General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 93 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3333 Views
  • 2 replies
  • 14 Likes

Show Commands to Verify L3 Sub-interface Configuration

Hello Community,

 

I have configured L3 Sub-Interface on a Palo Alto firewall in a virtual environment. Can someone please let me know if there are any show commands to verify that the configuration is working successfully?

 

Thank you

 

Carlton 

Frequent re-keying of ipsec tunnels

When I look under Monitor -> Logs -> System, I see the following:

 

1. ipsec-key-delete: IPSec key deleted.  Deleted SA <SA info> SPI:<hex dump>

2. ike-nego-p2-succ: IKE phase-2 negotiation is succeeded as responder, quick mode.  Established SA <SA i

...

HA VSYS

Hi,

 

Have anyone tried to configure different HA setup for different VSYS? Let's say VSYS1 is active/active and VSYS2 is active/passive.

 

Thanks,

MBS

Resolved! VPN with built in VPN Client of OS X

Hi there,

 

for a special reason I need to setup a dedicated VPN Gateway for the built in iOS/OS X VPN client. Before I start to setup a Linux System for that I would like to find out if it's possible with PaloAlto or not. In the past there was a X-A

...

Panorama Error commit

Hi,

 

We have a cluster PA (Madrid) in version 5.0.14, and two PA in stand-alone (Singapur, Miami) in version 7.0.6.

We just commited the panorama config but we got a error in cluster PA Madrid.

Panorama in 7.0.6 can handle firewalls in version 5.0.1

...

Captura.JPG

dnsproxy failures

System log fills with messages like "Failed to resolve domain name:defrxpwgklm.capco.com after trying all attempts to name server(s): 8.8.4.4  194.25.0.68". DNS without dnsproxy is working. Can i restart the dnsproxy to fix this issue?

The messages ar

...

azwicker by L1 Bithead
  • 2692 Views
  • 3 replies
  • 0 Likes

Resolved! DMZ Web Server Access Setup PT2

Hello Community,

 

Can someone please let me know if Palo Alto have any documentation examples of setting up access to a webserver from the Internet that resides in a DMZ?

 

Thank you

 

Carlton 

User-ID Agent Upgrade

Hi,

 

We are planning to upgrade the User-ID Agent from version 6.0.6-4 to 7.0.3-13.

 

Three PAN-OS are running with version 7.1.1, 7.0.5-h2 and 7.0.2 use the same agent server.

 

Is version 7.0.3-13 will work with PAN-OS version above?

qafcopa by L1 Bithead
  • 2922 Views
  • 3 replies
  • 0 Likes

Resolved! Group Mapping for Domains with Non-contiguous namespace

Hi I'm attempting to implement userID on PAN-OS 7.0.6 within a multi-domain forest.

 

All of our workstations exist on one domain and users logging into those workstations exist on another domain within the same forest. I have the UserID agent setup

...

Resolved! DMZ Web Server Access Setup

Hello Community,

 

I have set up a lab environment shown in the below below that is meant to allow access from 192.168.1.X to the sever 10.2.2.1 using static NAT ip address 192.168.1.251

 

I have configured everything as demonstrated in the CBT Nugg

...

IMAGE.png
NAT POLICY.png
Security Policy.png

Blocking brute force SSH to firewall

For various business reasons I need to allow SSH directly to a PA-3020 to manage the unit.  Is there a way to apply a vulenerability policy to this traffic so that I can block bruteforce attacks?

 

Thanks

Dustin

dscott98 by L0 Member
  • 4081 Views
  • 3 replies
  • 0 Likes

Resolved! How Passive FTP is filtered in Palo Alto

Hi Guys, 

 

I know application FTP covers both Passive and Active FTP. However, my question is how it filters the traffic. I mean how a server Intiating a connection to the client will be filtered and allowed. Can anyone help. 

yadsingh by L2 Linker
  • 9430 Views
  • 3 replies
  • 0 Likes

Can I Obtain the CVE in the PA event Log

We have numerous PA firewalls that alert for vulnerabilities. I also have a product that scans for vulnerabilities in my network. The scanning device has CVE numbers in its events. The PA has PA's unique identifier in its event. Is there a way for me

...

  • 24126 Posts
  • 100 Subscriptions
Top Solution Authors
Labels