General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! TEST VM-500 on ESXi Deployment

Dear Community, I hope you are doing alright.We are in process of renewing our firewalls and I would like to test-deploy latest version of the Palo Alto VM-Series 500 on VMware vSphere Hypervisor (ESXi). Could you please let me know how I can the following?Obtain the OVA packages needed for deploymentObtain a test license for PA's trial periodWh...

Resolved! PA cluster certificate missing

Hi, We have two devices in HA, we realized that active node has a certificate (captive portal) but the passive not. The configs are synchronized but the passive doesnt have this certificate. We tried to export this certificate from node active and import in node passive, the proccess is done properly but the certificate is not showed. Why the pa...

Resolved! ROBOT attack - some advice needed

Hello According to https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/PAN-OS-exposure-to-ROBOT-attack/ta-p/192397For complete protection, signature #38407 must be applied upstream from any interfaces implementing SSL Decryption, or hosting a GlobalProtect portal or a GlobalProtect gateway. I have 760 content update applied. I try...

_slv_ by L4 Transporter
  • 8639 Views
  • 5 replies
  • 0 Likes

Edge Firewall Design

I am trying to design the edge firewall and core network currently and I have a core Layer not in a "stack" or "VSS" so they are independent Core switches. They are doing the routing to the private WAN, and will be doing the routing to the Edge Firewalls. ECMP requires a dynamic routing protocol which usually you wouldn't run on an edge firewall...

UserID and VPN

Is it necessary to have userid enabled on the VPN zone interfaces to see the userids?

jdprovine by L4 Transporter
  • 3946 Views
  • 8 replies
  • 0 Likes

Trust and Untrust on same interface

I am pretty new to the Palo Alto's so I have a questions that will be pretty easy to answer. I am setting up a PA-820 in Virtual Wire and we have both Trusted and Untrusted networks on the same interface from the router. The External interface is the route to the internet but is also the route to all our branches through GRE Tunnels. What woul...

Resolved! 'Certificate for Secure Syslog' option in PAN-OS 7.1.X ?

Hi, Good day. I'm testing about Syslog setting using SSL in PAN-OS 7.1.14 environment. Under 7.0.X, when I created a certificate, then I clicked it, I can see an option 'Certificate for Secure Syslog'In PAN-OS 7.1.X, however, when I generate a certificate or import it which is created by not encrypted,I couldn't find any option for that. Firs...

syslog01.PNG
syslog02.png

Default cursor location on GlobalProtect iOS login

Is there a place to report issues? On GlobalProtect forIOS, you can save your default username for your VPN, and the app pre-populates the field, however it leaves the cursor in the username field. It should, however, start in the password field. It would save users that extra click/tap ever single time they log on. Small thing but would certain...

wseguin by L0 Member
  • 3132 Views
  • 3 replies
  • 0 Likes

Resolved! Does globalprotect detect roaming between networks?

Dear Community, I´d like to check with you regarding the following globalprotect scenario: I´m connected with my laptop to the LTE mobile network to be outside and I´m connected to the external gateway, when I connect to the wifi network... Is it possible that the agent will detect this change and automatically connect to the internal gateway o...

Carracido by L4 Transporter
  • 3878 Views
  • 2 replies
  • 0 Likes

Failover IPsec VPN with Dual ISP

There are serveral resource available for Dual ISP and with Failover VPN on Live community such as https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-a-Palo-Alto-Networks-Firewall-with-Dual-ISPs/ta-p/59774 . But here are still lake of of some information in documents, example partner IP address for VPN tunnel, IP Monito...

Ch.Ratha by L1 Bithead
  • 11881 Views
  • 5 replies
  • 0 Likes

Resolved! Determine IPSec tunnel performance?

Hi folks, We have several IPSec tunnels, but only one is complaining of poor performance using a specific application that the tunnel is meant for. Management asking for firewall stats to prove if it is related to IPSec tunnel/firewall performance issue or not. I am following this article and see the first twenty ports, but do not know which on...

OMatlock by L4 Transporter
  • 11210 Views
  • 5 replies
  • 0 Likes

Resolved! PA-7000 Not passing syslog traffic to Tufin

Hi All, We have a PA-7000 (7.1) and Tufin (for syslog). The system was previously setup to forward syslog traffic to Tufin. Then all of a sudden, Tufin wasn't receiving any traffic. What I have done so far: Went through the saved configurations to see when the syslog config was changed.From the saved configs, I could not see anything that was ch...

Multiple overlapping IP customers behind IPSEC tunnels

Hello, I have two customers with the same IP subnet, both behind separate IPSEC tunnels to my London hub (image attached, apologize for poor quality). Is it possible they can connect to my hub without any NAT on their side ? I've done a hack I don't like it works. By enabling ECMP and 'symmetric return' option the traffic is flowing from both cu...

IMG_6826.JPG
kefiras by L1 Bithead
  • 4987 Views
  • 3 replies
  • 0 Likes
  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels