This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

PA-5220s Active/Passive HA with Single VWire but multiple vSys's and Zones

Hi folks Have pair of 5220s in Active/Passive HA. I'm reading that multiple zones cannot be used on VWire, well actually i'm finding that documentation not so clear and it could be functionality added in later releases of code. Anyway let me try to explain. I wish to bond (AE) eight + eight 10Gig interfaces to forming a single 80Gig VWire. Each...

nawaza by L2 Linker
  • 4407 Views
  • 6 replies
  • 0 Likes

Resolved! pa200 two interfaces in same zone

hi everyone, we have a pa200 with three L3 interfaces currently in use: eth 1/1 - untrust - dynamic ipeth 1/2 - trust - 192.168.18.1/24eth 1/3 - dmz - 10.10.10.254/24eth 1/4 - currently unused Now we would like to configure eth 1/4 just like eth 1/2, meaning it should be a further interface in the trust zone. I know it would be simplest to just...

Resolved! Latency on Internal Interface

Hello, Using PAN-OS 8.0.7. When we ping a trusted interface, we see latency up and down. Any clues? root@test-machine:~# ping 10.2.2.100PING 10.2.2.100 (10.2.2.100) 56(84) bytes of data.64 bytes from 10.2.2.100: icmp_seq=1 ttl=63 time=3.46 ms64 bytes from 10.2.2.100: icmp_seq=2 ttl=63 time=1.25 ms64 bytes from 10.2.2.100: icmp_seq=3 ttl=63 time=...

Farzana by L4 Transporter
  • 21969 Views
  • 9 replies
  • 0 Likes

UserID Factor Completion Time - Bad Data

We are seeing some random UserID entries being fed into our firewall that have a Factor Completion Time of "1969/12/31 19:00:00"; these always have a timeout of "0" so effectively kill the user mappings for that user. Has anyone seen this before? We have quite a convoluted setup for many reasons, one if which is that the UserID's generating the...

apackard by L4 Transporter
  • 4786 Views
  • 3 replies
  • 0 Likes

Zone protection - alert only

I have been investigating zone protection and DoS protection for awhile now and I think I would have already implemented it if you could configure all the settings to alert when you begin testing.

jdprovine by L4 Transporter
  • 4689 Views
  • 7 replies
  • 0 Likes

Resolved! pan-os 8.0 ntp not sync

Hi, I have a problem with test VM-300, NTP not sync and use local clock.But if i try to set timezone - clock set not correct >show ntpNTP state:NTP not synched, using local clockNTP server: 178.124.164.107status: rejectedreachable: yesauthentication-type: none ping source 192.168.18.227 host 178.124.164.107PING 178.124.164.107 (178.124.164.1...

SSergey by L1 Bithead
  • 10598 Views
  • 4 replies
  • 0 Likes

Resolved! How to configure a specific event to be sent via email

Hi Guys,How would I go about configuring my PA to email me everytime another device with the same IP address of the Palo Alto joins the network, please? I didn't want anything else to be emailed to me, just that particular event. I remember I was able to see the "duplicate IP address" message on the logs but I am not sure how I would setup the f...

sonivEX by L0 Member
  • 3266 Views
  • 3 replies
  • 0 Likes

H/A Clustering Query

Hi, I have a query regarding H/A clustering, I potentially have a requirement for H/A clustering with 3 firewalls and not just 2 (i.e. Active/Standby or Active/Active). I believe that presently a 3 firewall cluster is not currently supported however I need to understand if this is something on PAN’s roadmap, possibly in 8.1?

Data Plane high PA - 5020

i have problem about data plane, and the TAC say : packet rate is high, but i cannot find, how much PA-5020 can handle packet rate maximum.i use command "show system statistic sessio" packet rate is 130K - 150K and dataplane 77% at 11:00 AM, but i see packet rate is 130K-150K and dataplane 85%my question is : what indicator can make dataplane hi...

Block recently registered domains

Is anyone successfully blocking domains that have been registered recently (last 30 days)? My testing has shown in the last three days, 380k domains have been registered. My PA-3020 capacity for External Dynamic Lists only supports a total capacity of 50k domains. Does anyone know of a better method to achieve this?

ASCIT by L2 Linker
  • 5501 Views
  • 5 replies
  • 0 Likes

Resolved! Download PAN-OS from GUI failing, potential MTU Problem ...

Ok folks Here's an interesting one for you. This is to do with connectivity between Panorama and updates.paloaltonetworks.com We can retrieve licence info and download list of updates available for downloads (SW and Threats), but when clicking on download link the connection fails with standard connectivity to updates.palo error, try again later...

nawaza by L2 Linker
  • 3983 Views
  • 3 replies
  • 0 Likes

Resolved! Zone protection show wrong severity

We are doing a lab and making test attacks and see if the PA can detect them, we have an interface in tap mode and it is doing the span, we did all the configurations in a PA-200 but when we lunch brute force attacks or sql injection, the logs shown in the "threat" section appears "informational" for the severity column when it should appear an...

RCastro by L1 Bithead
  • 3258 Views
  • 3 replies
  • 0 Likes

Dynamic NAT

We are moving NAT from the routers to the firewall (5050), the routers do not release the session's efficiently so we are constantly running out of IP's in the pool. Is there a rule of thumb for the number of IP's to sessions on a PAN 5050? We run at a consistant 250K sessions. I understand the 64k connections per IP but I have been burned with ...

GFN182 by L2 Linker
  • 2686 Views
  • 2 replies
  • 0 Likes

Best Practices of log filter

Hello, As a network admin, when user escalates that he cannot access some specify website, what's the best way to find the property log which was triggered by use's browsing activity? Of course we can apply filer as "username", but even though, we will still got a lot of logs in a very short time period. What's your best practice? Thanks

qd_056 by L2 Linker
  • 4738 Views
  • 5 replies
  • 0 Likes

Log forwarding, filtering and auto tag

Hi there I've played with this feature for a while on my own FW, but must be doing something wrong. I'm adding the log forwarding profile, and when checking the filter I make, I get many log lines. But I don't get any output in the DAG. I've tried with threat and traffic logs. Documentation is rather slim on this topic. Anyone done this with su...

gtomte by L3 Networker
  • 7794 Views
  • 5 replies
  • 0 Likes
  • 24379 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks