General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Clean Firewall Policies

Hello all, I am thinking of how can i clean/organize my firewall policies. Many rules seem to be mixed up within each other. Do you have any suggestions to make it more appealing to the eye? How should I organize my rules?

A question about PAN-240612

Hi, I have a question about PAN-240612. ===== Fixed a kernel panic caused by a third-party issue ===== What feature does this issue relate to? And what exactly is “third-party”? BR

MasaW by L2 Linker
  • 1108 Views
  • 1 replies
  • 0 Likes

Resolved! How to configure gre over ipsec?

Hello For example, some implementations require multicast traffic to be encapsulated before IPSec encrypts it. If this is a requirement for your environment and the GRE tunnel and IPSec tunnel share the same IP address, Add GRE Encapsulation when you set up the IPSec tunnel.https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/gr...

ZhouYu_0-1628158713548.png
ZhouYu_1-1628158764675.png
ZhouYu_2-1628158809447.png
ZhouYu by L2 Linker
  • 15864 Views
  • 8 replies
  • 0 Likes

Resolved! Perimeter FW in A/P HA directly connected to Palo Alto vwire in A/A HA

the basic topology is: Internet FW are non-palo alto in HA A/P directly connected (no switch in between) to a pair of Palo Alto in A/A HA -in Vwire mode (no Layer 3 on the Palo Alto but in transparent-zone) then Palo Altos in A/A HA are connected to the Core switch where the rest of the environment connects to as well. The internet FW will send ...

pa-410 lost monitor log function and ACC function

I have a PA410. After upgrading the software recently, I found that the original monitoring log has reduced a lot of functions, and even the ACC function has been lost.I checked the website information and found that this function was cancelled after 10.1.2. These are the ones I use the most and I can't even find any replacements or anything abo...

Resolved! Telemetry error - CDL Receiver Key Empty

Hi All, We have a client who all of a sudden started to receive the following telemetry error - 'CDL Receiver Key Empty' on PA-440. No changes have been made. Currently running PAN OS 10.1.2. They are not using CDL and are just sending Telemetry data to PA with a certificate. This looks like it may be a an issue on the PA backend. Can anyone cl...

BenPrice_0-1641256179346.png
Ben-Price by L4 Transporter
  • 28581 Views
  • 14 replies
  • 3 Likes

Resolved! UNABLE TO PING MANAGEMENT INTERFACE FROM LAN

I have a fairly simple network setup in my LAB Management Interface 192.168.1.1 /24 LAN Interface 192.168.100.1/24 DESKTOP IP 192.168.100.100 I have allowed all the Internal Subnet on the Management interface which is 192.168.100.0 /24 in permitted list I cannot ping the Management Interface 192.168.1.1 FROM 192.168.100.100 NO SECURITY POLICIES ...

Resolved! Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

We have just configured 2 IPSEC tunnels with a remote palo. Both sides have 2 IPSEC tunnels with tunnel monitor and DPD configured. For some odd reason, the when the primary tunnel is active and has active routes going to it, the secondary tunnel still shows active. Traffic is still flowing the way it should, I never see the traffic change to...

Resolved! NTP not working once authentication is enabled

Hi Guys, NTP was working well. But when authentication was enabled below msg is seen on the Firewall (NTP Stopped working) NTP server is a local one using IP address (not FQDN) PAN-OS Version 10.1.5-h1 All the other devices are syncing except for the Firewall. Has anyone else seen this issue? Any help would be greatly appreciated. Regards,...

paragkarki143_1-1663308368803.png
Pras by L4 Transporter
  • 13218 Views
  • 10 replies
  • 0 Likes

Resolved! TYPICAL NAT QUESTIONS

Hello,I have a web server in DMZ with private ip address 192.168.10.100/24 and I would like all the traffic from outside should come to this server. My public ip is 1.1.1.2/255.255.255.248 which will bind to 192.168.10.100To perfom this I can create a destination rule FROM TO Source Destination Destination Translation Address (Static)Untrust--&g...

Resolved! GlobalProtect expand IP Pool

We have an existing GP setup and it's working, but the IP Pool is set to a range of IPs 192.168.10.10-192.168.10.100 instead of a subnet 192.168.10.0/24. I want to either expand the range or change it to a subnet. I tested this by expanding the range to 192.168.10.5-192.168.10.150, but clients that got an address in the newly expanded range ...

SAML Immediately logs me off???

Hello -I've set up SAML and by all accounts it looks like everything is working fine. In the Monitor > System logs I see four different events: saml-client-redirect, saml-idp-activity, saml-signature-validated and finally auth-success. The issue is this:I click on "Use Single Sign-On" > (same result with/without optional Username) Continu...

Shawverr by L3 Networker
  • 4911 Views
  • 4 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels