This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Export CSR via SSH

Hello, I have created a CSR: request certificate generate country-code DE days-till-expiry 1100 email NOC@DOMAIN.COM locality BERLIN signed-by external organization MYORG ip 1.1.1.1 algorithm RSA rsa-nbits 2048 certificate-name testcert name test.domain.de Looks fine and I can also see it in the WUI. Now I would like to export it via SSH: ...

OCEDTRA by L1 Bithead
  • 4688 Views
  • 2 replies
  • 0 Likes

File blocking

I have setup file blocking object but it does not seem to stop all downloads.. (Ex.. Try to download file from cnet.com it gets blocked.. If I go to adobe and download adobe reader the setup file downloads). Also is there a way to block all files except pdf without setting up file type rules?

rmsdip3 by L1 Bithead
  • 2153 Views
  • 1 replies
  • 0 Likes

VPN implementation best practice

I have a VPN configuration and testing with my vendor during business production hours. I am new to PA, so I am just wondering if I should schedule this during a maintenance window.The VPN implementation includes:- tunnels- IP addresses- static routes- BGP routes Thanks

jac101 by L2 Linker
  • 1938 Views
  • 1 replies
  • 0 Likes

custom miner in super fast installation

Hi, I trying to install custom miner for minemeld by this instruction: https://github.com/PaloAltoNetworks/minemeld/wiki/How-To-Write-a-Simple-Miner, but path to ft directory in my instalation is different to path in instruction. And the result is that I can't commit new node, cause of prototype can't find the base class

Sergey_R by L1 Bithead
  • 2990 Views
  • 1 replies
  • 0 Likes

Resolved! VM Palo : Unable to see any traffic in traffic log under the monitoring Tab

Hi All,I have setup a VM palo on ESXi as home lab, but i can not see anything coming up under the monitoring traffic log. I tried to change the default behavior of the implicit security policy rules at the bottom to log at both start and end but still no joy.I can see the system logs but not traffic logs. Any suggestions, please most welcome. Th...

Resolved! IPSec VPN decapsulation bytes are increasing and encapsulation is constant

Hi All, Followed this article on teh troubleshooting session: https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Troubleshoot-IPSec-VPN-connectivity-issues/ta-p/59187 We currently have an issue with S2S VPN between Palo and WatchGuard Fws. VPN is up (at least from Palo site). Traffic is initiated from the WatchGuard side (10.10.1.85...

How to configure TMG's FTP over HTTP

Hello all, I'm currently migrating a TMG to Palo and have come across a rule that uses the protocol "FTP over HTTP". I'm not a TMG expert so the above is about all I know of the rule - that and what Mr Google tells me. Any idea how to configure this rule in to the Palo (the customer does not want to simply open port 80 - plus with a command and...

Resolved! Palo Alto Routing Issue (Forwarding Table)

Hello Everybody, I have several PAs for branches, we have MPLS that is connecting all our branches. We are changing our design in order to use site-to-site IPsec tunnels from each branch to the HQ. And using OSPF in our tunnel to advertise our subnets, since we are connecting one site each week, we are still advertising the subnets via BGP until...

Resolved! Monitor Traffic Searching for Dst Subnet

I frequently use the ( addr.dst in 10.211.2.94 ) query type to search traffic in the Monitor tab of the PAN gui. What if I was looking for any host in the 10.211.2.0/24 subnet? Is there way to have the equivilent of( addr.dst in 67.211.2.0/24 ) or ( addr.dst in 67.211.2.* ) or ?? Thank you.

palomed by L3 Networker
  • 3258 Views
  • 2 replies
  • 0 Likes

Outbound Web Access _Authentication

Good Morning to All – Thanks for reading! I was hoping to get some feedback from the community on how everyone handles outbound web access for their users? I have an Active Directory Domain with about 300 users. We use groups from AD on the Palo device to allow users out to the web and or external resources. The problem I have been facing using...

Resolved! LACP from Palo 3020 Active - Passive to Cisco switch

Hi AllAfter some help from the Guru's.I am trying to configure LACP between PA 3020 Active / Passive and cisco switch.I have created the AE group interface Inside with the ip address.I have added 2 interfaces to the AE Group on each FW. I have created a portchannel on the Cisco switch and put the 2 ports from the Active Palo and 2 ports from the...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks