General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

External Block List for matching objects in security and decryption policies

Hi, We have few use cases around dynamically block list (dynamic update for us) however we would like to use it to identify and "allow" apps rather than "block". Considering it is just a group with objects which are dynamically populated based on url, i think it will work. We would like to provide ssh-proxy exception based on the dbl. Strangly e...

Trusted MFA Gateways

What to type? What format? The doc doesn't say... I'm testing MFA in non-http traffic, and have enabled "Inbound Authentication Prompts from MFA Gateway" But what to type here: In Trusted MFA Gateways, specify the list of authentication gateways a GlobalProtect client will trust for multi-factor authentication. When a GlobalProtect client receiv...

gtomte by L3 Networker
  • 3772 Views
  • 1 replies
  • 0 Likes

Issues with Group Mapping

Hello, We just recently moved to PA-500 and we are running 7.1.6. I was able to successfully add my LDAP to my group mapping however when I try to select my security groups instead of showing "Domain\GroupName" it is showing the AD distinguished name like cn=administrator,cn=users,dc=acme,dc=com. And maybe this is the reason why my url filtering...

Captive portal Redirect not working for some android devices.

Hi, I have captive portal setup in guest zone .The setup is working fine for some mobile devices (android) and laptops where the users are presented with captive portal login page once they try to browse inernet. Some mobile android devices are facing the problem that captive portal is not presented when they try to browse.They can not use inter...

Clientless VPN - pass creds to applications

Hello, one of our customers want to use PA as SSO for their applications.Have you any idea if it is possible ?We can use Kerberos or LDAP for clients authentication to PA but what about pass it to the application ?

Palo Alto Networks Firewall detected a url that i havent visited

Myself sai, working as cyber threat analyst. When I am working on one issue, I have checked the risk report of the url - www.weddingsonthefrenchriviera.com in Virustotal, IBM X-force website, URL Query. However in palo alto web interface it is showing that i have accessed the url. I havent accessed the url, i have just checked its risk report. P...

Global Protect - Minimize Panel

I'm working on a pre-logon configuration for GP. After it connects, the panel maximizes. Is there a way to keep the panel from maximizing without removing the app from the system tray? I don't want users having to close the window after it connects.This is GP 3.1.6.

Global Protect Commit Warning

Hi, I'm getting a slightly perplexing commit warning from Global Protect. I am using almost entirely defeault settings for the Portal Agent, so I'm not entirely sure what this warning is pertaining. My only guess is its referring to the setting I have pictured below? But i dont see how it can be flagged for "misses information" when a setting is...

Screen Shot 2017-03-15 at 1.03.48 pm.png

Resolved! ACC Network Activity logging

I'm wondering if the data that shows up in ACC is dependent upon session end (since that's when we're logging) to be reflected in the ACC data graphs. For example: If I have a host doing a large data transfer, will that information not show up in ACC until the session is finished or is the firewall tracking other things besides traffic monitor l...

epeeler by L2 Linker
  • 3484 Views
  • 2 replies
  • 0 Likes

PA 7.0, GP and RSA-ID double authentication

Hi, There is a deployment with RSA-ID as OTP and GP as VPN client (3.1 or 3.0). PAN-OS version 7.0.14.After the recent upgrade from 6.x to 7.x an issue showed up - when authenticating from GP - login information is asked twice.This seems like a known issue:https://community.rsa.com/docs/DOC-46969I've adjusted the PA settings according to this: h...

nikoo by L3 Networker
  • 3985 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels