General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 88 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3331 Views
  • 2 replies
  • 14 Likes

File blocking..

Hi Gents,

I have a Palo Alto 5050 installed between users and my Server Farm.

I configured a security policy to allow access to the File Server, and applied a File type profile to block files such as exe, avi, and FLV.

but the file blocking doesn't work

...

File Types and Applications regarding SSL Decryption

Hi All,

I don't have content Filter License.

am I required to configure ssl decryption to block internet applications or file types?

shall I've a content filter license to configure ssl decryption or not?

Also I'm facing other Issues,

to open internet acc

...

7-Zip ARJ File Buffer Overflow Vulnerability(31030)

Has anyone come across this vulnerability?  We have several PC's with 7-zip installed for extracted .tar files in windows.  Even after we delete 7-zip, we still see these vulnerabilities being flagged by the pan.  Has anyone seen this behavior before

...

jmurphy by L2 Linker
  • 1636 Views
  • 1 replies
  • 0 Likes

SYSTEM ALERT : high : HA Group 1: ** version does not match

Hi Friends,

I wanted your help in solving this persiting issue.I have a PA4020 in HA mode which is configured in Active-Passive mode. From last few days i am getting the below error

SYSTEM ALERT : high : HA Group 1: Anti-Virus version does not match

SYS

...

u13168 by Not applicable
  • 3795 Views
  • 5 replies
  • 0 Likes

Resolved! Ignoring control flags

Is it possible to ignore tcp control flags in the Palo Alto?

I have a client where several nodes talk back to a server through the PAN. The nodes will send a FIN packet so the PAN will drop the session.. however, the vendor requires the session to sta

...

SDorsey by L4 Transporter
  • 2265 Views
  • 3 replies
  • 0 Likes

Hey guys have any of you ever come across this issue:

I was looking at some logs and noticed data displayed in the screenshot below.  There are several things highly questionable about the data displayed here:

  • - The Start Time is in 2031, and the receive time is 2013.
  • - Bytes Received is about 2 exabytes
...

lhylton by Not applicable
  • 2140 Views
  • 3 replies
  • 0 Likes

Failed to get CRL http:// ...

Im getting tons of failed to get CRL errors in my logs all of the sudden. Im not sure what I did (if anything) to cause this.

Ive tried to fix it,

  • I tried to enable  "Server CRL"
  • I did a nslookup on crl.verisign.com and I cant see any connections outbou
...

choff123 by L3 Networker
  • 3056 Views
  • 4 replies
  • 0 Likes

Resolved! Security Policy Configuration.

Hi Gents, here is my PA design as active active.

to be clear, the server farm is connected to the Core switches, and the Clients are connected to both Agg switches.

the PA Configuration is in VWire mode.

the question here is, when I create a security po

...

Resolved! File Types blocking and logging

Hi Gents,

I have installed Palo Alto 5050 between the users and my Server Farm.

the Issue here is that I created a policy that allows access to the file server based on specific applications or ports, but now I want to prevent users

from saving mp3, and

...

PA service account causing huge root DNS traffic?

Basically, the traffic monitor is showing DNS traffic going from my DNS server in the trusted zone to the external root DNS (our ISP) in the untrusted zone, and user is the PA's own domain account.

All of it's coming from a domain controller that also

...

Maxstr by L3 Networker
  • 4427 Views
  • 7 replies
  • 1 Likes

Resolved! Web Management DOWN?

Hi,

We are trying to look at the ACC tab, but we receive  "No Matching Records" in all te categories:

I tried to restart the web-management, but I received this error:

admin@PA> debug software restart management-server

Process 'mgmtsrvr' executing RESTA

...

ecardona by L1 Bithead
  • 2465 Views
  • 3 replies
  • 0 Likes

Issue in the syslog message format in Palo Alto 6 beta 1

Hello,

I am currently on Palo Alto v 6.0.0-b23 and facing an issue with the format of syslog message.

if we pass the same malicious file through Palo Alto device, syslog message forwarded by Palo Alto v5.0.6 and v6.0 beta are different. Palo Alto 5.0.6

...

NHorsch by L1 Bithead
  • 1530 Views
  • 1 replies
  • 0 Likes

PA Ipsec Tunnel

Hi there,

We have a particular setup with our remote sites that I am currently having an issue with.

On sites we use pfsense firewalls that have Ipsec tunnels setup to connect back to the PA system here at our main offices. This has all been fine up un

...

JRussell by L3 Networker
  • 1325 Views
  • 0 replies
  • 0 Likes

Resolved! How to setup SSO on a Microsoft Surface PRO

Hi,

We're using GlobalProtect client on many workstations. GP Agent is configured in SSO mode. This work flawlessly on Windows XP, 7, and some Windows 8 Pro PCs and tablets.

I just got a brand new Microsoft Surface Pro running Windows 8 Pro 64 bits. Fo

...

PatrickD by L1 Bithead
  • 2911 Views
  • 4 replies
  • 0 Likes
Labels