General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Untagged L3 sub interfaces won't process traffic

Hi,

 

As described in following links we've configured multiple untagged sub interfaces all assigned to different vsys (different virtual routers and different zones) but with different IPs from the same network and the same VLAN:

 

https://live.paloalto

...

Source IP for SSL Forward Proxy in Virtual Wire Mode

Can someone tell me how to know/what would be the Source IP address for an SSL Tunnel Proxied from the PAN NGFW while running in Virtual Wire Mode ?

 

My topology is very simple:

 

User (Virtual Wire) ----> PAN ----> Internet

 

Does the Firewall initiate t

...

PA200 failed to discove rin SNMP server

Hi.

 

I have PA200 (PAN 7.0) device with snmpv2 enable but failed to discover in SNMP server.

When we did snmpwalk from server its giving message "No Such Object available on this agent at this OID".

Appreciate if some one can provide the exact cause of

...

karun44 by L0 Member
  • 1755 Views
  • 2 replies
  • 0 Likes

Resolved! New feature with active TP license

Hello,

 

We have a VM-100 Palo Alto at version 7.1.12 and we are looking to use the Palo Alto pre-defined Block lists.

 

The current Threat Protection license is using version  8001-4627 (04/06/18)  however the 2 pre-defined lists are not displaying in t

...

Farzana by L4 Transporter
  • 1962 Views
  • 1 replies
  • 0 Likes

Resolved! dmz design

Hi,

 

What is the benefit of having DMZ setup with two firewalls. 

 

If we have dmz setup with two firewalls ( I don't know this design is valid and adopted design, I found it  in the net ) 

 

If this is a valid design ,From local lan how the traffic flow

...

fw.png
simsim by L4 Transporter
  • 9100 Views
  • 26 replies
  • 0 Likes

Enforce Connection for Network Access

I want to see traffic over GP. In my understanding GP Portal configuration Enforce Connection for Network Access is Force networt traffic via Portal IP.  But it connected and not traffic registered under PA. 

Intermittent Aged-Out Traffic

I am hitting an issue where sessions are ending for the reason "aged-out".  Go figure the problem doesn't present itself readily when I have Support on the line.

 

The Setup: I have two ISPs.  One (I'll call it SummitNet) is an asymmetrical 30Mbps up /

...

Youtube Aged Out.PNG

ASA 5510 VPN

I want to replace a IKE1 VPN serviced by a ASA 5510 with a  IKE2 VPN serviced by the palo alto what i the best approach?

jdprovine by L4 Transporter
  • 4727 Views
  • 16 replies
  • 0 Likes

Cisco SFP+ Twinax Copper Cables to PA-5050

Hello.

Has anyone tried connecting Cisco SFP+ Twinax Copper Cables (sfp-h10gb-cu1m) to PA-5050 device? I've tried to find some info about it on PA KB but wasn't successful. Is there any document issued by PA listing all the supported 3rd party devices

...

santonic by L6 Presenter
  • 9579 Views
  • 6 replies
  • 0 Likes

Hub and Spoke IPsec VPN design with Dynamic Routing

Looking to properly setup Dynamic Routing over a hub and spoke IPsec VPN network. The hub will have 40-50 spokes.  The Hub is running a PA-820.  Spokes will be PA-220.  Voice and data traffic.  There will be minimal traffic between spokes.  My questi

...

Global protect users dont pass authentication

Hello all

we have PA in production.The problem is VPN users dont pass by certain authentication profile.The issue is that when we point user it is ok but when we point some group it fails to authenticate

we test through CLI and that is result

 

test auth

...

Radmin_85 by L4 Transporter
  • 1755 Views
  • 1 replies
  • 0 Likes

Very Slow Commits

Anyone who's used Palo's since the early days may roll their eyes at this question..!

 

We have a bunch of 3020's and one can take an age to perform commits; for example this morning we performed 4 - the first 2 took <30 seconds, the 3rd took >10 minut

...

apackard by L4 Transporter
  • 2223 Views
  • 3 replies
  • 0 Likes
  • 24304 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels