General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Exposing Videoconference - "Incomplete" traffic allowed

Hi allI have tried to expose Videoconference system behind Palo Alto.Unfortunately using App ID in security policy I have seen Palo Alto allows a lot of "incomplete" traffic.That's really an issue: When enabling h.323 in security Policy App id engine starts to allows every port in order to find something related to this protocol and obviously yo...

TheRealDiz by L4 Transporter
  • 10970 Views
  • 14 replies
  • 0 Likes

BFD Dropping During Firewall Failover

Having an issue with BFD. I have BFD configured between the Palo Alto and a couple of routers (BFD Single Hop). When a firewall failover occurs, this causes the BFD peering to drop and come back. I would not anticipate this to happen. This causes a unicast path between multihop BFD peers to drop in turn causing multihop BGP peerings to drop as w...

Resolved! Management Interface traffic logs

Hi guys,Is there a way to see traffic logs of management traffic? I'm trying to troubleshoot user-id redistribution source from the management interface.ThanksNetWorkZeus

Resolved! Customizing Prototypes in Office365

I note that Office 365 recently updated the URL definitions to include microsoft Teams etc. Has anyone customized the prototypes to support this change ? https://support.office.com/en-gb/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2 Drew.

Resolved! Panorama shows FW as disconnected after App and Threats Update

So I got the mail today about the certificate which is about to expire.I installed App protection 694-4000 on the Panorama as described .After the reboot I no longer have communication between my 2 PA-2050 boxes and Panorama. The log is no longer updated and it shows the 2 boxes "Device State" as Disconnected. I currently run 7.0.10 on all devic...

Resolved! DNAT issues into servers with teamed nic's ?

DNAT issues into servers with teamed nic's ?Anyone seen issues with this before ? I literally can't DNAT into servers with teamed nic's.. I'm going to run a wireshark capture on the server to see what is going on..

mpgioia by L3 Networker
  • 11311 Views
  • 18 replies
  • 0 Likes

PA upgrade problems

Hi, we have a cluster with PANOS 7.0.6, we want to upgrade to 7.1.8. In a similiar upgrading path we were affected for a bug related to VPN, which was applying when you jump to 7.1.0 an then 7.1.8. So we would need to jump directly to 7.1.8. On the another hand, when we have upgraded others cluster A/P, downloading version 7.1.0 and 7.1.8 and j...

Qos question

Hi,Let's say user wathing youtube , to limit the user's traffic ,do we need to create qos profile for upload and download ?Thanks

simsim by L4 Transporter
  • 6636 Views
  • 10 replies
  • 0 Likes

PA-200 FYI

I haven't seen this mentioned so I thought I would put it out there quick. Palo Alto has identified an issue with PA-200 units with the serial numbers ange 001606044723 to 001606075266 that have SSDs that do not meet their standards. If you have an effected unit you can get it replaced by following the steps at the below link. https://support....

BPry by Cyber Elite
  • 6562 Views
  • 1 replies
  • 2 Likes

Forward segments exceeding TCP content inspection queue

Hi, On a new PA-3020 Firewallcluster I decided to disable the default setting "Forward segments exceeding TCP content inspection queue". Practically everything was working as it should. But onfortunately the devil is in the details. I had very few connections, specially http downloads, which where causing problems. Sometimes the same download wa...

Remo by L7 Applicator
  • 18768 Views
  • 7 replies
  • 0 Likes

Resolved! Virtual Firewall

Dear All,is it possible to make a Local Virtual Firewall using Hyper V or Vmware for the purpose of learning the functionalities of the Virtual Firewall ?

Resolved! Can't join Windows Updates server, application "not applicable"

Hi ! I'm trying to connect the server to the Internet in order to download and to install updates. My server is a Windows Server 2016, so i'm trying to reach Windows Updates servers. In order to do that, I created a rule in the firewall : The address group contain theses addresses : To verifiy that my server can reach Windows Update server, ...

Regle SRVACD WU.PNG
adresse.PNG
Log.PNG
Srv - WU not applicable trame.PNG

Adding a section title to a group of rules

Hello,is there a way of adding a title/header to a group of rules in order to create some logical structure/grouping in the rule set?In Checkpoint this is possible and we find that it helps keeping a big ruleset organised.Thank you.

NicPezzi by L0 Member
  • 3679 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels