Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [palo-alto-networks]

Palo Alto Networks is US firewall manufacturer and network security company. The company's core product is a series of firewalls designed to provide visibility and granular control of network activity based on application, user, and content identification.

Palo Alto Networks is US firewall manufacturer and network security company. The company's core product is a series of firewalls designed to provide visibility and granular control of network activity based on application, user, and content identification.

Palo Alto Devices run an operating system called PAN-OS.

23 questions
4
votes
0 answers

Palo Alto Globalprotect - connect via cmd

Scenario: Windows box having the Palo Alto Globalprotect vpn client installed. Is it possible to use commandline or powershell to connect the vpn client to a remote host? I know this is possible with other vpn clients but can't find any…
Rasmus
  • 141
  • 1
  • 4
3
votes
0 answers

RANCID - timeout connecting PALOALTO in HA

When rancid try to connect via SSH to PALO (the active one) i get a time out message. Connecting manually everything is ok. I believe is something related to prompt containing parethesis. add user fw-* backup-user add password fw-* {xxxxxx}…
PB034
  • 43
  • 2
2
votes
1 answer

Palo Alto PA-4020 cannot connect to terminal through Serial to USB

I have a PA-4020 that I messed up the configuration on, and I am trying to do a factory reset. I went ahead and ordered a few different serial to USB cables, and cannot connect through a Mac App Called Serial, PuttyTel (Windows) or Mac Terminal. I…
David Eisen
  • 633
  • 5
  • 21
1
vote
2 answers

IPSec between Palo Alto and Strong Swan - traffic between tunnel endpoint IPs (used for ESP transport) should pass through tunnel

There is a Palo Alto firwall (which I have to configure) and an industrial controller (they call it CP) which I don't control. Say Palo Alto has external IP 1.1.1.1 and CP has 2.2.2.2. These are the IPs they use to communicate to each other, and…
TomTomTom
  • 611
  • 3
  • 6
1
vote
1 answer

Eventual 504 Gateway Timeouts when Nginx/Puma Rails App server is contacting a PostgreSQL backend through a firewall

I've been running into an issue where a Rails app server (nginx/puma) and a PostgreSQL data server communicate consistently when on the same VLAN on our DMZ, yet when the database is isolated to another VLAN and the app server remains on the DMZ, a…
jrkinnard
  • 13
  • 1
  • 3
1
vote
1 answer

Palo Alto and 802.1q

I have a Palo Alto firewall connected to a link that runs 802.1q and the provider has assigned a specific VLAN for us to use. However I cannot ping the other end of the link, if I replace the Palo Alto firewall with a Cisco Switch it works…
ServerMonkey
  • 247
  • 4
  • 12
1
vote
1 answer

Log incoming traffic on PAN-OS (Palo Alto Networks) firewall

Have a Palo Alto Networks PA-200 firewall with the basic setup complete, all outgoing traffic allowed and working fine. This is showing up in the traffic logs going from the created internal and external zones. I have been unable to log traffic that…
xddsg
  • 3,202
  • 2
  • 26
  • 33
1
vote
0 answers

GlobalProtect VPN over VPN on MacOS

I am using GlobalProtect VPN client to access my company's network. I also have a personal IPSec VPN server. I would like to access to my company's network after my personal VPN, I mean I want to first have my personal VPN then run GlobalProtect VPN…
MOH
  • 11
  • 1
1
vote
1 answer

Send VM Traffic through Palo Alto Firewall in ESXi

I have a Palo Alto VM Series Firewall that I've spun up in an ESXi 6.0 box. How can I have the PAN act as a transparent firewall to all VM's on the box? I was expecting that I could use two vSwitches, one with the physical uplink to the internal…
Andrew
  • 2,057
  • 2
  • 16
  • 25
0
votes
1 answer

Palo Alto and nfdump: No matched flows

I am new to netflow so maybe I have the problem is about understanding, but I have not found references on what is happening. I have a Palo Alto PA500 firewall and I am trying to extract netflow statistics to an Ubuntu box with nfdump. I have…
jordi
  • 101
  • 3
0
votes
1 answer

iOS Outlook Activesync works, iOS Mail Activesync doesn't

We have a guest wifi network that is in a DMZ-like zone on the firewall. Our Exchange 2010 servers are in the "inside" zone of the firewall, with 1-1 NAT to public IP addresses in the "outside" zone. Autodiscover and Activesync work just fine in all…
Todd Wilcox
  • 2,831
  • 2
  • 19
  • 31
0
votes
3 answers

AWS VPC VPN connection and NEXT-HOP issue

all- So, I have my VPN tunnel up between my DataCenter and my VPC. The device (terminating) is a PAN200, PAN OS 4.xx Traffic passes normally; SQL, RDP, AD, DNS, etc and PING from AWS side to DC side pass, but PING from DC side to AWS FAIL. DC subnet…
Troy M. King
  • 11
0
votes
1 answer

How to config Squid SSL bump to let Paloalto PA series firewall recognize App-ID

A Paloalto firewall(PA-2050,POS 4.1x) was capable of recognizing the websites which users are visiting(thru http/https) then flag them with a App-ID and apply application control on the traffic, for instance blocking all webmail/file sharing/social…
user230074
  • 1
  • 2
0
votes
1 answer

External Client should use our proxy to get filtered by our firewall

I would like an external client (4.3.2.1) to use our proxy (9.9.9.9) which forwards traffic to our firewall (8.8.8.8) which then forwards the traffic back to our client (4.3.2.1). So I'm curious if: This is possible squid the best choice There a…
lilott8
  • 496
  • 5
  • 14
0
votes
1 answer

Ansible "hip-profiles unexpected here" Palo alto panos_security_rule

I'm trying to set a security policy on my Palo Alto firewalls using Ansible with the panos_security_rule module. However, I keep running in to the same error, hip-profiles unexpected here. I found multiple reports on the problem, even a GitHub issue…
Collega
  • 65
  • 6
1
2