General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Rule matching: left-to-right question, unexpected output in traffic log

On PA5050 running 7.1.5, in the monitor:traffic logs section, traffic that matches interzone default rule shows up as matching the first rule in the list. The first rule is configured like so:source zone: any, source address: any, user: any, destination zone: any, destination address: any, application: I picked one that is not in-use e.g. 'doc...

Shanef by L0 Member
  • 7037 Views
  • 1 replies
  • 0 Likes

Adding a Proxy ID member to IPSec Tunnel

I added a single host to an existing tunnel. Does the phase 1 portion of the tunnel need to be restarted to take effect? After I added the new proxy-id 39 - if I run show vpn flow - I see that portion of the tunnel is in "init" phase while all others are active. I tried tunning "test vpn ipsec-sa .." for that specific phase 2 instance but it's s...

palomed by L3 Networker
  • 2921 Views
  • 2 replies
  • 0 Likes

Resolved! Differentiate GP portal login(not client login) vs MGMT login

Has anyone run across issues where Radius server is having difficulty in identifying if it's a management login vs GP portal login. We are having a hard time to identify the difference, when we use Clear pass as our radius server. Little Background: A user(valid admin) uses his creds to login to the GUI. PA uses its mgmt interface to send cre...

SuryaR by L3 Networker
  • 4939 Views
  • 6 replies
  • 0 Likes

Resolved! Unable to downgrade PA 5220 to 7.1.x series

Dear All, When I tried to downgrade the firmware version to 7.1.x in 5220 with 5000 series os, It throws an error and from the software upgrade column, I don't see 7.1.x populated in the list. Could you please let me know whether PA 5220 supports 7.1.x OS Platform. Regards, Dinesh

Meruva by L0 Member
  • 3745 Views
  • 4 replies
  • 0 Likes

Upgrade secondary PA

i have done this in the past to save time but I was interesting in hearing what the community has to say about and if anyone else has done thisI usually upgrade my secondary PA the afternoon before I do the primary ithe next morning and they are in a mismatched state for 12 hours. I am now going to do an upgrade from 7.0.12 to 7.1.0 and then to ...

jdprovine by L4 Transporter
  • 5207 Views
  • 10 replies
  • 0 Likes

Resolved! High DataPlane CPU at PanOS 7.1.9

Hi everybody I have upgraded a Pa-3050 from 7.1.8 to 7.1.9, all seems to be OK but the DataPlane CPU is above 90% Management CPU 16%Data Plane CPU 95%Session Count 37023 / 524286 I noticied if the session count is lower, the CPU also decrease , but this behaviour didn't happens in the previous release. Do anybody knows if there is a problem with...

SOC_CSG by L4 Transporter
  • 9005 Views
  • 8 replies
  • 0 Likes

DNS Sinkhole and Honeypot to Record URLs accessed

We've set up DNS sinkhole and it works as expected. We're able to find out which IP addresses tried to access malious sites. However, we won't be able to see the URLs these IPs were trying to access. We're thinking of building a honeypot (or maybe something else) to accept access requests from these IPs and set the sinkhole IP addrss to this mac...

Global Protect Internal Gateway- Prompt a user with remaining login/lifetime.

We are planning to use Global Protect to learn user-ip-mappings. Straight forward Internal Gateway/s Architecture with 2-FA.User Logins to the portal(LDAP) and 2FA prompt, a succesful login will update the ip-user-mapping on the firewall. However, In the early testing stages found out that GP-Client/Agent doesnt give a 2FA prompt once the sessi...

SuryaR by L3 Networker
  • 2289 Views
  • 1 replies
  • 0 Likes

Resolved! 8.x UserID Agent - Two installers

Why does the 8.x user agent install have two different installers. Can somebody explain the purpose of the two? In the case of the latest version I see: UaCredInstall64-8.0.2-20.msiUaInstall-8.0.2-20.msi Thanks!

bbilut by L3 Networker
  • 8465 Views
  • 1 replies
  • 3 Likes

PA-200 and PANOS Version 8

Hello everyone, A few days ago I was testing version 8 with a few PA-200s that we have in our lab, tested new features mostly with user credential Submission. I found that the performance of the devices were impacted (Data Plane CPU was around 70%-95%) only having one or two devices connected to it, is there any advise of using version 8.0.x f...

Resolved! DUO MFA Issues

I am trying to test the DUO MFA and have followed the instructions in the youtube video, and in the admin guide. I can reach the https site under normal circumstances and I can see traffic in the traffic logs. As soon as I enable the authentication policy, the site cannot be reached, no new traffic logs are generated, and no authentication logs ...

PF by L1 Bithead
  • 2914 Views
  • 1 replies
  • 0 Likes

Resolved! HA pair App and Threat sync to peer question.

Hi All, Apps and threats on the currently active box are set to download and install, on the passive to download only. Active box received and installed new updates. Will that automatically be synced to the passive? If we have a revert scenario where the Passive device has its apps and threats configuration to download and install, but the Acti...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels