General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Restricting VPN access to internal services on per-user basis

Folks.

I have a normal Global protect portal for internal staff which works fine.

I now have been asked to provide access for a support organisation which is not staff - not employed by our company - but which needs access to certain devices inside o

...

DHCP Discard session

Scenario is we have ISP connected to Outside zone.

DHCP server on Inside Zone.

On Each satellite we have DHCP relay configured to readh DHCP server.

Whenever there is any issue with Power at location where interface connected to inside zone goes down.

Tr

...

Mac book throws untrust certificate after user identification timeout.

MAC Book unable to operate with Kerberos authentication. If working, provide configuration details.

Is it possible deny the user access web site by proxy???

The scenario is just allow user access system directly, deny all if using forward or reverse proxy such as nginx、apache2、liqud and so so??

What should i set? Application or other else?

URL Filtering by IP

Hello,

We would like to report on web browsing based on the IP off the user's computer, not username (or Identity). Can someone offer a guide, or point me in the right direction? Thank you.

New Pan OS 8.0 Release date

Hi,

Palo Alto Engineer said clientless VPN will release with new PAN OS 8.0 in near future. I just wanted to know what is the exact release date for new PAN OS?

Thanks,

Lakshitha.

Resolved! How do I create my list of blocked IPs for firewall to feed from ?

I need to create my list 'MineMeld-source-List' of blocked IPs which I want to use in the rule. I tried to use prototype stdlib.listIPv4Generic as input where I can add indicators. Then used stdlib.aggregatorIPv4Inbound based aggregator and subsribed

...

Sequence number Randomization.

Hi Guys,

ASA has a feature where it randomize TCP Sequence numbers to prevent hijack session.

Does palo alto has any similar feature.

Sorry to compare the products here. My intention is to configure similare setting in firewall.

Regards,

Current SSL Certificate best practices?

Greetings all,

We're getting close (hopefully) to rolling out our PAN boxes and I'm working on getting together information to pass up the chain on features like SSL Decryption and SSL certificate security.

I've got a few questions concerning best pr

...

IPSEC VPN support for both side as Dynamic, Supported on Juniper but not on PA

Hi There,

I was migrating configuration from Juniper to PA, everything worked as expected except IPSEC VPN.

Customer has two sites and both sites have ADSL connection with Dynamic IP address, however on one end Dyn DNS is used. In the below example S

...

How to block windows 10 store

Can I block access to windows 10 store by policy?

Resolved! Setting up GlobalProtect with Authentication Sequence

Hello,

Trying to configure GlobalProtect to work with local accounts and LDAP accounts with an authentication sequence. The PAN is almost seemingly treating the local account as a LDAP account according to the system logs.

The account Idea11Support is

...

User to group maping for xml-api user who provided no domain string

Hello,

i need to map user to ldap group. For desktops there is no problem, mappings goes well. But if some user connects via smartphone and didn't provide DOMAIN\ then problem occur. Is there any way to achieve this goal ?

Typing DOMAIN\ on mobile key

...

Data pattern to check 2 conditions on Credit Cards

Hi,

Let's say I want to create a Data Pattern to check 2 conditions on DLP:

1) Check Luhn number. This can easily be done by setting a weight in the "CC" field on a DLP Data Pattern.

2) Once the Luhn number checked, check if the first 7 numbers of the

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Resolved! Restricting VPN access to internal services on per-user basis

DHCP Discard session

Mac book throws untrust certificate after user identification timeout.

MAC Book unable to operate with Kerberos authentication. If working, provide configuration details.

Is it possible deny the user access web site by proxy???

URL Filtering by IP

New Pan OS 8.0 Release date

Resolved! How do I create my list of blocked IPs for firewall to feed from ?

Sequence number Randomization.

Current SSL Certificate best practices?

IPSEC VPN support for both side as Dynamic, Supported on Juniper but not on PA

How to block windows 10 store

Resolved! Setting up GlobalProtect with Authentication Sequence

User to group maping for xml-api user who provided no domain string

Data pattern to check 2 conditions on Credit Cards

IKEV2 w Cert - Wildcard peer for DN does not work.

Transferring assets from one CSP Tenant account to another

Proper "outside" interface configuration

Configuring Palo Firewall into an IDS

A question about ECMP

Re: MFA external provider question

Re: GlobalProtect 6.3.3

Re: SPARE device usage

Re: Upgrade path to 11.2.5 from 11.0.0 on a PA-410

Re: Global Protect application blank screen

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! Restricting VPN access to internal services on per-user basis

Resolved! How do I create my list of blocked IPs for firewall to feed from ?

Resolved! Setting up GlobalProtect with Authentication Sequence