General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! TAP mode interface drop

Hi. I have a question about TAP deployment I set the TAP mode which I used just one interface, set the zone TAPSecurity policy TAP-TAP any any permit. Then, regularly I'm checking the global counter, but I don't know why the drop packet occured.When I checked first at the 'packet capture' on the firewall, then I could see some packets are droppe...

drop-count.PNG

IKEv2 renegotiation on acceptor gateway reboot

Hi community, I have a site-to-site IPSec connectivity with Palo Alto gateway (PA-VM 8.0.5 on kvm hypervisor - CentOS 7 host) on one end as initiator and Vyatta OS based gateway on the other end as acceptor. When IKEv2 and IPSec (and BGP) are in established state, and the Vyatta OS reboots, it takes about 6 minutes for PA-VM to detect outage and...

rameshgi by L0 Member
  • 2374 Views
  • 2 replies
  • 0 Likes

PaloAlto Managed Services Question:

I have a question pertaining to Palo Alto's Managed Services business. Does Palo Alto have its own Managed Services business where they service end clients directly? Another way of asking this is, does PaloAlto only use the partner channel to deliver managed services? I was curious as I am looking at PaloAlto and doing research to learn more....

CryptoRG by L1 Bithead
  • 4717 Views
  • 4 replies
  • 0 Likes

Layer 1+2 decisions for PA820 HA pair

This is my first time having the luxury of two ISP's and redundancy in all hardware - I was tryingt to research best practice for wiring the PA pair as active/passive router/nat - I found some mentioning of using port channels to achieve local redunancy, but I don't see much info on it, doesnt seem widely used. Please see image below about my th...

2isp_asr_pa820_6840_wiring.PNG
stoker by L1 Bithead
  • 3908 Views
  • 6 replies
  • 0 Likes

2nd default route

My PA already has a Default Gwy pointed to the current Internet provider. I got a new Internet provider and I'd like to test the Internet connection by only allow my traffic to go to the new Internet connection. What is the side effect if I add another Default Gwy pointed to the new Internet provider? Thx

jac101 by L2 Linker
  • 3042 Views
  • 3 replies
  • 0 Likes

Captive Portal doesn't redirect

Hi Community, I'm getting mad....I configured a simple captive portal in my testing environment with saysing: everything from host A to untrust with tcp-443 and tcp-80 will be captive-portaled - so far so good.I configured the captive-portal in the user-id area, did the interface profile settings, activated the user-id on the zones and configure...

Chacko42 by L4 Transporter
  • 4366 Views
  • 2 replies
  • 0 Likes

Source User Doesn't Show

Dears, I have a problem with uses coming from WIFI and non-joined domain the source user doesn't show and show a blank please find the image.I have installed the CA's for our domain and the PA put didn't work. Our infrastructure as shown below. Wireless Controller "Cisco Aironet 1850 Series Mobility Experss"

Infr.jpg
Capture.JPG

IPsec Vpn tunnel was down

PA-850- 8.0.6-h3 Customer complains IPsec was down how can i check it on gui sytem logs or via cli. Ihave checked the Moniter>system logs and couldnt find any logs related to "tunnel-status-down"Thanks,Ranji

Resolved! SMTP Relay failing after PA update

Hi, I just upgraded to 7.1.16 and since that point my Windows server can no longer make a SMTP connection to a mail relay service (outbound.mailhop.org) on port 2525. When I look at the Traffic log, I see the action as reset-both and the threat is "Fragroute Evasion Attack For Unknown-tcp Traffic". Presuming this is a false positive, what is th...

"Deactivate License" : Where did they go and how can I reuse them?

Hello everyone, Has anyone actually used the "Deactivate License" feature to unlicense a vm and then license another vm? My goal was to move licenses from a v7 vm100 to a v8 vm100 on new hardware.I successfully deactivated the license on one of my 6 VM-100's. It seemed to work, the serial # etc was removed from the single vm. Now that it is gon...

dbrenipc by L3 Networker
  • 3547 Views
  • 2 replies
  • 0 Likes

SSL decryption inbound issue

We've been using SSL decryption inbound for a while. In order to decrypt traffic based on DHE and ECDHE ciphers, we moved to PAN-OS 8.0. On 7.1.10, traffic with those ciphers were not decrypted but passed through. Now, on 8.0.6, we see drops. The decryption profile sets TLSv1.0 only as protocol, but we allow other protocol versions and ciphers (...

ACortes by L2 Linker
  • 8046 Views
  • 7 replies
  • 0 Likes

Issue User-ID Agent some user mapping long time

Hi Expert , I found issue about UIA which some user logon into network sometime IP mapping user long time or sometime not mapping I must use clear user mapping and every time and ip map user on AD , I would like to know why user mapping longtime or not mapping show unknow however , I config cache User Identification Timeout (min) 720 mi...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels