General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Log forwarding to Panorama

Hi, I have some problems with log forwarding from firewall to Panorama because it is consuming a lot of bandwidth. I have configured the firewall to buffer the logs before foward them to Panorama. I would like to know the following:* When log forwarding initiates from firewall to Panorama (50% or 90% of buffered size for example)?* How I control...

Resolved! QoS Reporting

I've deployed QoS on a PA-3050 and currently have 2 profiles that I'm specifically rate limiting at different bandwidths (class5 and class6). I've looked through all of the reports as well as App Scope but can't find anything that shows me bandwidth usage by QoS profile. Essentially the customer is looking to have a line graph that shows bandwid...

Captive Portal Redirect Page

Hello all, I am having a bit of an issue with getting captive portal to work the way I need it to. I have it setup and my Macbook was able to redirect to the correct page, I was able to successfully login, and then browse the web without issues. The problem I am having is after the timeout value I have set is over (5 minutes for testing), I can ...

Self-service Firewall rules?

Wondering if the NGFW are capable of automation. Automation as in, if someone has a set of firewall rules that needs to implemented and they know their source, their destination, their port, they can implement the rule themselves.

Resolved! Application vs Service in PA

Hi Experts, I've query in Application vs Service columns. As we all know the Palo Alto preferred method is to use Application column (SSL, Web-browsing) and refer to 'Application default' in Service. My query is, if we mark 'ANY' in Service column and filter the ports in Application column (SSL, Web-browsing) will PA firewall stop further proc...

PA1.JPG

QoS for VOIP over IPSEC VPN

Hi All I have four VPN sites and HQ with VOIP deployed. On HQ Palo Alto, I want if traffic come from LAN with some marking like 'af41' then give priority (real time) and copy the dscp marking when send across IPSEC VPN? -> For this, I have made one qos profile say 'vpn_profile_voip' with class '2' and assign priority 'real time'-> Then app...

Resolved! PA-3060 Whats Up Gold (WUG) Integration: Auto Link Creation Fails

I have a PA-3060 connected to a Cisco 3850 S-E via a 4-member aggregated dot1q trunk (ae1) link. The MGT interface connects to a different 3850 S-E on its own Mgmt VLAN, in the same subnet as the Whats Up Gold Server (WUG). The MGT interface has HTTP, SSH, Ping and SNMP Services enabled, with the correct permitted IP address list. The WUG Serv...

DeanFarr by L1 Bithead
  • 10365 Views
  • 5 replies
  • 0 Likes

Dynamic 1:1 NAT on the Palo Alto interface.

We are looking at some method where we can dynamically NAT subnets behind the Palo Alto Firewall to pick an IP address from the network defined on the external interface. e.g. I have the external IP address network defined as 10.100.100.0 /24. The IP address 10.100.100.20 is defined as the IP of the external interface. In the internal network we...

nson2139 by L3 Networker
  • 3409 Views
  • 2 replies
  • 0 Likes

Issue Static Source NAT

Hi Expert , I have some issue about Static NAT due to I have secondary public ip on the same interface such as on ethernet 1/3 have 192.168.1.22/24 and 192.168.55.1/32 and config nat bi-direction such as source trust > 172.16.1.22 to untrust and Source nat ip 192.168.55.2 to untust and try to use and I have observed on traffic log found na...

Resolved! how to whitelist an URL with a wildcard in the name ?

I'v got a question about whilesiting URL's I want to whitlist the following URL, github-production-user-asset-*.s3.amazonaws.com.but, it's only possible to use a wildcard to replace full hostname spaces of the URL ( like *.s3.amazonaws.com ) how do I solve this ?

DaxVC by L2 Linker
  • 4021 Views
  • 1 replies
  • 0 Likes

Minemeld install error on RHEL

I am attempted to perform an ansible install of Minemeld on RHEL 7. I am receiving the following error. Anyone seen this and have any suggestions for remediation? Thanks I receive the following message when I run the ansible playbook: TASK [minemeld : bower install] ***************************************************************************...

taustin by L1 Bithead
  • 3538 Views
  • 2 replies
  • 0 Likes

invalid interface

hello have getting a lot of 802.1q tag not configured and invalid interface message in global counters. I'm trying to find the cause, I have configured subinterfaces I see traffic in rx.pcap with properly tag, all traffic is dropped, I see as destination mac addres of the fisical interface when I have configured subinterfaces, could someone help...

Marivi by L2 Linker
  • 9220 Views
  • 8 replies
  • 0 Likes

Feature Request - Reporting

I just spoke to Jim Silha about reporting. Palo Alto comes with a user activity report. Under the section 'Browing Summary by Website' there is a 'Host' column. It is much more report friendly than say 'URL'. I would like to be able to use that in my custom reports but was unable to find that under the 'Available Columns' for any of the logs....

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels