General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Firewall Useraccounts/Passwords get overwritten by Panorama

Hi all,we have some 160 firewalls connected to a single panorama.One of our suppliers get read only accounts on the firewalls. The accounts including the password and profiles were created on panorama and then pushed as device settings to the firewalls. The supplier can change the local firewall password and login with a new password. However, i...

Resolved! User-ID Problem. LOGs show "machine-names" instead of "usernames"

Hello All, BOX 3020, with PANOS 8.0.9 with USER-ID problemsSome IPs are mapped to machine names... not anymore to users... admin@BRFW-3020-02(active)> show user ip-user-mapping all | match bres172.26.20.116 vsys1 UIA XXXXXXXX\bresd11192$ 42609 42609172.26.20.68 vsys1 UIA XXXXXXXX\bressd14056$ 43167 43167172.26.52.36 vsys1 UIA XXXXXXXX\bresd1...

ScreenShot103.jpg

Re: Vwire and L3 Deployment Decryption

Hi,I would like to know the way it operates in the backend how palo alto does the SSL decryption in Vwire mode . As in a L3 deployment the connection will terminate on the firewall and firewall acts like a MITM and does the SSL Proxying. How is the case in Vwire Deployment.Thanks

Sanssj by L2 Linker
  • 2264 Views
  • 1 replies
  • 0 Likes

SSL Decryption Exclude List - correct syntax?

What is the correct syntax to exclude a whole domain, including subdomains and pages from SSL decryption? Say exclude all URL's from "test.com", would this suffice: *.work.com or would i need to include a list like: *.work.com*.work.com/**.www.work.com*.www.work.com/* Thought please 🙂

welly_59 by L3 Networker
  • 2164 Views
  • 1 replies
  • 0 Likes

IPsec VPN throughput

configured site to site ipsec vpn between PA 820(head offc)XG firewall (branch offc)successfully. in the head offc we have 100 mbps download , 25 mbps upload speed and brach we have 100 mbps download and 50mbps upload speed. the vpn performance is very slow. what could be the reason???

GP pre-logon for IOS devices

Hello community, I was wondering if is possible to make Globalprotect for IOS or Android devices to work properly with connect methods other than on-demand, for example pre-logon. Did anyone accomplish this connection method?? Thanks and Regards,Marcos.

Carracido by L4 Transporter
  • 2771 Views
  • 1 replies
  • 0 Likes

Name resolution takes too long, diskable name for report [report name]

Hi! We just finished deploying the PA-5260 running PAN-OS 8.0.10 at our edge. Everything works well so far, but we see the log message below in Monitory->Logs->System: Name resolution takes too long, diskable name for report [report name] The type is general and severity is informational, but we are also not passing a lot of traffic at the...

Palo Alto main and sub urls are different category

I have requested palo alto uel re categorzation team for re categorizing the main url of a site for ex: abc dot com.It has re categorized correctlly by Palo as requested. However I am getting blocks when I access abc dot com /subdomainWhen i try re categorize request for this subdomain, I am getting a reply from PA about the main domain is cate...

Best practice for Palo Alto Uplink

We are looking to deploy our new boxes (PA-3220) in HA in the next few weeks. We are trying to go with best practice methods. Currently, we have an Layer 2 ae interface that has multiple subinterfaces. Each subinterface is tagged with a Layer 3 SVI. The VLAN interfaces are IP'd and added to the Virtual Router. Example -Ethernet Tab:Interface ...

Global Protect DHCP config

With our firewall for VPN and DHCP all we configure is under GP gateway/agent/client settings we have an IPpool and address route. We need to add DHCP option 160 and I don't believe that it can be done on the Palo. We have never setup a DHCP relay over the Managegemt interface. Just checking to see if anyone has done this and if it is the wa...

Resolved! Register new management IP address of PA to Panorama

My PA is already connected to the Panorama.I had to change the Management IP address. The PA lost connection to the Panorama.The Panorama shows the PA with old IP and status Disconnected.Is there a way to update the IP of the PA on the Panorama, or for the PA to push its new IP to the Panorama? thanks Roger

Resolved! Traffic going through Management port

Hello All, We were setting up a PaloAlto Firewall and made all the basic configuration to make a test on the production environment, however when connecting to the production environment, we could see that all the traffic from the PaloAlto firewall was going through the management port and we have already defined the routes with the interface an...

Resolved! Decryption Broker License

I can't activate the Decryption Broker License in the support portal. There is only the Decryption Port Mirror License available. Is there anything to do before? Or is there an additional subscription for this?

hermey by L1 Bithead
  • 3150 Views
  • 2 replies
  • 0 Likes

Panorama & "Managed Devices" unable to connect

I believe I have set up the Panorama and Firewalls correctly as per a few different KB articles I've read. I've check connectivity between the MGT interfaces, made sure that the attempts weren't being denied due to the fact that "permitted IP's" were configured. I even checked out a TCP dump of the connection on TCP 3978, and see ack's going out...

aayoung by L1 Bithead
  • 3185 Views
  • 2 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels