General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Sending logs to SIEM one file per type

I am an administrator of a SIEM, for this I have usually asked the paloalto administrator to send me the logs via Syslog using port 514 to the IP of the server I administer.

 

After informing me that the process has been done, I check a specific rout

...

Error: failed to handle CUSTOM_UPDATE

HEllo,

 

I am using 5220 series firewall in 2 different DC. versions 9.0.9 and 9.1.6. When I commit on both firewalls, I get a custom_update error. After check now the dynamic updates, I commit again and the problem goes away.

Any suggestion,
Thank you K

...

Resolved! Using HA without a virtual mac possible?

Hello,

as the title says: I want to implement an HA active-passive setup on a virtualization platform that doesn't support MAC address changes on the VM side. Therefore, a newly generated virtual MAC is unfortunately not an option.

So, is there a way

...

User-ID with OpenLDAP

Hi,

I'm looking for a guide or guidelines on how to set-up User Identification with OpenLDAP. I've already set-up User-ID with Active Directory for an other customer but I fail to see how this is doable on a non-Windows machine (no PAN agent).

Any help

...

Resolved! Internet and internal network sepration via virtual router

Hello,

 

I am new to Palo Alto. I have basic question. 

 

Traditional setup I worked on my last project was as below,

 

 

VRF on cisco router for 

- Internet -0 bgp

- Production - bgp

- DMZ  - bgp

 

FW connects to all 3 VRF. Route between VRF is via

...

gondolf by L1 Bithead
  • 1779 Views
  • 4 replies
  • 0 Likes

cluster PA-5020 migrating to PA-1410

Hi Experts,

We are migrating from Cluster PA-5020 to PA-1410, I have some queries below if you guys can help me out please.

1. For platform migration(PA-5020 to PA-1410), we can just upload configuration files on the new PA-1410, just recheck physica

...

SNMP response on two interfaces? Possible?

I'm configuring NetFlow on our PA-5200. I'm collecting the data in What's Up Gold.  WUG has a limitations (it appears) that the NetFlow IP that I use for the IP address also has to be respond via SNMP on the same address.  However, the PA-5200 cannot

...

LIVEcommunity System Update - Delayed

UPDATE 11/8/23 11:43 a.m. EST:

LIVEcommunity’s System Update will be delayed. This means your use of LIVEcommunity will not be impacted this week (11/8-9), and you can proceed with business as usual.

 

Thank you again for your patience and stay tuned

...

jforsythe by Community Team Member
  • 659 Views
  • 0 replies
  • 0 Likes

Resolved! rx-bytes, tx-bytes mean

Hello everyone,

 

I wonder if the meaning of rx-bytes and tx-bytes in the "show system state browser" command represents bps or byte.

 

'rx-bytes':xxxxxxL, xxxx/s

'tx-bytes':xxxxxxL, xxxx/s

 

Thank you in advance.

 

 

Resolved! cannot find matching phase-2 tunnel for received proxy ID

Hello,

 

We have a site to site VPN setup between our PALO ALTO and a firewall of our customer that was allowing one IP. On the ipsec tunnel sec proxy-id allow local (172.18.23.61/32) and remote (172.21.88.191/32) . When we made this the VPN is enabl

...

Resolved! GlobalProtect Gateway Behind Nginx Issue

Hello everyone! My environment only has one public IPv4 so I'm trying to make the most of it. We already run a number of web services on port 80/443 behind an Nginx reverse proxy. I'm trying to add GlobalProtect to the mix. I have my portal and gatew

...

MeCJay12 by L1 Bithead
  • 1521 Views
  • 3 replies
  • 0 Likes

Feature Request: ECMP Path Monitoring

We are currently using ECMP to load balance to our two ISPs. Which works great. However since there is no path monitoring(Unless you set static routes). If something happens upstream and your peer doesn't go down the PANs will happily keep sending da

...

DHCP options and PXE boot

Hi,

 

we have just recently made a change in where we moved clients from one segment to a new one. We are using WDS for PXE boot and the WDS server (MDT 2013) is on a different segment than the clients. The Palo is our DHCP server for clients and we ha

...

tlea by L2 Linker
  • 30960 Views
  • 40 replies
  • 0 Likes
  • 23698 Posts
  • 105 Subscriptions
Top Solution Authors
Top Liked Authors
Labels