General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Web server publishing error

Hi! Help, please, with an Internal Web server publication. I have a PaloAltor PA-200, PanOS 7.0.19. I have ext. Internet on Eth1/1 (L3-Untrust zone) and LAN on Eth1/2 (L3-Trust zone). In my LAN I have a Server with Web publication (WebServer), which should be accessd from outside (Internet). I`m trying to publish it. But got an error: Mismatch o...

nat.png
policy.png
SPB99RO by L1 Bithead
  • 8568 Views
  • 14 replies
  • 0 Likes

Palo Alto not loading certain valid sites, why?

Having another issue with these things (ready to throw them out the window in all honesty). Seems as though a couple sites simply won't load when routed through a pair of HA-3020s. Of course Palo Alto support does a packet capture and sees no drops so immediately not their fault. But I know it is because I can route that specific traffic out ...

drewdown by L4 Transporter
  • 10200 Views
  • 12 replies
  • 0 Likes

Resolved! Are Application Filters in Groups an AND or an OR?

Hi all, If there are multiple application filters in an application group, do they work with AND or OR logic? For instance, someone configured an application group which contains five filters. All of the filters have "Subcategory = file-sharing." Then one filter has "Characteristic = Transfers Files," the second has "Tunnels other apps," the t...

HA Active/active vwire different location

Dear All, We want to deploy 2 firewall PAN in 2 different location (Building) but same area/complex. Is there any ideal distance for HA link for both firewall? Is it need to directly or i can use via switch? Can i deploy this topology? is there any suggest?

topology.png

Resolved! Traffic showing from wrong zone

Hello all, I have a (hopefully) simple problem I can't seem to figure out.I have recently created a new DMZ zone on my PA for guest users, but when a guest tries to access the internet, the traffic is showing as sourcing from the trust zone instead of the DMZ zone. A trace from the guest user makes it to the PA, then dies. I have the policy from...

Resolved! Windows and User-Mappings

I have a user group in Active Directory where we place users who should not reach the internet. This user group is then tied to a Palo Alto rule to Deny access.I've noticed (Windows PC) this week, that if a user who is in the Deny group logs in to a PC, they will be denied (works fine), however, lets say they log out and a person who should have...

Response Page: GlobalProtect Portal Login Page

greetings! up until panos 8.0.7, i could reference logos and background pictures for my custom portal login page on secondary https servers. the web client would load them and display them. now with panos 8.0.8, these externally hosted pictures do not get displayed by the client due to newly set http headers named "content security policy" et al...

Resolved! DNSproxy resolve fail msgs - only I am not using this feature!

I'm getting system log errors that state " failed to resolve domain... etc" and lists the dnsproxy as the type and resolve-fail as the event. This is all really cool - but I have NOT set DNS proxy up - ever. If I dig through the logs - I can see a time where "Dnsproxy object:mgmt-obj was enabled" - however I do not know why it would state so as ...

craiglunt by L1 Bithead
  • 11946 Views
  • 11 replies
  • 0 Likes

Resolved! Captive Portal is not presented for wireless users

Hello All, PA3020PAN-OS 7.1.4-h2 Having a strange issue with Captive Portal on PA3020 where the captive portal just suddenly has stopped working. Did a management server restart, tested with the PC directly connected into the Guest-VLAN over the wire received a CP page and was able to surf the internet. Same VLAN on the other location (differen...

CP1.PNG
CP2.PNG
CP3.PNG
CP4.PNG

Global protect portal redirect to https

Hi, We have a Palo alto in which if you try to access to the global protect portal using http, its automactically redirected to https.For example: if we access to http://vpn.xxx.com , the browser redirects to https://vpn.xxx.com. So thats perfect. But we have another PA with another GP Portal (https://vpn.yyy.com, in which is not redirected to h...

BigPalo by L4 Transporter
  • 6076 Views
  • 4 replies
  • 0 Likes

External Dynamic List exceptions

Hello, We have recently upgraded our FW to PanOS 8.x (currently running 8.0.8) and we want to use the newly added feature that enable to add exceptions in External Dynamic List. However it doesn't seem to work since the configured IP we put in exceptions (in a IP list) are still blocked by our policy. Did you try this and does it work for you ?

GlobalProtect internal gateways

I'm struggling with GlobalProtect and always on.I have it configuerd for Multi-gateways and that part works great. My issue is when I switch WiFi networks to internal, the globalprotect still tries to connect. I have added internal host detection and put down an IP and Hostname of a server. If I disbale the globalprotect from systray. I'm able...

Amory by L1 Bithead
  • 4736 Views
  • 5 replies
  • 0 Likes

Running config not synchronized - Sync to peer

Hello ! We encounter a problem on a power supply on one of our Palo Alto. Since power supply replacement, we've the message "Running config not synchronized - Sync to peer" but i've one question : Is the active firewall configuration will be pushed on passive active firewall ? Other question, since we've connected "new" firewall, in our Panora...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels