General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Best way to integrate with panos?

There's ebl, edl, persistentdag, nonpersistentdag, etc. Limits on the number of feeds.

 

Does anyone have a concise summary of some kind which makes picking which one of these, or combination of these, is the best route to go for integrating with pan

...

chirss by L3 Networker
  • 3022 Views
  • 1 replies
  • 0 Likes

Global VPN

Hi All,

 

Since IOS devices has issue in global vpn due to which it cannot access the DNS define in gateway when splittunneling is enabled.Due to which user cannot access certain URL so we added them in DNS suffiex , but if we want to define the domain

...

Himarya by L1 Bithead
  • 1730 Views
  • 1 replies
  • 0 Likes

Migrating Site to Site VPNs to IKEv2 & Suite B Crypto

Dears,

 

I have multiple site to site VPN between my branches and most of them are terminated on PAN3020 and PAN-820.

I want to upgrade them all to IKEv2 and Suite B Cryptography.

 

What is the recommended IKE and IPSEC proposals when moving to IKEv2 and

...

Ammar by L2 Linker
  • 2170 Views
  • 1 replies
  • 1 Likes

Resolved! Critical License Expiration

Hi! I have a PA-VM 300, and I've got the error message "Critical License Expiration" warning.

I can't seem to ping my fw interface from a directly connected host, though I have my MGT profile configured to allow ping to my internal interface.

 

I have r

...

LIC errors.png

Need assistance with Certs and Firewall

I has been years since I have done anything with Microsoft CA so I am really struggling. 

 

Here is the problem:

 

When enabling URL filtering and I am blocking a certain site that has HTTP and HTTPS, the HTTP page will present the block page, but the HT

...

Resolved! Certificate expired

Hello,

 

Received following message/alert.

Warnings

  • Certificate PA Net Root CA in shared expired on Jun 3 23:26:00 2016 GMT
  • Certificate GlobalProtect in shared expired on Jul 27 02:34:06 2016 GMT

Do we need to action any renewal? If so, kindly show the ste

...

Farzana by L4 Transporter
  • 7886 Views
  • 3 replies
  • 0 Likes

Panorama slowly driving me insane.

I'm wondering if anyone can explain this to me.

 

I've recently started working with Panorama. When I import devices I follow this process:

 

  1. Add device, and input the serial number of the device and commit.
  2. Wait for it to connect.
  3. Import device configurat
...

Panorama Certificate question

In pamorama I created a default template with basic configuration settings for all firewalls and then create a site specific template and put them both in a template stack to apply the stack to each firewall. This way the default settings apply to al

...

dstjames by L2 Linker
  • 3896 Views
  • 3 replies
  • 0 Likes

Resolved! Redundant circuit fail over capabilities

This is a general question about PAN capabilities.

 We are looking at acquiring a second, slower circuit for internet access backup. We would like this to be an automated fail over. I am trying to see if our PA 3050's are capable of this and am lookin

...

Bvance by L2 Linker
  • 2194 Views
  • 2 replies
  • 0 Likes

SIP - services only, does ALG apply?

I am troubleshooting Cisco phone registration issues through a 3020 running 7.1.7 . My rulesets are only service based (TCP/UDP 5060, 5061, etc) and allow any application.  Cisco TAC is telling me that ALG issues are interfering with registration.

 

If

...

dpride by L0 Member
  • 1606 Views
  • 1 replies
  • 0 Likes

Palo Alto ping response is slow from Cisco

A directly connected Cisco 4500 Switch Ping's to different office goes through the PA cause nearly 700-1000msec, whereas PA pinging the Server to same site has only 20msec. I understand the Ping ( and Extended ping with TOS 184) is not the exact way

...

Resolved! Incorrect User-ID

Hello,

 

We are using User-ID Agent. 

A number of Source Users are reported as “sophosupdate”. It is not picking up the correct user.

The expected behaviour would be for the end user name (example of m.hayes in the list below).

 

 

How to correct this?

Thank

...

User-ID.jpg
Farzana by L4 Transporter
  • 6663 Views
  • 5 replies
  • 0 Likes
  • 24187 Posts
  • 101 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels