General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Failover IPsec VPN with Dual ISP

There are serveral resource available for Dual ISP and with Failover VPN on Live community such as https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-a-Palo-Alto-Networks-Firewall-with-Dual-ISPs/ta-p/59774 . But here are sti

...

Ch.Ratha by L1 Bithead
  • 9867 Views
  • 5 replies
  • 0 Likes

Resolved! Determine IPSec tunnel performance?

Hi folks,

 

We have several IPSec tunnels, but only one is complaining of poor performance using a specific application that the tunnel is meant for.  Management asking for firewall stats to prove if it is related to IPSec tunnel/firewall performance i

...

OMatlock by L4 Transporter
  • 6765 Views
  • 5 replies
  • 0 Likes

Resolved! PA-7000 Not passing syslog traffic to Tufin

Hi All,

 

We have a PA-7000 (7.1) and Tufin (for syslog).

 

The system was previously setup to forward syslog traffic to Tufin. 

Then all of a sudden, Tufin wasn't receiving any traffic.

 

What I have done so far:

 

  1. Went through the saved configurations to se
...

Multiple overlapping IP customers behind IPSEC tunnels

Hello,

 

I have two customers with the same IP subnet, both behind separate IPSEC tunnels to my London hub (image attached, apologize for poor quality). Is it possible they can connect to my hub without any NAT on their side ? 

I've done a hack I don't

...

IMG_6826.JPG
kefiras by L1 Bithead
  • 3703 Views
  • 3 replies
  • 0 Likes

Resolved! Minemeld List or Miner for a static list of IPs/URLs

Creating this post based on another thread. In a previous post's comment section, @spssspss asked "Is it possible to create a white list from an IPs address file?" and Luigi requested a new post be created for this functionality.. 

 

Can a list of IP

...

chmotley by L2 Linker
  • 6998 Views
  • 2 replies
  • 0 Likes

Resolved! Can't update a PA-200 manually

Hello

 

i have an PA-200 running with PanOS 8.0.3 that got no support. Before i could do an update of PanOS manually without Support License. Now i wanted to do an manual update to 8.0.6 but it didn't work. I only get a message that the device got no s

...

s.debus by L1 Bithead
  • 3080 Views
  • 2 replies
  • 0 Likes

Need to enable Multicast on Site to site IPsec Tunnel

 

I am working for a product based company, Our Company products will work on Multicasting. usually most of our clients are using Cisco and Juniper equipment . Recently we got a new client and where they want to deploy Palo alto firewalls on multiple

...

suppind1 by L0 Member
  • 2638 Views
  • 2 replies
  • 0 Likes

External Dynamic Lists not working

Hi all,

 

I have configured EDL of type Dynamic URL Lists with the next configuration

 

 

Then in URL filtering profile the ransomwaretracker_URL category is configured as BLOCK and the Profile is applied in the Security rule.

 

It seems configured correctl

...

EDL.png
COMIP by L2 Linker
  • 14397 Views
  • 16 replies
  • 0 Likes

Resolved! credential tab missing in user id agent 8.0.5-7

I'm unable to find credintial tab in user id agent. I have downloaded these files UaInstall-8.0.5-7 & UaCredInstall64-8.0.5-7 and installed, both service are also running.

Any one faced this issue? or please let me know how to troubleshoot this issue.

...

1.png
2.png
3.png
4.png

Inbound Decryption Advice to overcome Decrypt error

I am asking for help to get SSL Inbound decryption working. I have read all the posts and tried everything I can think of but I keep getting the decrypt error status so I may have a basic misunderstanding. If someone has an insight into what I am doi

...

ClientHello.jpg
ServerHello.jpg
ChangeCipher.png

Resolved! DHCPv6 client support?

Is there an option to have the PA act as DHCPv6 client (DHCPv4 client on an interface is obviously supported)?

I get a /56 prefix from my provider and my DSL router offers me the option to assign a /64 prefix via DHCPv6 (IA_PD), but I cannot find an o

...

ctr_ts by L1 Bithead
  • 4636 Views
  • 2 replies
  • 0 Likes

Minemeld PA syslog processing

Hi,

 

I installed Minemeld. I'm now trying to mine the PA traffic logs via syslog. It seems that the processing works but no indicators are extracted? The PA is running 7.1.13 and sending the syslog messages on TCP port 13514 to the Minemeld server.
I

...

image.png
jorisVD by L1 Bithead
  • 2746 Views
  • 1 replies
  • 0 Likes

Decent IPv6 miner

Hello all, We use MineMeld with our PA firewalls at work, so I thought I'd try it at home as well, and it was easy to integrate with my OpenBSD PF firewall. Lots of high-quality IPv4 address and subnets to block! However, I also run IPv6 at home and

...

Resolved! DAGPusher - Add device - Is vsys supported?

In a Dagpusher output, I see the VSYS as a column, but when adding device there is no input field for VSYS.  

 

 

I checked the code on GitHub for the file at: minemeld-webui/src/app/nodedetail/dagpusher.controller.ts

 

Seems like maybe the VSYS is n

...

  • 24007 Posts
  • 102 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels