General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 255 Views
  • 0 replies
  • 1 Likes

Resolved! TAP mode interface drop

 

Hi. I have a question about TAP deployment

 

I set the TAP mode which I used just one interface, set the zone TAP

Security policy TAP-TAP any any permit.

 

Then, regularly I'm checking the global counter, but I don't know why the drop packet occured.

When

...

drop-count.PNG

IKEv2 renegotiation on acceptor gateway reboot

Hi community,

 

I have a site-to-site IPSec connectivity with Palo Alto gateway (PA-VM 8.0.5 on kvm hypervisor - CentOS 7 host) on one end as initiator and Vyatta OS based gateway on the other end as acceptor.

 

When IKEv2 and IPSec (and BGP) are in esta

...

rameshgi by L0 Member
  • 1799 Views
  • 2 replies
  • 0 Likes

PaloAlto Managed Services Question:

I have a question pertaining to Palo Alto's Managed Services business.

 

Does Palo Alto have its own Managed Services business where they service end clients directly?  

 

Another way of asking this is, does PaloAlto only use the partner channel to deliv

...

CryptoRG by L1 Bithead
  • 3560 Views
  • 4 replies
  • 0 Likes

Layer 1+2 decisions for PA820 HA pair

This is my first time having the luxury of two ISP's and redundancy in all hardware - I was tryingt to research best practice for wiring the PA pair as active/passive router/nat - I found some mentioning of using port channels to achieve local reduna

...

2isp_asr_pa820_6840_wiring.PNG
stoker by L1 Bithead
  • 2873 Views
  • 6 replies
  • 0 Likes

2nd default route

My PA already has a Default Gwy pointed to the current Internet provider. I got a new Internet provider and I'd like to test the Internet connection by only allow my traffic to go to the new Internet connection. What is the side effect if I add anoth

...

jac101 by L2 Linker
  • 2228 Views
  • 3 replies
  • 0 Likes

Captive Portal doesn't redirect

Hi Community,

 

I'm getting mad....

I configured a simple captive portal in my testing environment with saysing: everything from host A to untrust with tcp-443 and tcp-80 will be captive-portaled - so far so good.

I configured the captive-portal in the u

...

Chacko42 by L4 Transporter
  • 3255 Views
  • 2 replies
  • 0 Likes

Source User Doesn't Show

Dears,

          I have a problem with uses coming from WIFI and non-joined domain the source user doesn't show and show a blank please find the image.

I have installed the CA's for our domain and the PA put didn't work.

 

Our infrastructure as shown bel

...

Infr.jpg
Capture.JPG

IPsec Vpn tunnel was down

PA-850- 8.0.6-h3  Customer complains IPsec  was down how can i check it on gui sytem logs or via cli.

 

Ihave checked the Moniter>system logs and  couldnt find any logs  related to "tunnel-status-down"

Thanks,

Ranji

Resolved! SMTP Relay failing after PA update

Hi,

 

I just upgraded to 7.1.16 and since that point my Windows server can no longer make a SMTP connection to a mail relay service (outbound.mailhop.org) on port 2525.  When I look at the Traffic log, I see the action as reset-both and the threat is "

...

SSL decryption inbound issue

We've been using SSL decryption inbound for a while. In order to decrypt traffic based on DHE and ECDHE ciphers, we moved to PAN-OS 8.0. On 7.1.10, traffic with those ciphers were not decrypted but passed through. Now, on 8.0.6, we see drops.

 

The dec

...

ACortes by L2 Linker
  • 6031 Views
  • 7 replies
  • 0 Likes

Issue User-ID Agent some user mapping long time

Hi Expert ,

 

I found issue about UIA which some user logon into network sometime IP   mapping user  long time or sometime not  mapping I must use clear user mapping and  every time and ip map user on AD  , I would like to know why user  mapping longti

...

  • 23627 Posts
  • 107 Subscriptions
Top Liked Authors
Labels