General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 420 Views
  • 0 replies
  • 2 Likes

Check patchs installed HIP

Hi,

 

We configured the HIP module in Palo Alto but is not able to detect patches installed on Global Protect clients sometimes.
There are clients, connected to the VPN GP that if it is able to see the patches, in contrast there are others that does not

...

patch.JPG

How to find source of high open sessions and/or throughput

If your Palo Alto firewall is experiencing an unusually high OPEN session count, and/or high throughput, what is the best way to determine the source or destination at the same time of the event?

 

We have most of our security rules set to log at ses

...

jambulo by L4 Transporter
  • 6476 Views
  • 5 replies
  • 0 Likes

Resolved! web access for local administrators

We have our web access rules setup to match up with AD groups, so if you’re not in an web access AD group then you can’t get on the internet.

 

The issue our PC support guys have is when they log into a PC or laptop as a local administrator they will n

...

Link Failure - Syslog

Hey all!

 

I have a PA-3020, eth1/1 and eth1/2 are an aggregate (ae1).

 

on the switch, it's a Port-channel.

 

I want to be informed when one of both interfaces is down.

 

So I set up a syslog server and all system logs are forwarded.

 

For testing purposes, I

...

MPI-AE by L4 Transporter
  • 1679 Views
  • 1 replies
  • 0 Likes

How to combat VPN’s that use spoofed SNI?

Hi all,

 

My environment has a large fleet of iPads in an educational institution. We have restricted internet (no social media and so on) so the students spend time finding ways around it. We thought that bringing the PA unit in and enabling decryptio

...

stuart.l by L2 Linker
  • 3604 Views
  • 1 replies
  • 0 Likes

Resolved! arp issue with PA Active/Active

Hi

 

 

2 PA-3060's, setup in Active / active

I have a vlan 213 with 10.172.213.0/24 assigned to it

I have .2 and .3 assigned to the PA's and .1 assigned as a HA Virtual ip .

 

I also have 3 virtual machines, app1 app2 app3.

 

app1 and app3 can arp 10.172.213.

...

Suspicious Packet with MAC address all zeros

Hi All,

 

I monitor networks for my client, recently I discovered some suspicious outbound traffic from internal to a known malicious host, although the packet was dropped on the PA. the logs I have showing that the packet's source IP as the internet's

...

sum0831 by L1 Bithead
  • 5168 Views
  • 3 replies
  • 0 Likes

Resolved! Blocking All Internet Traffic from certain PCs

I have several older machines (XP) that are used for special purposes that cannot be be upgraded. Even the hardware cannot be upgraded or replaced (running on old dell dimenion desktops).  These machines do not need access to the internet but they ar

...

jharlow by L3 Networker
  • 6754 Views
  • 13 replies
  • 0 Likes

Setting Up MS DirectAccess

Trying to configure DireectAccess (Windows Server) to work but I believe it is failing due to the Palo Alto. I created a custom application and application override for the ports needed but still failing. Per a Microsoft Document, "the firewall has t

...

jharlow by L3 Networker
  • 3358 Views
  • 3 replies
  • 0 Likes

Resolved! Seperate Internet Connections

Hi

First time here, so after some advice.

We have a Palo Alto 3020 providing internet access and DMZ, all is running fine.

I have to order another internet circuit, which is the best way to connect / configure this?

 

1. Create an LACP port channel on the

...

Resolved! Subordinate CA creation for SSL Decryption

Hello,

   I am attempting to set up SSL Decryption on a new firewall and trying to create a Subordinate CA with our internal Microsoft Certificate Services.  I am in the process of generating the CSR on the PA, but I am a little confused on what the C

...

Virtual Wire + vPC

I’m considering the following  ( Active / Passive Virtual Wire + vPC ) configuration in my primary Datacetner. I really don’t want to lose the current vPC redundancy that I have in place today. Today I can cut, unplug, power off, kick, shutdown, and

...

thaubein by L0 Member
  • 2235 Views
  • 3 replies
  • 0 Likes

Setting up Policy to allow all access to a squid proxy

Hi

 

Still a beginer with the PA.

 

I have a universal rule that allows from 

any zone 

my internal ip address

 

to 

ip address group that has by proxy addresses in it.

 

For applicaiton I have 

http-proxy - this covers a lot of ports

default urls

 

 

from my test  

...

Double NAT

Hi!
we have a couple of customer who use paloalto firewalls. We have always problem to connect two accesses through NAT via paloalto. We usually use cisco meraki and the communicate on the higher port numbers. It always work when we have one site that

...

majo44 by L0 Member
  • 2466 Views
  • 1 replies
  • 0 Likes
  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
Labels