General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

What's the difference between each of Export (backup) options?

Hi all.Under the Device > Operations > Configuration Management section, there are three export options available:1. Export named configuration snapshot2. Export configuration version3. Export device state What's the difference between the three options?In what type of scenarios would you use each option? Thanks.Daniel

Resolved! Ping through PBF Policy intermittently dying

I think this might be related to DoS protection somehow, but I can't find anything being blocked in any of the logs. I'm sure I'm not looking in the right spot, though. We have a normal Internet gateway (default route), and a separate point-to-point connection to a SIP provider. I have a PBF Policy in place that forwards VoIP traffic through th...

fjwcash by L4 Transporter
  • 3883 Views
  • 2 replies
  • 0 Likes

Resolved! Can't set management interface network settings on 8.0 ESX VM

Hi, I have configured the management interface by logging in to the VM and going into configure mode and executing:set deviceconfig system ip-address 172.18.11.205 netmask 255.255.255.224set deviceconfig system default-gateway 172.18.11.193and thencommit I've tried to ping the default gateway but it fails. Also, I do a "show interface managemen...

rcompton by L0 Member
  • 5029 Views
  • 3 replies
  • 0 Likes

Resolved! Incomplete traffic: custom appID and QoS

Hi, I have traffic generated by Solarwinds NetPath probes that is tagged by the firewall as "incomplete". I run a packet trace, and after the handshake, there are only TCP-keep-alive packets. I'd like to prioritize this traffic in QoS, currently I'm seeing high latency on NetPath at our busiest sites, and I'm thinking this may be because of QoS...

Sophos Central firewall rules question

My company is trying to implement Sophos central throughout our network.All clients need the access listed in the article below. https://community.sophos.com/kb/en-us/121936 Currently Sophos central doesn't support the proxy solution we use. what is the best way to allow access through our Palo? Is it url filtering or a custom application?

njuttner by L1 Bithead
  • 8459 Views
  • 8 replies
  • 0 Likes

Resolved! Decryption Policy Rule - Profile is None

With my new employer I'm managing a 3050 unit with a couple of Decryption Policy Rules which are configured to decrypt using SSL Forward Proxy. The Decryption Profile under Options is set to None. I can't find what the behaviour is when the decryption profile is set to None.I appreciate any help.Jeff

Resolved! Content update 709 revoked?

All firewalls automatically downgraded content version from 709 to 708. Was 709 revoked? Anybody else having the same behavior?

Anon1 by L4 Transporter
  • 7095 Views
  • 8 replies
  • 0 Likes

GlobalProtect commit fail on PAN-OS 7.0

help me please.config ip pool for client access but commit failcommit log messageOperation CommitResult FailedDetailsmissing ip pool from both dynamic ip pool and authentication server ip pool for config 'default' in gateway GP-Gateway (tunnel GP-Gateway-N)(Module: rasmgr)Commit failedrasmgr log message2015-07-10 17:52:29.746 +0700 rasmgr: rasmg...

Dent by L1 Bithead
  • 6450 Views
  • 5 replies
  • 0 Likes

Detalied url log

Hi all!i'm new in this community and we have put in work 2 PA-3020.I configured ELK for log forwarding.i've search every log and i couldn't find a filed with the url theat a user is visiting. Is there a way to achieve that.Example! Now i'm writing from this url: https://live.paloaltonetworks.com/t5/forums/postpage/choose-node/true/interaction-st...

Matteo by L1 Bithead
  • 3779 Views
  • 3 replies
  • 0 Likes

Internal traffic is hitting in the isp firewall

Palo alto is perimeter to customer which is connected to isp firewall.Internal subnet traffics which are not allowed in isp/ untrust interface are hitted in isp firewall.Routing is proper. ARP is proper in isp interface( only next hop arp is there)Implicit deny policy blocking the interzone traffic trust to untrust.We don't have any clue how our...

Resolved! MP utilization high after the HA failover to primary

When Secondary Firewall became active, management plane utilization is not more than 10% for over months.Last week manual failover made, Primary is active now. MP utilization is above 60% all the time. All the configurations are same as it's in HA. Both firewall has 10+ unused FQDN objects and FQDN refresh happening for every 30 seconds eventhou...

  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels