General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Single vWire to Multi vSys

Hello, I wonder if someone can help - I currently have a firewall deployed in a vWire configuration, however the requirements for the site are changing and we now need to utilise the Multi-vSys feature.I've had a look but can't see any information that specifically states whether or not when this license is applied and Multi-vSys is enabled, whe...

lscott01 by L0 Member
  • 4398 Views
  • 2 replies
  • 0 Likes

Resolved! Troubleshooting Slowness with Traffic, Management

Hi, I am reconfiguring my PA-100 VM, as i am changing the network design, but after i changed the interfaces IP, Router configuraattion, NAT policy, and security policy. I cannot get to internet and in monitroing end reason is "aged-out" From CLI i can ping and traceroute using the management and external interface as source, but i cannot use my...

GWASSEF by L1 Bithead
  • 8984 Views
  • 6 replies
  • 0 Likes

Resolved! How to create IPSec VPN tunnel between two Palo Alto 200 firewalls?

Hi folks, I went and bought another used PA 200 from Ebay to go along with my existing one to test my first IPSec VPN connection.Neither have a support or threat license at all and not registered.PA 200 #1 has PANOS 7.0.5-H2 and PA 200 #2 has PANOS 7.1.9. I am using PA administrator's guides and other material to create an IPSec Tunnel, but stil...

OMatlock by L4 Transporter
  • 17212 Views
  • 19 replies
  • 1 Likes

Resolved! How to create an internal type NAT?

Hello folks, Not sure if my question is worded just right, but here goes. 🙂 We have a partner company that has a Juniper NAT type of device plugged into our PA 3020 that does a NAT to a server in there environment, which we communicate with fine using the 10.1.5.x network.I am being asked to do something similar on our side. Today they are abl...

PANAT.jpg
OMatlock by L4 Transporter
  • 4654 Views
  • 6 replies
  • 0 Likes

Resolved! Advertise/Redistribute iBGP routes/prefixes to eBGP neighbours.

Hi All, Guys don't judge me, but l have a very little knowledge about the BGP process (iBGP and eBGP) and looking for assistance.Watched a nice video on youtube on how to advertise eBGP learned routes by iBGP peer to other iBGP peers using route reflector technic: https://www.youtube.com/watch?v=yaMUq6WTUTc This part is clear. We have a PA conne...

Hands on Palo Alto practice

Hey Guys, I'm looking for a place I can practice using a PA firewall without actually purchasing one. Are there any rentals like INE's rack rentals for other technologies?

Willjdm by L0 Member
  • 3561 Views
  • 2 replies
  • 0 Likes

Resolved! push the commit on one member of the cluster only?

Hello,To test the link monitoring of the high-availability, i want to shut one interface on the active member.I set up the interface at down but i do not find how to do the commit on the active member only.Is there a solution to push the commit on one member of the cluster only?Thanks for your help.

pmartyn by L1 Bithead
  • 4407 Views
  • 5 replies
  • 0 Likes

U Turn NAT from External to Internal with FQDN Object

I know how to create a standard U-Turn NAT from outside to inside and that works fine as long as the INTERNAL object is an IP Netmask address. On the NAT Policy Rule the Original Packet is a static IP on my external facing range. The Translated Packet needs to point to a device that will have a dynamic IP. This is a mobile cart that can trave...

TNaami by L1 Bithead
  • 2950 Views
  • 1 replies
  • 0 Likes

GlobalProtect Certificate Profile not on Gateway and Portal

Is there any specific why someone would configured a certificate profille only on a GP Gateway and not on a GP Portal (or vice versa)? In tutorials or videos, I've always seen it configured on both, but on some networks I've seen people only configure on one of them

ce1028 by L4 Transporter
  • 2201 Views
  • 2 replies
  • 0 Likes

Resolved! Policy behaviour change

Hello, We know that policy behaviour changed from version PAN-OS 7.1 as per the link below. https://live.paloaltonetworks.com/t5/Configuration-Articles/PAN-OS-7-1-Policy-behavior-change-application-default/ta-p/75664 However, we upgraded from 8.0.0 or 8.0.2 to 8.0.4 and noticed that it was not enforced in 8.0.0/8.0.2. Was there still a bug/issue...

Farzana by L4 Transporter
  • 2576 Views
  • 2 replies
  • 0 Likes

Traffic for frontapp.com getting blocked

Hello, We need some assistance in allowing URL: https://frontapp.com through our FW. It is hitting the interzone-default policy and getting blocked. We made sure the category: computer-and-internet-info is allowed. Also, tried adding *.frontapp.com in the Allow list of URL filtering profile and added the application 'front' from the application ...

Policy.jpg
LogView.jpg
Deny-Traffic.jpg
Farzana by L4 Transporter
  • 2548 Views
  • 1 replies
  • 0 Likes

Raw log file extraction

Hi All , Can anyone tell how to extract old the log files from CLI , is there any dirctory to reach which contains log file please provide us the path .

Himarya by L1 Bithead
  • 6810 Views
  • 5 replies
  • 0 Likes

SNMP problem

Hi everyone I have a palo alto device with snmp configuration to send snmp packets when something happen (for example when an interface is down or up), the problem is when an interface is down the snmp server does not see snmp packets and if I make a packet capture I only see the next My palo alto device is 10.19.160.205 and the snmp server is...

snmp.png
SergioHV by L0 Member
  • 2514 Views
  • 1 replies
  • 0 Likes

How to deploy CA Palo Alto for non-join Domain!

Dear All, we have done to install PALO ALTO 3020 on our network, but I have a problem as follows.Now I have minimum 150 PCs not join the domain, and we need to deploy the CA for all of them by the automatid way!!! everyone from this PCs has a User Name on Active Directory Thanks

MOsama by L1 Bithead
  • 5058 Views
  • 7 replies
  • 0 Likes

Multi Rule Edit

Is there a tool out there to perform multiple rule edits? OR am I forced to do a "find & replace" method by copying CLI? In this case, I'm trying to enable log session at end for all rules.

nicford by L2 Linker
  • 2736 Views
  • 2 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels