General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Certificate expired

Hello,

 

Received following message/alert.

Warnings

  • Certificate PA Net Root CA in shared expired on Jun 3 23:26:00 2016 GMT
  • Certificate GlobalProtect in shared expired on Jul 27 02:34:06 2016 GMT

Do we need to action any renewal? If so, kindly show the ste

...

Farzana by L4 Transporter
  • 8268 Views
  • 3 replies
  • 0 Likes

Panorama slowly driving me insane.

I'm wondering if anyone can explain this to me.

 

I've recently started working with Panorama. When I import devices I follow this process:

 

  1. Add device, and input the serial number of the device and commit.
  2. Wait for it to connect.
  3. Import device configurat
...

Panorama Certificate question

In pamorama I created a default template with basic configuration settings for all firewalls and then create a site specific template and put them both in a template stack to apply the stack to each firewall. This way the default settings apply to al

...

dstjames by L2 Linker
  • 4094 Views
  • 3 replies
  • 0 Likes

Resolved! Redundant circuit fail over capabilities

This is a general question about PAN capabilities.

 We are looking at acquiring a second, slower circuit for internet access backup. We would like this to be an automated fail over. I am trying to see if our PA 3050's are capable of this and am lookin

...

Bvance by L2 Linker
  • 2304 Views
  • 2 replies
  • 0 Likes

SIP - services only, does ALG apply?

I am troubleshooting Cisco phone registration issues through a 3020 running 7.1.7 . My rulesets are only service based (TCP/UDP 5060, 5061, etc) and allow any application.  Cisco TAC is telling me that ALG issues are interfering with registration.

 

If

...

dpride by L0 Member
  • 1690 Views
  • 1 replies
  • 0 Likes

Palo Alto ping response is slow from Cisco

A directly connected Cisco 4500 Switch Ping's to different office goes through the PA cause nearly 700-1000msec, whereas PA pinging the Server to same site has only 20msec. I understand the Ping ( and Extended ping with TOS 184) is not the exact way

...

Resolved! Incorrect User-ID

Hello,

 

We are using User-ID Agent. 

A number of Source Users are reported as “sophosupdate”. It is not picking up the correct user.

The expected behaviour would be for the end user name (example of m.hayes in the list below).

 

 

How to correct this?

Thank

...

User-ID.jpg
Farzana by L4 Transporter
  • 7105 Views
  • 5 replies
  • 0 Likes

Active Active Setup PA-500

Hello

Could someone direct me or provide me with instructions on setting up twp PA-500's in an Active Active configuration?

Much appreciated and Thank You

RyanA. by L0 Member
  • 3742 Views
  • 2 replies
  • 0 Likes

How vulnerability profiles work

Hi Guys,

Please need your supprt in understanding how  vulnerability profiles work or in general how security profiles work.

I have done a lot of studying in this regard and all they say is that it works on the basis of signatures.Below is my understan

...

mahmoodm by L3 Networker
  • 3111 Views
  • 6 replies
  • 0 Likes

Resolved! SMB versions

I currently have ms-ds-smbv2 and ms-ds-smbv3 permitted but I am seeing ms-ds-smb-base getting denied.

 

What is ms-ds-smb-base?  Is this the same as ms-ds-smbv1?

 

Thanks!

 

 

SMB : SMB: User Password Brute-force Attempt

Hi,

 

my customer had a problem with this threat. They have a internal app which was failing when palo alto updates changed the action to reset-both. Customer told me that this problem started last 15/06 but i went to the PA updates mails and i didnt s

...

Resolved! How does link monitoring work in High Availability ?

Hi All,

 

I am working on the following HA design -

 

 

 

 

As you can see above, each firewall will have two interfaces connected to Juniper routers on the inside and outside zones. The firewall peers will also be directly connected to each other for the H

...

(Vendor - PAN) 40 Gig PRD Firewalls Topology (1).jpg

Issue with NAT over Site-2-Site VPN

Hi there,

 

I am reasonably good with Palo Alto Firewall however struggling with the NAT over VPN. I am trying to hide some internal IPs behind 9.9.0.1/32 and 9.9.0.1/32 is configured in Proxy ID as Local host. VPN phase 3 comes up but i think the way

...

nvirmani by L1 Bithead
  • 4007 Views
  • 7 replies
  • 0 Likes
  • 23590 Posts
  • 103 Subscriptions
Top Solution Authors
Top Liked Authors
Labels