General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Best practice for setting up address groups

Hi Newbie to PA. I want to create a address group dynamic (think that might be best. made up from a group of network addresses in each DC. So for example if I have 3 DC dc1 - 10.1.0.0/16dc2 - 10.2.0.0/16dc3 - 10.3.0.0/16 I could tag them with "dc_network" Looking at dc3 I could make that a dynamic group say 10.3.1.0/2410.3.10.0/2410.3.100.0/24...

IKE Phase 1 Timeout

IKE is failing to negoriate phase 1. I get this timeout and then a delete. Any thoughts on the possible cause? I'm thinkingthe peer is perhaps not permitting the traffic from this device perhaps at a security device in front of their tunneling firewall (ASA). ? May 11th 2017, 10:39:04.000 <14>May 11 10:39:04 172.19.5.38 prdfw100-pri.inter...

palomed by L3 Networker
  • 15332 Views
  • 8 replies
  • 0 Likes

Adding Multiple Individual IP addresses at one time.

In our environment we use tags on individual IP addresses for a few different things and then have policies in place to take those actions based on those tags. Sometimes we have requests come in with a lot of indivudla IP addresses that we have to add and tag in multiple VSYS's. This is tedious and time consuming because the only way I know how ...

permitir videos en vimeo.com

estimados, alguien que pueda ayudarme a permitir el acceso a vimeo.com ? al intentar ingresar a esta pagina me aparece un error de certificado ssl:Este sitio no puede proporcionar una conexión seguravimeo.com envió una respuesta no válida. Intenta ejecutar el Diagnóstico de red de Windows.ERR_SSL_PROTOCOL_ERROR

iph1->ivm == NULL

Dears, Since two days i am getting this message "iph1->ivm == NULL" and all VPN with ASA on the other side is facing iKE Phase 1 time out

pan1.PNG
Ammar by L2 Linker
  • 3928 Views
  • 5 replies
  • 0 Likes

Best practice with defining Zones - how many is too many

Hi So I have 3 locations (DC), Internet access , Vendor access, environment (Prod, Uat etc) and user and support users and dmz and ... should each of these be a zone ??? I am thinking not, after have a bit of a play, you can't make dynamic zones from tags. So I am thinking zone_internet - where the interface talks to the internetzone_vendor - w...

Resolved! NAT and OSPF

Hi I have a PA-3060 (A-A). I have a NAT lests say 1.1.1.1: 443 -> 192.168.10.10:10000 now the PA is part of an OSPF network, how to I publish out the address 1.1.1.1 I was thinking of adding 1.1.1.1 to a loopback and adding to a virtual router and then adding the interface to OSPF. I read that I need a policy for src address: port -> 192....

Upgrade to 8.0.2 bricked my PA500

So am I the lucky one to have what should have been a simple upgrade brick the firewall?Was running 7.1.7, normal download and install 8.0.2Firewall came up with the yellow status light.Was able at that point to login to gui.Found this little darling message in the system log: System messages:'data_plane: Depend script failed max times'See datap...

gefuchs by L1 Bithead
  • 6086 Views
  • 8 replies
  • 0 Likes

Resolved! Dynamic Updates on PA-200

I have a PA-200 that is configured to check for updates every half hour aprox. The thing is that Antivirus, Aplications and Threats are not installed as scheduled!!! When I log in to check, the check to Internet is done, but the package is not downloaded or instaled (in schedule task action in both is download-and-install) If I do it manualy, ev...

Two-Factor authentication failures

Hi, we have a few clients using GlobalProtect as VPN (various versions), some are authenticating using 2FA, using SecurEnvoy as a RADIUS server. What we're seeing is as follows - the user has an authenticated VPN connection, then their network connection drops for some reason (they put the laptop to sleep, their wireless goes off, etc. etc. - th...

A.Mellor by L0 Member
  • 3857 Views
  • 1 replies
  • 0 Likes

Resolved! Non-interruptive Panorama device migration

Hello!Is there any way to perform migration of local configured firewall to panorama management without service interruption?For example:I use Panorama 7.0There is configured PA-5060 6.1.5 HA-cluster that I need to migrate to centralized Panorama Management.Using this tech-note https://www.paloaltonetworks.com/documentation/70/panorama/panorama_...

Minemeld - Cannot create new Miner Node

Heya All, I've been testing out minemeld and have it a bit of a brick wall.. When I attempt to create a new miner node via CONFIG > NEW, it completes successfully but the node cannot be found listed under nodes so I cannot add it as an input to the inboudaggregator. I have reviewed all the log files and couldn't find any relevant errors.....

Resolved! Filter items from source feed

One of the feeds I would like to import is the alienvault feed. However, I only want a subset of the IPs listed. I have tried using a regex with a transform to limit the results, but the miner is still showing an indicator count of 54,000. I cloned the alienvault prototype and changed it to this: my_alienvaultreputation: class:...

deanm by L2 Linker
  • 11070 Views
  • 11 replies
  • 0 Likes
  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels