General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2901 Views
  • 2 replies
  • 14 Likes

traceroute application allows tcp port 80

Hi,

Received a call from a client said their external scanner shows their servers behind the firewall allows tcp port 80 connections and able to passive finger those servers, but there is no firewall rule permit tcp port 80 to those servers.  Digging

...

Resolved! unkown-tcp/udp session timeout?

Dear all,

What is the session timeout for unknown-tcp/udp?

Since this is an application which has no values set for timeout, can I conclude it will use the default-tcp/udp timeouts?

Kind regards

mr.linus by L4 Transporter
  • 4830 Views
  • 5 replies
  • 0 Likes

Resolved! Custom App for CRL downloads

Hi,

I am trying to create a custom app that will match CRL downloads, to allow them without any questions ask. Shouldn't be too hard : on a previous web security gateway, I would match a pattern like the following: "http://([^/:])*crl.*\.crl"

When tran

...

dennisss by L1 Bithead
  • 18019 Views
  • 20 replies
  • 0 Likes

Resolved! Block PSIPHON 3

Hi all,

 

Does anybody already try with success to block Psiphon (https://www.psiphon3.com) ?

It's quite easy when psiphon is configured in VPN mode but how can I do that when VPN is not used ?

 

Thanks in advance for sharing.

 

V.

VinceM by L5 Sessionator
  • 22294 Views
  • 13 replies
  • 0 Likes

How to submit incorrect app classification?

I'm having some difficulty navigating this site. I want to submit the application "Xbox Music" as streaming music (http://music.xbox.com). Currently it's being classified under "xbox-live" (online gaming).

Maxstr by L3 Networker
  • 2837 Views
  • 3 replies
  • 0 Likes

New AppID Category

I work for a K12 School district, and like many K12 school districts we are preparing for online testing for state proficiency testing.

We have also used online testing for AP testing, vocational testing, etc...

Online testing is one of the high priori

...

How to allow a specific file extension

I work for a K-12 school district that uses a program that reads books to students.  The file extension is .kes (KES is a file extension that belongs to Text Files of Kurzweil Educational Systems) and is blocked in our file blocking profile as an Enc

...

almay by L2 Linker
  • 3381 Views
  • 2 replies
  • 0 Likes

Resolved! Deny Facebook Posting

I've been playing around with trying to block Facebook posting but allow all other access to Facebook. I setup a deny rule for the 'facebook-posting' app and then setup a rule below it allowing 'facebook' but, this doesn't seem to stop posting. The l

...

Ash2k by L2 Linker
  • 5273 Views
  • 3 replies
  • 0 Likes

Resolved! Application 'github-base' and SSH

Hi all,

 

Can someone please explain why the "github-base" application depends on SSH?

 

We are running into a number of problems with web sites that are hosted on Github.  Users want to get to these sites for legitimate reasons.  IT people have also

...

RSKadish by L2 Linker
  • 11726 Views
  • 7 replies
  • 0 Likes

url_filtering problem

HI all,

We have a cluster of 2xPA3050, for protection to untrusted zone. Last week we enabled the trial license for url_filtering. Since that moment we have met a special problem. We use a citrix application over ssl in the cloud. This citrix server i

...

App-id not working on some Apps

I am seeing a number of applications which have definitions, but are not being identified correctly:  kaokatalk, league of legends, battle.net and guild wars to name a few.  these are showing the correct ports but showing as "unkown-tcp".  Is there s

...

BobW by L4 Transporter
  • 5233 Views
  • 3 replies
  • 0 Likes