General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 73 Views
  • 0 replies
  • 0 Likes

Join the Fuel User Spark Event on March 19: Dealing with Threats !

 

Join us at the Fuel User Group Spark Event on March 19!

 

Get ready to ignite your cybersecurity knowledge and connect with industry experts at our upcoming Spark event hosted by the Fuel User Group. Whether you're a seasoned professional or just

...

kiwi_0-1709893724672.jpeg
kiwi by Community Team Member
  • 675 Views
  • 5 replies
  • 3 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3322 Views
  • 2 replies
  • 14 Likes

Can PA log a address of spoof attack?

Hi all.

I wonder PA can log a IP and mac address of spoof attack such as ip spoof, arp spoof, dns query spoofing attack.

Sometimes, customer want to know above information from PA.

I think PA only drop a wrong packets. isn't it?

Thanks.

Regards.

Roh.

ttongfly by L3 Networker
  • 4313 Views
  • 5 replies
  • 0 Likes

Resolved! Do websites get rescanned once flagged as Malicious?

We are starting to see valid websites showing up as malicious due to them being hacked or for some other reason. Once the site is cleaned up however, is it up to someone in the Palo Alto community to request a URL Category change manually, or is ther

...

Block YouTube/Instagram Mobile app

Hello There,

 

What is the best practice to block YouTube, Instagram for mobile apps? So far I tried to create an application base and custom URL policy  to deny YouTube, Instagram. It works (deny access)  if you access the site via HTTPS (Chrome, Fire

...

KurdTech by L1 Bithead
  • 4550 Views
  • 5 replies
  • 0 Likes

Resolved! NAT, Routing and license requirements

Hello Bros,

                I have an unlicensed and out of support single paloalto 3220 appliance, and this device is not licensed now as we have upgraded to paloalto ha.

my question is I wanted to re-use this appliance for some network services such

...

Resolved! Authentication issue with Global Protect

We are having difficulty with our Active/Passive pair of PA_820’s where they are setup to allow auth to GlobalProtect based on AD group membership.

If we create a new OU in AD and move a user to the newly created AD OU whilst still having the same gro

...

Group Mapping.jpg
Auth Profile.png

Resolved! Welcome Page - Iframe

Hello,

we want to include a (external or internal) website via iframe in the welcome page. My test HTML site:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> 
<HTML>
<HEAD>
<TITLE>Pal

...

Hithead by L4 Transporter
  • 5778 Views
  • 13 replies
  • 0 Likes

Resolved! Change speed/duplex on 10G SFP port for PA-5220

Hello,

 

Is it possible to hardcode speed/duplex for 10G SFP port on PA-5220 device? i am getting below error:

 

>set network interface ethernet ethernet1/5 link-speed 10000 link-duplex full 
Error: 
Server error : ethernet1/5 -> link-duplex 'full' is not

...

skanani by L2 Linker
  • 11120 Views
  • 4 replies
  • 0 Likes

Policy not matching actual traffic

Hi All,

 

I have a security rule to allow ip "A" to ssh to ip "B". I can see the traffic actually hitting the fw but it gets dropped with interzone-default. The test policy match also verifies that it matches the traffic.

 

IP "B" is actually the firewal

...

olloczky by L1 Bithead
  • 3905 Views
  • 3 replies
  • 0 Likes

Why tcp aged-out?

Hi all,

Our developers are connecting from Zone1 to Zone2 with tcp (on ports between 2000 and 3000)

The tcp session timeout on firewall is 3 hours.

The security policy allows any application, any port from Zone1 to Zone2. But there are all default secur

...

Global protect Notification

Hi,

 

When I connect global protect Gateway. Once is connected I received this notification.

I have check the internet connectivity it's working fine.

 

Can you please let me know how to avoid this notification 

 

 

Joshan_Lakhani_0-1614493398995.jpeg

Need help with logging in case of App-Id

Hi,

 

I have below rule in my Palo Alto and another default rules which are Intra-zone and Inter-zone.

Source: 10.0.0.0/8

Source Zone: Trust

Destination: Any

Destination Zone: Untrust

Application: ssl, web-browsing, dns, Facebook-base, YouTube-base, etc

Serv

...

  • 24124 Posts
  • 100 Subscriptions
Top Solution Authors
Labels