General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 1982 Views
  • 1 replies
  • 11 Likes

Resolved! VLANs for HA links

Hi all,

 

I am configuring two PA 3060 in A/A HA across datacenter. All the HA links from a PA in a DC will be connected to the core switch. Is it possible to put all HA links, i.e., HA1, HA2, HA3, HA1-backup, HA2-backup, in a single VLAN? Or does each

...

AlbertJJ by L1 Bithead
  • 2944 Views
  • 4 replies
  • 0 Likes

User-ID Hierarchy Design

So we have our device groups laid out like this, there’s more but you get the idea. Shared > Regional > Site.

The devices are members of the Site device group, and have a master device allowing me to push User-ID rules down through Panorama. If I want

...

problem with IP helpers after migration

We're migrating from a PA-2020 to PA-3020.

PANOS 6.1.12

 

Config migration went fine. And most functionality is ok on the new device.

However our IP helpers don't work anymore. We use them on tagged subinterfaces.

All subinterfaces on one interface connec

...

dieter_b by L4 Transporter
  • 4128 Views
  • 5 replies
  • 0 Likes

User-ID inconsistancies

Hello,

 

It's not the first time that I am facing this kind of issue :

 

Context : PaloAlto FW with (multiple) userID agents in a single (or multiple) Microsoft domain and user id based security policies.

 

The User ID feature seems at a glance to be worki

...

logs.JPG

Resolved! RDP NAT connection issue?

Hi folks,

 

For test purposes, I am trying to get RDP to work going through my PA-200 OS 6.1.4 to an internal PC.

I've been following several articles like this one, but not getting it to work.

https://live.paloaltonetworks.com/t5/General-Topics/MS-RDP-N

...

RDPNAT.jpg
RDPsecurity.jpg
OMatlock by L4 Transporter
  • 3691 Views
  • 7 replies
  • 1 Likes

Resolved! NTLM authentication fails

Hi all,

 

I'm facing an issue with captive portal and NTLM.  The SSO (NTLM) fails and the users must enter the credentials via the web-form. I've attached print screens from Wireshark and the output from the userid.log:

 

PAN-OS: 8.0.1

User-ID Agent: 8.0.

...

c1.jpg
c2.jpg

No Block Page when accessing Blocked Categories over HTTPS

Hi there,

I have recently noticed that when I test access to URLs of blocked categories over HTTPS, I do not get a 'Blocked Page' display from the Palo. It just says the Page Cannot be Displayed and show the connection was reset.

 

The URL filtering log

...

Bocsa by L3 Networker
  • 5143 Views
  • 6 replies
  • 0 Likes

VM-series specsheets on different hypervisors

Hi,

 

In the feature comparison tool by Palo Alto the throughput on the VM-series firewalls is followed by an asteriks refering to environment specific datasheets. However, I was not able to find anything about the performance on Hyper-V.

 

Is there any 

...

rodvand by L2 Linker
  • 1492 Views
  • 0 replies
  • 0 Likes

Resolved! Where can I obtain rsyslog-minemeld?

Hi, I recently deployed an ansible built version of minemeld on Centos. However it does not appear to include rsyslog-minemeld? Is that still required to use the syslog analyzer node? If so, where can I obtain a rpm version of it?

calvinc by L0 Member
  • 2967 Views
  • 1 replies
  • 0 Likes

Performance of MineMeld

Hi, how well does MineMeld perform when using the syslog analyzer node to perform matching of PA syslog traffic and threat messages against threatlists indicators? For example, if PA is fowarding approx 1- 2 GB/hour of syslog messages, what specs sho

...

calvinc by L0 Member
  • 1973 Views
  • 0 replies
  • 0 Likes

Question about vlans/Router on a stick.

I'm looking to configure a Palo as a router on a stick for a site to replace a decrepid Cisco 1811r router. The only printed information I can find is a 4.x document with pretty dissimilar UI images.

 

I've configured mutliple subinterfaces underneath

...

Panorama and Scan Type threats

Anyone know if Panorama is supposed to show Scan type threats in the Threats or Unified views under Monitoring?  I'm investigating why some of our Autodesk software on campus is having problems reaching the licensing server... Panorama didn't show an

...

jsalmans by L4 Transporter
  • 2194 Views
  • 4 replies
  • 0 Likes
Top Liked Authors