Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
24313 PostsThe Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
175 PostsHave you encountered a false positive verdict for Palo Alto Networks (Known Signatures) on VirusTotal? Use this forum to submit a verdict change request. Change requests should include the File Hash, Link to VirusTotal report, current VirusTotal verdict, and description.
782 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to all things Network Security.
5768 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Palo Alto Networks’ Cloud Delivered Security Services.
648 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Prisma Access and Prisma SD-WAN.
554 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Prisma Cloud and Cloud Identity Engine discussions.
470 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
3976 PostsWe are attempting to make a custom BIOC rule to prevent the use of certain softwares on our servers. Applying the BIOC to a prevention profile works, except for when we add any exceptions. Say we are attempting to block Google Chrome on servers, we add an exception for a prefix used for end user device names and the BIOC can no longer be applied...
Hi All, Please I'm upgrading a palo alto firewall in HA mode remotely, I'm having some issues with remote access and for me not to loose access and be able to finish my upgrade is it ok to upgrade the Passive first before failing over to the passive and then upgrade the Active ?
Group Company A is implementing surveillance cameras and requires communication to send data from the cameras to an external cloud server. The cloud server (destination) cannot be restricted by IP address or FQDN (only ports can be restricted), so IP addresses and FQDNs must be opened with ANY. ※ Restricted ports are TCP 443 (HTTPS), UDP 123 (NT...
Hello Community, I’m looking for some advice on tweaking our Panorama HA timers. We are seeing "false" failover alerts and want to ensure our plan to fix them is balanced correctly. Setup:Two Panoramas in an Active/Passive HA pair located in different Data Centers.Communication is over a WAN MPLS link.These manage two sets of firewalls (one set ...
Attention: JAPAC TPM TeamHello Team, I have a question about the Anti-Spyware profile behavior in a Prisma Access (Explicit Proxy) environment. Scenario- Clients use Explicit Proxy to reach Prisma Access for web traffic.- DNS resolution does not traverse Prisma Access (it is resolved by a local resolver / another path).- An Anti-Spyware prof...
Hi, i have to do this migration. So my steps will be: 1) Install the same version 11.1.x as the old cluster. 2) install licenses 3) add new cluster tu panorama 3) add the device group old cluster to the new one. 5) clone template old cluster to the new one cluster and check the possible interfaces/clusterHA-ID changes to the new cluster. IS th...
Hello everyone, We have encountered and issue where the target servers do not get content updates. The citrix Windows servers reboot nightly with the golden image configurations but do not receive the latest content updates. At the same time, around noon we have to reboot the target servers due to write cache filling up to 100%. Have you enco...
Hi,I've attended two Palo Alto webinars:- PAN-OS 10.1 Expert-Led Webinar on the 10th of February- Live upgrade demo on the 18th of FebruaryI was told we would be given the video recordings and slides from these webinars, but I don't know where they are. The tutors were saying the recordings would be available on the Live community page, but I ca...
I am currently experiencing an issue while attempting to upgrade agents in the Cortex XDR console. The upgrade process fails with the following error message: "Windows Installer DB: Current agent installation is missing." I attempted to clean the endpoint; however, the process was unsuccessful. I would like to ask if there is any alternative...
Good morning, Today I would like to create a block for two malicious files that I found in our environment. I noticed that I can create an IOC to block paths, file names, IPs, etc. I have already created an IOC using a wildcard for the file name: PDFEditor_*.exe, but I would also like to block the process without generating an incident. Is that ...
Hi Friends, Recently i am trying to acheive an requirement where i want to allow messenger and chatgpt in my network but files uploading and downloading should be blocked. I tried configuring decryption and flie blocking profiles along with two seperate policies blocking chatgpt-base and messenger-base applications. I am able to decrypt the...
Has anyone ever configured their environment to detect on unauthorized or unsupported browser extensions? Or conduct a threat hunt based on known facts? We've seen some slip through the cracks and I know Cortex doesn't natively detect abused or malicious extensions. Any XQL ideas out there perhaps?
Hello, I'm trying to configure service health probes over standard VPN tunnels. I've configured a new probe and a new probe profile. added the new profile to the category circuit. I see it under monitoring but I get 100% packet loss. I don't see any flow for the endpoint ip address. is anyone using this feature ? Regards, Elad
Attention: Global TPM team, Hi, I have a question about PAN-183404.// PAN-OS 11.1.10 Known Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-10-known-and-addressed-issues/pan-os-11-1-10-known-issues Q1)How often does this issue occur? Best regards,MasaW
Attention: Global TPM team, Hi, I have a question about PAN-293673.// PAN-OS 11.1.10 Known Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-10-known-and-addressed-issues/pan-os-11-1-10-known-issues Q1)How often does this issue occur? Best regards,MasaW
| Subject | Likes |
|---|---|
| 5 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
| User | Likes Count |
|---|---|
| 14 | |
| 7 | |
| 7 | |
| 6 | |
| 5 |
