General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 967 Views
  • 1 replies
  • 9 Likes

Internal Root certificate replacement

Does anybody have any experience of changing out the internal root CA cert? Our server guys have updated our internal cert authority to support SHA-256 certs which has had a knock on affect of causing issues with our GlobalProtect gateway certs on ou

...

Crazy policies needed for BGP and VPN

Hi,

first read this article:

https://live.paloaltonetworks.com/t5/Learning-Arti​cles/Any-Any-Deny-Security-Rule-Changes-Default-Be​...

 

then

 I have this exactly behavor but I don't have wrote any/any/deny rules!

In my enviroment both intrazone-defa

...

Palo Alto NSX-Edition for multi-VC environments.

Hi all ,

 

Is there support documentation available for multi-VC implementations of the NSX-Edition ? I found plenty of good Deployment guidelines as per https://www.paloaltonetworks.com/search?q=NSX&%3Acq_csrf_token=eyJleHAiOjE0NTk4NDY1NTgsImlhdCI6MTQ

...

rherlaar by L0 Member
  • 1124 Views
  • 0 replies
  • 0 Likes

Vulnerability exemption

Hi


what is actually
simple-client-critical
simple-client-medium

 

I

 

I  want to change the default action from alert to block .
the rule is under simple-client-medium , but the search result shows it is under
simple-client-high

Thanks

 

 

 

36029.png
sib2017 by L4 Transporter
  • 1507 Views
  • 2 replies
  • 0 Likes

URL White Listing

Hi all,

 

First of all, we are impressed about MineMeld, thanks Luigi for your ideas and work.

 

We have just started to play with MineMeld and wandering the format to whitelist domains and network ranges using stdlib.listURLGeneric (as wlURL)

 

We would l

...

Resolved! CLI checking licenses

Hi everyone! 2 quick questions in 1:

 

-To be able to include a URL as destination in a policy, do I need to have license for URL filtering?

-How can I check what licenses do I have in the CLI?

 

Thank you!

No Email protection for SaaS

The closest way to protect a SaaS email soltuion I have found is Proofpoint which has a wildfire API hook option.

 

I am supprised there is no SaaS service for forwarding attechments or inline scanning of email directly from paloalto networks.

Tech101 by L1 Bithead
  • 1710 Views
  • 3 replies
  • 0 Likes

TAP mode on VM edition

Hi everyone,

 

 

is there any chance somehow to SPAN physical port from switch to VM port group in promiscuous mode, where I placed TAP port of my virtual firewall? Actually, is this supported in any way, or this interface mode is suited only for vir

...

Tician by L3 Networker
  • 1351 Views
  • 0 replies
  • 0 Likes

TAP interface questions

I'd like to monitor a portion of my network on my failover PA in TAP mode.

 

Will this affect my HA pair at all? 

 

Is it possible to set up an aggregate TAP of 2 ports?

 

thanks in advance...

any to application default

We are working on hardening our firewall rules by replacing any to application default(service) and from any to the specific application(application). Example - we changed any to web-application and any to application-default. People hitting the same

...

jdprovine by L4 Transporter
  • 2852 Views
  • 11 replies
  • 0 Likes

ipv6 aggregator

Is there an ipv6 aggregator on the roadmap?

I noted that the URL aggregator can already extract them when the miners includes ipv6 IPs in the URLs (ex: office365), but did not find a way to get just the IPv6 addresses.

mr.linus by L4 Transporter
  • 2284 Views
  • 1 replies
  • 0 Likes

Resolved! dns amplification attack

Hi,

 

What are the best practices need to be followed  to  protect from the ddos  dns amplification attack . 

How to  filter the  trace  from the  log  if there is any attack happened ? 

Thanks

sib2017 by L4 Transporter
  • 3845 Views
  • 4 replies
  • 0 Likes