General Topics

private ip addresses in url filtering category

Hi,

What is private ip addresses in  url filtering category .

I tried to allow and access a url in local lan , did not work 

Thanks

ICMP gets dropped by DEFAULT DENY ANY ANY

Source IP: x.x.172.230

Source Zone: int-fw

Destination IP: x.x.20.50

Destination Zone: DMZ

Requirements: SRC and DST IPs should be pinged bi-directionally.

Scenario:

- I've allowed the traffic using ICMP, ICMP-0, ICMP-8, PING bi-directionally but still

Always on/Pre-Logon GP and Windows logon time

Does anyone have any tweaks or suggestions that might improve the windows logon time when GP is configured as pre-logon always on? Our users have gotten used to waiting sometimes up to 5 minutes after logging in before they see their windows desktop.

HOW TO CONFIGURE NAT FOR SAME IP IN IPSEC TUNNEL

I HAVE IPSEC TUNNEL BETWEEN MY PA AND another SIDE IS CISCO ASA, NOW ON BOTH SIDE THE IP IS SAME. SO HOW I WILL CONFIGURE NAT FOR THE SAME IP? 

Trunking a new switch existing PA (Active/passive)pair

Hello Everyone,

I am having some trouble with trunking. Below is our current setup:

PA pair(vlan 48---x.x.48.254) ------core switch (vlan 48....x.x.48.1) for internal access (trust zone). we have a static route on PA---any traffic to internal network

[PANORAMA][ERROR] Can't use export or push device config bundle feature

Hello,

I got issues using the feature : Panorama > Setup > Operations > Export or push device config bundle.

I try to erase the local configuration of a PA-850 and push the Panorama configuration on it.

I got this error message when I click on push &

Need help on VPN PA firewall to IBM cloud VPN

All,

I am new to Palo Alto World

Really need your Help in understanding how can i create the VPN for the below

1. IBM cloud subnet only 1 subnet so thats okay. 

2. Multiple subnets behind my PA firewall, my question is how to NAT them all to go out?

I

SNMP on Active-Passive HA Cluster

Hello,

I have SNMP configured and working on the Active member of my HA cluster.  i need to set SNMP up on the Passive member, i have made the changes and saved config but it is not working, do i need to commit the config?  if so, would this cause an

GlobalProtect Connection Problems

Hi All

I have had to re-install a user client Global Protect Agent 2.3.3-5 as he couldn't  connect, after re-installing he still cant connect and getting a error message off:

#“(T10576) 02/01/18 13:55:00:745 Debug( 226): CPanSocket::onConnect - retur

How can we manage the Firewalls while Panorama is out of service?

In a scenario with many groups of firewall's centrally managed by Panorama.
The Panorama is running in a appliance without HA.

What we should do when Panorama is outage by a problem and we have to do any change in the Firewall Policies?

Best Regards,

Mar

Decryption policy options explanation required.

Hello Everyone,

I am reading about decryption policy and have some questions in my mind, so looking for some answers.

1- In order to apply the decryption profile, do I need to have action set to decrypt ?

2- what is the advantage if I have a decrypt

Determining failed administrator interface logons from syslog

Hello!

I'm running into an issue. I would like to record failed logons to the administrator interface via syslog but the log format and contents of the logs appear to be exactly the same as those when a user performs a failed login to GlobalProtect Cl...

Traffic in interface tunnel

Hi,

I have enabled QoS in order to limit a tunnel interface to maximum badwith to 50Mbps. QoS is well-applied but the current BW value is not being showed in QoS statistics. What ways are there to know the amount of traffic that goes in a moment thro

How to get the SSL cert (pem format) from Minemeld (On Unbuntu)

Hi Guys,

I would like to import MM cert into Qradar in order to consume feed from MM. where i can get the SSL cert?