General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 377 Views
  • 0 replies
  • 0 Likes

SSL decryption inbound issue

We've been using SSL decryption inbound for a while. In order to decrypt traffic based on DHE and ECDHE ciphers, we moved to PAN-OS 8.0. On 7.1.10, traffic with those ciphers were not decrypted but passed through. Now, on 8.0.6, we see drops.

 

The dec

...

ACortes by L2 Linker
  • 6318 Views
  • 7 replies
  • 0 Likes

Issue User-ID Agent some user mapping long time

Hi Expert ,

 

I found issue about UIA which some user logon into network sometime IP   mapping user  long time or sometime not  mapping I must use clear user mapping and  every time and ip map user on AD  , I would like to know why user  mapping longti

...

Shutdown/Disable MGMT interface due to DNS issues

Hi Guys,

 

I got a simple question for you:

 

Is it possible to literally disable/shutdown mgmt interface, via CLI or webUI, in a VM enviroment when is not needed?

 

I notice a DNS issue after we have deleted the IP address assigned to the MGMT interface v

...

Resolved! PA-5220 HA Config Ethernet or Crossover Cables?

The first step seems a bit contradictory, just looking for some clarification. I have 2x5220s that I am setting up in HA Active-Passive mode. To cable the dedicated interfaces it looks like I just use regular ethernet cables, but the second sentence

...

mike406 by L2 Linker
  • 10965 Views
  • 8 replies
  • 0 Likes

PBF and Tunnel monitoring failing

Hello

I have strange intermittant issue with PBF and Tunnel monitoring. If I disable the IPsec VPN at both side and bring it up PBF and Tunnel monitoring is working at configured. ( Shows as up ) I have configured a monitor IP destination of an addres...

Resolved! subinterface for vsys

Dear All,

               When we create subinterface, the main interface is assigned to one vsys(none option unavailable). So under a physical interface, when we create multiple subinterfaces and assign to different vsys, will this cause any issue?? a

...

interface_detail.png

Understaanding MSSP

Hello brothers,

 

Plz i really need your help, we have a big project with a big Service Provider, it's the MSSP, i know the concept but technically i don't know anything.

As i understood, the MSSP is a security as a service, the Service Provider host th

...

user activity ACC -CLI

Dears

 

I want to know the IP of this user "None",as per to a below image, through CLI ...Can I do?

 

Please feedback with the command or the way to know who it is ?

 

thanks

 

User Activity Log.png

commit status warning part II

Here is another interesting commit status dependency warning

 

"Rule 14 application dependency warning: Application ms-update requires ssl be allowed but ssl is denied in rule 15. " Why is an application in the rule above getting on a rule below it?

jdprovine by L4 Transporter
  • 2233 Views
  • 5 replies
  • 0 Likes

Resolved! gMSA integration with AD2016, creating computer account

I'm working with our AD admin, and we are trying to replace our DCAdmin account with a service account on our firewall. With AD2016, the MSA/gMSA accounts require that you link the account to a computer object.

 

I've seen in a couple documents that it

...

Resolved! Untagged L3 sub interfaces won't process traffic

Hi,

 

As described in following links we've configured multiple untagged sub interfaces all assigned to different vsys (different virtual routers and different zones) but with different IPs from the same network and the same VLAN:

 

https://live.paloalto

...

  • 23835 Posts
  • 112 Subscriptions
Top Liked Authors
Labels