This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Dshield blocking generic pulls

Saw this notice on the dshield page the other day that they will be blocking generic pulls from agents if they don't have contact info in the script.  Still learning about minemeld but know dshield is one of the default miners and was just wondering

...

Resolved! Security Policies Clarity

What is the difference between pre rules and post rules  ? None of my colleagues could answer this question upto my satisfaction.Can I expect expert comments ?

cmyakal by L1 Bithead
  • 3030 Views
  • 5 replies
  • 0 Likes

Resolved! External feed URL and minemeld update URL

In our environment, there is a PA between Minemeld and the Internet, so PA access control.

 

Would you please tell me the subject URL and port number ?

(A specific external feed becomes O365 is https://paloaltonetworks.box.com/s/gndwe5rzheg1ekwplxb4m

...

qos

Hi,

After egress max set  in the following order ,

If  100 Mb is the internet speed and   through the trust link (1 GB)  traffic is going other than untrust ( internet zone ) , 

the below configuration is ok ? .

 

 

class 1 10

class 2 10

class 3 10

class 4  4

...

simsim by L4 Transporter
  • 2439 Views
  • 6 replies
  • 0 Likes

Best practice for setting up address groups

Hi

 

Newbie to PA.

 

I want to create a address group dynamic (think that might be best.  made up from a group of network addresses in each DC.

 

So for example if I have 3 DC

 

dc1 - 10.1.0.0/16

dc2 - 10.2.0.0/16

dc3 - 10.3.0.0/16

 

I could tag them with "dc_ne

...

IKE Phase 1 Timeout

IKE is failing to negoriate phase 1.  I get this timeout and then a delete. Any thoughts on the possible cause? I'm thinking

the peer is perhaps not permitting the traffic from this device perhaps at a security device in front of their tunneling firew

...

palomed by L3 Networker
  • 8242 Views
  • 8 replies
  • 0 Likes

Adding Multiple Individual IP addresses at one time.

In our environment we use tags on individual IP addresses for a few different things and then have policies in place to take those actions based on those tags.

 

Sometimes we have requests come in with a lot of indivudla IP addresses that we have to ad

...

permitir videos en vimeo.com

estimados, alguien que pueda ayudarme a permitir el acceso a vimeo.com ? al intentar ingresar a esta pagina me aparece un error de certificado ssl:

Este sitio no puede proporcionar una conexión segura

vimeo.com envió una respuesta no válida.

 

  • Intenta ej
...

iph1->ivm == NULL

Dears,

 

Since two days i am getting this message "iph1->ivm == NULL"  and all VPN with ASA on the other side is facing iKE Phase 1 time out

 

 

pan1.PNG
Ammar by L2 Linker
  • 2816 Views
  • 5 replies
  • 0 Likes

Best practice with defining Zones - how many is too many

Hi

 

So I have 3 locations (DC), Internet access , Vendor access, environment (Prod, Uat etc) and user and support users and dmz and ...

 

should each of these be a zone ???  I am thinking not, after have a bit of a play, you can't make dynamic zones fro

...

Resolved! NAT and OSPF

Hi

 

I have a PA-3060 (A-A).

 

I have a NAT lests say 

 

1.1.1.1: 443 -> 192.168.10.10:10000

 

now the PA is part of an OSPF network, how to I publish out the address 1.1.1.1

 

I was thinking of adding 1.1.1.1 to a loopback and adding to a virtual router and t

...

Upgrade to 8.0.2 bricked my PA500

So am I the lucky one to have what should have been a simple upgrade brick the firewall?

Was running 7.1.7, normal download and install 8.0.2

Firewall came up with the yellow status light.

Was able at that point to login to gui.

Found this little darling

...

gefuchs by L1 Bithead
  • 4394 Views
  • 8 replies
  • 0 Likes
  • 23591 Posts
  • 103 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks