interface/sfp on the switch does come up, and using a copper connx ...

pstrazza by L0 Member
  • 3874 Views
  • 1 replies
  • 0 Likes

DMVPN router traffic through DMZ to trusted LAN

We are setting up DMVPN routers for on-demand VPNs from our remote sites to HQ. our DMVPN routers have the front end exposed to internet and the back end is on our special DMVPN DMZ. When the VPN is built from the remote site traffic from the site comes into the DMZ and needs to be routed through the PA (5050) to the trusted interface (HQ LAN ...

Resolved! GP 4.1.1 wanting me to downgrade to 2.1.1 as an "Update"

I haven't had this issue with any other 4.1.1 clients I have installed for my users. We have been slowly rolling out 4.1.1 while upgrading machines and replacing them with users. This morning when I came in to finalize a deployment GP 4.1.1 is now prompting me that I haven't heard from my users that this is happening to everyone so I am thinki...

wtf gp.png
nrhoades by L0 Member
  • 3535 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels