General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

PAN-OS

Name a version of PAN-OS that does not have a vulnerability. Ya that would be great

App-ID confusion and blocking spotify

Hello, I'm trying to work on a request to totally block Spotify on our network for 1 host (could be more in the future) and I thought App-ID would be the best option for this but since it depends on SSL and web browsing it's dropping all traffic when I add those dependencies; which I figured it would. When I just have Spotify in the application...

cruz77 by L1 Bithead
  • 9930 Views
  • 5 replies
  • 0 Likes

Resolved! Spotify traffic showing up as an incomplete application

I have to allow certain streaming music apps (Spotify, Pandora, etc.) though my PA and I've been trying to see how that bandwidth looks like first before I allow it and throw it in a QoS ploicy for the rest of my company. I created a rule to allow the Spotify application outbound for just myself and created QoS policy on the PA that would limit ...

Globalprotect auth certificate profile

Hi, Question on global protect authentication certificate profiles. On our gateways, I've had a certificate profile configured to prevent non-company devices from connecting. Has worked great, no real issues. However, this was only configured on the gateway, no the portal authentication. I'm trying to resolve an issue where bad actors ar...

Resolved! Palo Alto VM GCP not using ssh key and forcing password authentication

I have tried multiple BYOL images in Google Cloud and re-generate SSH keys. It keeps asking to authenticate the admin user with no known passwords. It's ignoring the keys I guess. Is there something missing from my config when I deploy via Terraform? ebug1: Found key in /Users/arthurgreenwald/.ssh/known_hosts:1 debug3: send packet: type ...

IPsec to Azure with a DHCP WAN IP + SDWAN + GlobalProtect

I tried to go down this rabbit hole once with no success. The IPsec tunnel to Azure should be fairly easy, it's what I already have configured that complicates it... I currently have a PA-220 with (2) WAN connections [both DHCP] and currently using SD-WAN. Currently running PANOS- 10.1.8 I have a GlobalProtect portal/gateway running on 1 of...

Resolved! Starlink Failover: Fast Download Almost NO Upload Speed

I have a weird problem setting up Starlink as a failover ISP. Download speed is blazing fast, but upload speed through the NGF is almost non-existent, 0-1 mbps. When I connect to the Starlink router directly, I get download speeds of 50bmps so I know it's not the ISP's fault. A troubleshooting ping test from the PA NGF web GUI, yields 50-...

Migrating from PA-5250 to PA-5410

Hello folks, i need to migrate from PA-5250 to PA-5410, the old devices are managed via panorama using stack and stack template, the new devices are reachable with no configuration other than the management. What is the best way to move the configuration from the PA-5250 to the new PA-5410 with less effort? Can i just add the 5410 in the exist...

PA.jpg
MAerre by L2 Linker
  • 7206 Views
  • 11 replies
  • 0 Likes

Captive Portal SSO browser-challenge issue

Hi, We would like to deploy captive portal instead of using userid. We would also configure it so that the user does not have to login or get a login page. However, the browser-challenge seems to fail and then the user gets redirected to the default web form. Is it even possible to configure captive portal to authenticate the user without ...

rbrainar by L0 Member
  • 1026 Views
  • 1 replies
  • 0 Likes

Doubt configuration HA Paloalto-Aruba

Hello to all I have a pair of FW PA-460 active-passive. When we perform Failover I lose 40 seconds the network to the internet. i have only HA1 connected on a pair of SW aruba. I suspect it may be an Aruba or Paloalto configuration issue. Any idea? Best regards.

Alpalo by L4 Transporter
  • 4171 Views
  • 6 replies
  • 0 Likes

Resolved! mail and dns server

Hello friends , I am runnng pv-vm on kvm , which has no license presently ,(version 9.0.4) baiscally this setup is understand palo alto firewall i have domain /fqdn (want to run all a mx ns server to run locally ) i have setup a web ,mail and ftp and dns server ,web server and ftp server working but need some help/understanting on mail and d...

shrikant by L2 Linker
  • 4081 Views
  • 5 replies
  • 0 Likes

Meraki behind PA - Unfriedly NAT

Hello community, another person with the problem. I know, I know. Finding a solution to this problem is obviously not easy. I have a problem with a Meraki cluster behind a PA cluster.The problem is the familiar “Unfriendly NAT”.I just can't figure out how to configure the PA so that it works. Countless articles on the internet don't help eit...

Resolved! Internet Bandwidth comsumed, who?

Hello Team, Firstly, thank you all for your cooperation. I have an issue that is I have my internet connection fully utilized most of the time. is there a way or work arround to find out which host IP is utilizing the bandwidth, knowing that I am not running the SD-Wan. software version 11.1.2-h3 TIA,

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels