General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Understanding Panorama Log Ingenstion & Sizing

I am new to PA & I'm trying to understand the necessity of log collection to a Panorama VM. My company is about to deploy PA-3220's in HA pairs in several data centers. We have a single Panorama VM getting deployed for 6 firewalls (3 HA clusters). Coming from a traditional ASA background logging is set up either to go to syslog server or ...

QOS for multiple user addresses

Hi i need to create a qos policy to limit downloads and uploads of user addresses objects created on palo alto device i know that i will ceate a qos profile for down and up , choose a class , priority and type guaranteed and max BW then create a qos policy and qos interface 1-regarding the qos policy , do i need a policy for upload and policy f...

AKabary by L2 Linker
  • 7559 Views
  • 8 replies
  • 0 Likes

Resolved! netflow behavior

Is the session is long live ( some applications like nfs,panorama) will start and last till 1 month.As we have configured log at session end, the log entry will be created once the session is ended.However we have configured netflow as well.Netflow is also reporting data to netflow server once the session ended on firewall ( which is 1 month lat...

Resolved! Help understand TAP mode

Hello,sorry for a dumb question but I am new to PaloAlto and I would like to understand the TAP mode on a physical PA firewall. We have Cisco Catalyst 6509 switch running in 1 of the offices as a core. PA firewall is used for users' internet traffic and it is directly connected on that switch. We need to find a way to mirror traffic going throug...

Panorama PAN-OS 8.0.8 and always highlighted (Green) Commit button

I have recently upgraded Panorama from 7.1.x to 8.0.8. Although there are no changes and all firewalls are "in sync" for the configuration, the Panorama "Commit" button is Green/Highlighted. Is there anyone using Panorama with 8.0.x and seeing the same behavior? Until 7.1.x, the green/highlighted butting always meant pending config push/non sync...

Resolved! PAN-89471 userid causes firewall to reboot ?

I am considering upgrading from 8.0.x to 8.1.x, but this issue seems like it might be a show stopper. In 8.1.x known issue PAN-89471 "Firewalls reboot because the userid process restarts too often due to a socket binding failure that causes a memory leak. Workaround: Terminate the process that is using port 5007." This seems to read "userid caus...

mike406 by L2 Linker
  • 3669 Views
  • 3 replies
  • 0 Likes

Palo Alto firewall generates SSL version / cipher suites errors

Hi, i have a very strange issue. I have a webserver protected by a palo alto NGFW, if i disable inbound ssl inspection policies everything works fine and i can access the server as intended. However when i enable the inbound ssl inspection policy, with the proper certificates imported in the NGFW, i always get SSL version/ Cipher suites errors ...

tombarat by L1 Bithead
  • 4656 Views
  • 4 replies
  • 0 Likes

Dynamic Update from Panorama doesn't work

I want to use Panorama to perform dynamic updates for the "Antivirus" and "Applications and Threat" sections.On remote firewalls, I configured Panorama as the update server.I also scheduled the automatic update via a template.In Panorama, I have the latest versions of "Antivirus" and "Applications and Threat" installed. However, they are never d...

Resolved! Rule allowed but policy-deny?

Hi, We have something strange in our firewall. We have a client/computer with Sonos software and the software need to update. When we click update in the software we get a message that something is wrong. So I checked our firewall and in the monitor I can see that the update needs to get pulled from akamai and it is denied. So I created a rule t...

ZEBIT by L3 Networker
  • 5437 Views
  • 2 replies
  • 0 Likes

Why is this traffic allowed when the rule should not allow it?

I am tidying up some rules that were "rush" jobs as part of the initial deployment. One rule "TEST-VI" was SRC ZONE - TRUST DST ZONE - PartnersDST Addr - I%%%%%A-VIPApplication - Any I was going to get rid of this as there is another rule after it with "Service 20,988,5678" which would be a better match. But when I looked at the tracffic for th...

palo.jpg

Resolved! PA200 commit failed (file size limit)

Hi, We are running commit from panorama to several PA200. Commit is failing, the reason is "Wildfire size limit" but we havent changed any value in Wildfire. If we restart management plane and run the commit again is working, the commit is done.PanOS is 8.0.9 Why are we having this commit error??

Resolved! How to configure URL Filtering SSL site

Hi all, I have a question regarding URL filtering. I set up URL filtering in Security Profiles to "Alert" for Google Tag Manager. Test and work with the browser access to "https://www.googletagmanager.com/". When I use Wireshark to capture packets, why do I see only packets ssl negotiations "clent hello", not responsed "server hello". However, ...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels