This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Global Protect Access routes for Office 356

Hi Guys, I am struggling to find a solution for one request that I have from customer. We have VM-300 with PanOS-7.1.6 and customer wants to enable Global Protect for remote access users. The tricky part is that for the split-tunneling configuration he wants all Office 365 traffic to go via the tunnel. He was provide me with a list of hosts and ...

The dreaded any

I got a health check report and according to it I have a least one any in every single rule I have on my firewall. I was just curious if anyone has been able to have at least one or more rules with no any's at all.

jdprovine by L4 Transporter
  • 9271 Views
  • 14 replies
  • 1 Likes

Resolved! Logs Retention on MineMeld

Hello, I want to change the log retention on MineMeld. It looks that the default configuration is 7 days. I was not able to find where to change this parameter. Can you please help?

Resolved! Source NAT subnet from wrong interface

Hi, So im having difficult with a source nat to Internet.. My goal is to route traffic between two vlans in my cisco 2960x switch and let palo handle the rest.. The problem is that the source net arrives to the palo on the wrong interface (well its expected..)i have zone already configuerd in the palo fw with zones, interface. Ive created a acce...

Site to Site vpn with Dhcp server at remote site

Hi, I have a site to site ipsec vpn between 2 PA devices. Lets call them Site A and Site B and at Site A I have a Cisco router acting as a dhcp server. I'm trying to have all the client at Site B get their dhcp address and scope options from the cisco router at Site A. I have the sites connected to each other and I setup a dhcp relay agent on Si...

strobins by L1 Bithead
  • 6535 Views
  • 5 replies
  • 0 Likes

Traffic steering to wrong sub interface

Tearing my hair out here so any help appreciated.This is a VM firewall, VM-300 ver 8.0.3-h4. I have created new subinterfaces for three VLANs, one of which is a guest VLAN (111) which has its own vSwitch, port group, sub-interface and zone. However, all traffic seems to be steering to the same interface (eth1/2.15). Since eth1/2 was the original...

Firewall 00 - Logs.PNG
Firewall 01 - Policies.PNG
Firewall 02 - Interfaces.PNG
Firewall 03 - Objects.PNG

is APAC an option of logging service region ?

Hi alli would just like to know what region logging service is available for ?is APAC included? and Do we have a plan for PANORAMA service on cloud. so customers dont have to have panorama on premise, instead, just pay by month for this service? thanks a lot Danny

DannyDai by L1 Bithead
  • 2066 Views
  • 1 replies
  • 0 Likes

Resolved! PA SMB deny behaviour

Hi, We have detected a atrange behaviour with SMB session. We have created a rule for blocking wannacry (SMB) sessions We can see sessions being blocked: So all sessions from trust to untrust should be blocked but we have done a tcpdump in our ISP router an we see 2017-11-21 20:01:46: 8x.x.x.x => 213.187.106.86:4452017-11-21 20:01:46: 8x.x...

Captura2.JPG
Captura3.jpg

Apply QOS for a particual Service or Server

Dear Team, we have a SFTP server behind our firewall and its nated to one of the interfaces of the firewal , we need to restrict the bandwidth to the SFTP server . when clients connects to the server for downloading files they will be restricted to use 5 mbps only or something like that. they wont be able to use full bandwidth how to implement ...

Syam83 by L0 Member
  • 2138 Views
  • 1 replies
  • 0 Likes

Resolved! The way to select authentication methods of DUO using GlobalProtect

Good day! How are you doing? I'm looking for a way to select authentication methods of DUO while I'm using Globalprotect(NOT USING Captive Portal. There are so much problems shown when user tried to authenticate) I've done test about 2 factor authentication without authentication server(but I should have a proxy server, of course) 1st authentica...

PAN-DB Cloud Connectivity Issues

Has anyone else had the issue with the firewall blocking URLs when the cloud db is not working? I have had two issues where the firewall will not allow sites that are common and catorgorized correctly in the local db because the cloud connection is not established. Todays correction was a simple DNS fix but my question is more of function. Is i...

aarronj by L0 Member
  • 2127 Views
  • 1 replies
  • 0 Likes

Show how long the VPN site-to-site tunnel is up

Hi everybody, Is there any CLI command or log that show the time of the tunel VPN (phase 1, phase 2 or both of them) is up? The commands:show vpn ike-sa gateway <gateway name>show vpn ipsec-sa tunnel <tunnel name> It shows the lifetime since the last key was negotiated, but it doesn't show the total lifetime of activity of VPN tunnel...

How to Block all countries

I am trying to make a policy on my new PA-220 and i want to block all traffic coming in from every country except the united states..I can't figure out how to do that except by blocking every country one country at a time.. Can anyone tell me if there is a block all except feature?

hill11 by L0 Member
  • 5623 Views
  • 4 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks