General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

PAN-OS 8.0 Decryption Issue with Firefox and Chrome

After uprading my lab to pan-os 8.0 The forward Decryption failed when using Firefox and Chrome.IE 11 en Edge still works. For example when i go to www.google.com, Chrome displays: www.google.com uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH Firefox: Advanced info: SSL_ERROR_NO_CYPHER_OVERLAP In ...

password recovery

Hi, I pressed "M" while booting and i am not getting the console after that. Kindly someone help me to resolve this issue. Regards Suresh Kumar8197826493

Resolved! Custom Application ports secure at Layer 7?

Hi folks, We have created an Application override and custom Application for SIP and RTP traffic. We also have Security/NAT rules that allow only this application (ports 5060, 5061, and 6000-8000) access to an internal VM with public IP directly. As I am still learning PA, wanted to ask. Since we are using an Application (and override) that we...

SIP1.jpg
SIP2.jpg
pasbcrule.jpg
PAnatrule.jpg
OMatlock by L4 Transporter
  • 8439 Views
  • 12 replies
  • 0 Likes

Resolved! Feature Request

Can we get a widget that shows status and performance metrics of user and ipsec vpns? Status is hard to find (and not on one pane), and there are no performance metrics at all.

Unable to connect to https://login.microsoftonline.com

hiThe whole company behind PAN firewall is unable to connect to https://login.microsoftonline.com.no blocked page, just "sign in to your account" web portal but no place to login. Firewall does not show any blocked/dropped connection to this URL.I create a brand new test rule, put on top of the rule sets but no luck. Any suggestions/idea appreci...

SSL decryption and browsers behaviours

Hello, We are planning to perform SSL Decryption for overall Web Traffic (we are a public organization of around 5000 users). We have started several tests by implementing SSL Decryption Best practice like not decrypting "Financial Services" and "Health" categories. However we are facing common issues with browsers that often states that connexi...

ie_manor_ssl_no.JPG
ie_manor_ssl_yes.JPG
ie_migros_ssl_no.JPG
ie_migros_ssl_yes.JPG

Resolved! Wildfire & ZIP files

When I have the PE type selected for Wildfire are ZIP files sent to be scanned if they contain EXE files? I thought they were, but figured I would ask.

nthen by L3 Networker
  • 10860 Views
  • 9 replies
  • 0 Likes

Resolved! Security Policy Exception

Has Palo Alto looked into the capability for security policies to be built using an exception based logic. For example: Src: 10.0.0.0/8 (except) 10.100.0.0/24 Dst: ** App: ** etc.... This would then allow all 10. traffic except for the 10.100.0.0/24 subnet This is a function available in Checkpoint and some other platforms that has been very hel...

Blocking/Alerting on Web Sessions to IP Address Formatted URLs

One of my customers has asked if it is possible to block and/or alert upon HTTP or HTTPS connections that are made directly to an IP address instead of a dns name. The specific IP addresses or DNS name is not defined, they would just like to alert upon this behavior any time it is seen since some malware can be hard-coded with IP addresses and ...

palalto-updates vs ssl

After years of content update traffic showing up in traffic logs as paloalto-updates application, this traffic suddenly started showing up in traffic logs as ssl application. This all started at approximately 6:40pm Eastern time on 4/1/2017.Has anyone else experienced this and if so do you have any idea why this is?

herrmoss by L2 Linker
  • 3343 Views
  • 3 replies
  • 0 Likes

Resolved! Wildfire file-size-limit

Just installed PANOS6 on a PA200 platform.Did a change at the configuration and tried to commit. While commit I get the message:Validation Error:deviceconfig -> setting -> wildfire -> file-size-limit unexpected heredeviceconfig -> setting -> wildfire -> file-size-limit is invalidTried to change the values at device -> settin...

Hithead by L4 Transporter
  • 12926 Views
  • 10 replies
  • 0 Likes

Configuration Update Descriptions

Hi all, The commit description is potentially really useful for tracking changes and linking back to change tickets, but I can't see where I can display a list of commits with the descriptions, to review what has been done. The configuration log shows individual changes which is good detail, and the config comparison shows the description agai...

djr by L4 Transporter
  • 2962 Views
  • 3 replies
  • 0 Likes

Resolved! Query on QoS

Hello, We would like to configure QoS on PA to give priority to VOIP and video based traffic. The Internet connected to the FW is 100Mbps and the connection between the core switch and PA is 1Gbps. If I make a QoS profile and I want a guaranteed bandwidth of 25Mbps, but what about max bandwidth? What do I set? 100 Mbps?If so, when applying this ...

Farzana by L4 Transporter
  • 2864 Views
  • 3 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels