General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Any Any Rule

Many times I have seen that engineers used to allow any rule during troubleshooting and forget to remove which creates problem in audit and compliance check, is there any option so that engineers should configure rule with any in source/destination/port/application fields. Thanks in advance,sumIT

SumitB by L1 Bithead
  • 2489 Views
  • 2 replies
  • 0 Likes

Controling East-West traffic without NSX

Hello,In a "Supported Deployments on VMware vSphere Hypervisor (ESXi)" section of the documentation (https://www.paloaltonetworks.com/documentation/71/virtualization/virtualization/set-up-a-vm-series-firewall-on-an-esxi-server/supported-deployments-on-vmware-vsphere-hypervisor-esxi#_92501) for VM series it is mentioned that VM Firewall can be de...

Resolved! Slow downloads from Non-US sources

Short version: large downloads from Non-US sources are slow. The file I'm attempting to download is the ISO found here from Bacula: https://www.baculasystems.com/dl/KickStart/bacula-enterprise-trial-kickstart.iso I have a sister firewall at another location with basically dupilicate config on the firewall and the file downloaded at more the exp...

Nathan.S by L3 Networker
  • 3982 Views
  • 3 replies
  • 0 Likes

Resolved! Panorama 8.0 Managing Firewalls on PANOS 7.1

We are looking at upgrading Panorama to V8.0 to give us the ablity of perform individual commits, the firewalls will remain on V7.1 for the time being.Because V8.0 has so many new features what would happen if an admin configures a feature not supported on V7.1?Is the commit to Panorama going to fail? or is the commit to the FW going to fail?is ...

Global Protect disconnect issue

3000 series FW, software 6.0.1, GP 2.0.1 -- GP continually disconnects/reconnects.. tried reinstalling client, rebooting, etc.. happens with some users at random times..then the issue will magically go away. Anyone else experience?

rrau by L3 Networker
  • 9752 Views
  • 8 replies
  • 0 Likes

Resolved! User-ID and GlobalProtect User Access

Currently I have 2 HA'd 3020 on 8.0.0 code. I have SSL vpn setup using globalprotect with LDAP. Also having implemented User-id for policy access. All this is working. My problem is, when users access the network over globalprotect. Those users miss the rules created based on the "domain\user" and are only seen as "user". Now if the user accesse...

k.truex by L1 Bithead
  • 2851 Views
  • 1 replies
  • 0 Likes

Resolved! Query on GlobalProtect SSL VPN

Hello, I’ve got a single public IP address, which is used for GlobalProtect SSL VPN. I also want use this single public IP address to allow inbound static NAT to a SSL web server on my LAN. Using GP 4.0.5 When I do this, the GlobalProtect SSL VPN client stops working and starts redirecting the traffic to the SSL web server. Is there a way aroun...

Farzana by L4 Transporter
  • 2954 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama 8.0 Commit changes

We recently upgraded our Panorama M-100 to 8.0.9. After doing so, we now see these commit options: I've always been very weary of centralized firewall management after seeing a coworker push a bad config before to multiple devices. I'm a bit hesitant to click on anything that "pushes" to devices without being able to preview the configuration ...

2018-05-29-panorama-commit.PNG

Resolved! Destination vs Source Nat

I have a pretty good understanding of the difference between SRC and DST Nat, but there is one area that I could use some clarification on. With SRC NAT, I understand that by selecting BI-Directional, it allows an IP to be translated to an outside address and that Bi-Directional created an implied policy so that someone on the outside could init...

Permit user access to a specific URL failed

Dear all,I want to permit HRT members access a recruitment website called "https://www.vietnamworks.com". I create a security rule permit them to access a URL_category named "HRT_recruitment".In "HRT_recruitment" category I added "*.vietnamworks.*" and "vietnamworks.*" and even "www.vietnamworks.com" but It doesn't work.I checked traffic log, Tr...

Capture.JPG
Hongson by L2 Linker
  • 3124 Views
  • 2 replies
  • 0 Likes

Speedtest-drop when pass through PA-5220

Hi Expert , I would like to know today I have speedtest and found when test client that pass through speed drop for example client A test speedtest pass through firewall result down 500/mbit : up 900/mbit but when client B Test Speed Direction pass throught Router found result down 1000/mbit : up 1000/mbit so, I doubt why when pass ...

  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels