General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Is there a minimum upload and download speed required for Global Protect to operate?

I have a group of users that use Sprint and Verizon hot spots in order to establish a VPN connection from a remote location to our corportate network using the Global Protect Agent. Some of the hotspots are experiencing a 2-3 Mbps upload and 2-3 Mbps download speeds. The users at these locations are experiencing VPN disconnection issues such as ...

Qradar couldn't connect MM Taxii output

Hi Guys, It seems issue happend at Minemeld side. This is error from Qradar Threat Intell app "There is a problem connecting to the TAXII server. Verify that the TAXII server is available. Get list of collections failed." This is error from Minemeld (/opt/minemeld/log/minemeld-web.log)"POST /taxii-discovery-service HTTP/1.0" 200 1658 "-" "Qradar...

Woranon by L1 Bithead
  • 5260 Views
  • 3 replies
  • 0 Likes

Resolved! User-ID Agent placement (Domain Controller)

Hi all, I've read the best practice guide and I can't see anything that says the agent SHOULDN'T be installed onto a domain controller. Any experiences with that here? We currently have the agent installed onto two Windows Server 2012 R2 member servers that are close to the DC's but will be retired soon and I need to evaluate my options. Just ma...

Slow throughput on newly installed PA-820

Hello all...I have a newly installed HA pair of PA-820. Our ISP circuit is 50Mbps/50Mbps. Testing from a LAN pc, I am only able to download a max of 14Mbps using speedtest.net or speakeasy.net. I have called Palo Alto support and they suggested setting up QOS on my WAN interface and setting the speed to 50Mbps on the interface. The slow downl...

PAN-OS 8.0 Upgrade Blocking Nexflix

I recently upgraded my home PA-200 to PAN-OS 8.0.1 from 7.1.7. All seems fine, except that from two Samsung smart TVs Netflix streaming is affected. A diagnostic test on one of the TVs shows that the app is able to connect to 1 of 4 Netflix servers only. Strangely, I can stream Netflix to a Chrome browser on a Windows 10 machine without issue...

Sbarlock by L1 Bithead
  • 11566 Views
  • 8 replies
  • 0 Likes

Zone available in template stack but not available in policy

Issue Description Specific zone which created in global template is available in one stack but unavailable in other, though this global template is part of their stack. Config detailsEach firewall has their own stack, template and 1 common global template zone created on global template is available on both stackspa_3050_stack(firewall1)pa_vm(...

2018-05-03 10_12_10-Panorama.png
2018-05-03 10_12_54-Panorama.png
2018-05-03 10_13_06-Panorama.png
2018-05-03 10_13_28-Panorama.png

Resolved! New site to site VPN creation with same proxy IDs

HiI have a HQ PAN connecting to a remote ASA and IPSec is up with static routes and proxy IDs. Have installed and configured a new PAN parallel to remote ASA which is going to be replacing itQuestion is, can i have a new VPN configured in HQ to new remote PAN, where the proxy IDs will be same as the operational one? The remote IP for PAN is diff...

mhamid by L1 Bithead
  • 3549 Views
  • 2 replies
  • 0 Likes

Resolved! MT v3.3.15 doesn't appear to import/upload PANOS xml file from my PA-820 running v8.0.7

I was trying to Upload a Panos XML file that I saved from the PA-820 to MT v3.3.15, but when I go to the "Zones" side-tab from the "Manage Networks, Routing, Zones", etc icon, I didn't see any of my existing zones. The upload action actually didn't appear to do anything except display a link to "media.paloaltonetworks.com/Ip/endpoint-security/"...

Resolved! Panorama and Solarwinds SCP for Scheduled Backups

I have SCP running on windows host, Solarwinds Can I please ask if anyone has this working successfully?. Palo support seem to suggest that the SCP server needs to be Linux host Thank youAjaz NawazJNCIE-SEC No.254CCIE-RS No.15721

nawaza by L2 Linker
  • 7504 Views
  • 5 replies
  • 0 Likes

Should sub interfaces be graphed

We have aggregate interfaces under which we have created sub interfaces. The graph for aggregate inerfaces displays expected avg/min/max but the sub interfaces are displaing very unexpected avg/min/max.

image.png
image.png
raji_toor by L4 Transporter
  • 2886 Views
  • 3 replies
  • 0 Likes

Resolved! SSL Decryption - Enterprise CA

Hi Everyone, Recently a decision was made to implement SSL Decryption for outbound inspection. We work within a Microsoft PKI environment and are experiencing issues in signing the CSR generated by the firewall. I create the CSR based on the "how to implement and test ssl decryption" document I found via the Live Community (https://live.paloal...

cafowler by L2 Linker
  • 9401 Views
  • 4 replies
  • 0 Likes

What's new in MineMeld 0.9.9

Release Date: 2016-04-19 How to update: Updating MineMeld UI - new logo - new you can edit and create a local version of an existing prototype, just press NEW at the top of the prototype view Nodes - miner for JSON feeds Prototypes - prototype for AWS IP ranges, based on the JSON feed Miner (suggested by coldstone1) Engine - better de...

Screen Shot 2016-04-19 at 17.44.10.png
lmori by L7 Applicator
  • 7976 Views
  • 4 replies
  • 1 Likes

Update List Using REST \ similar

Maybe a stupid question and\or I've missed the obvious... One of the issues we have with our Palo firewalls is - when we deploy 'active' IPS rules (block-ip etc) the maximum length of time is 3600 seconds. We have a log solution that we use to trigger alerts if we're being probed over multiple days etc and would like to trigger a script, ra...

apackard by L4 Transporter
  • 21007 Views
  • 12 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels