General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 194 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 877 Views
  • 0 replies
  • 0 Likes

Question to app dependencies

Hi guys!

I'm new to Palo Alto.

Scneario:

I make a new rule from an inside zone to the internet with the app gmx-mail.

gmx-mail depends on web-browsing and ssl.

Do I have to add web-browsing and ssl to this rule to make gmx-mail work?

Or could I make anothe

...

MPI-AE by L4 Transporter
  • 2432 Views
  • 5 replies
  • 0 Likes

Can't seem to connect to Cisco ASA

Using the following Phase 1 settings:

 

I keep getting this error:

Received unencrypted notify payload (no proposal chosen) from IP x.x.x.x[500] to y.y.y.y[500], ignored...orIKE phase-1 negotiation is failed. Unable to process peer’s SA payload.

Check th

...

Capture.PNG
dclaro by L0 Member
  • 3814 Views
  • 3 replies
  • 0 Likes

Surveillance system

Has anyone here used a surveillance system?? I'm in need of a security system, but I don't have any idea on how to select the best one. I recently happened to read an article http://www.fire-monitoring.com/ip-cctv-moving-future/ and thought it will b

...

ConMac by L0 Member
  • 1993 Views
  • 2 replies
  • 0 Likes

Skype for Business using App-ID?

Does anyone have a definitive list of which applications are required for 365 hosted Skype for Business to work please?

 

I'm using MineMeld to product a dynamic block list of the 365 Skype for Business IP ranges published by Microsoft and I've settled

...

Multiple WAN Interface Setup, different zones

Hi all

 

I'm struggling to configure a VM-200 with multiple WAN interfaces. I've read a few forum posts on the subject and I understand the suggestions (PBF, 1:1 vs 1:Many NAT, etc) but the situation I'm in is a little different.

 

We are running the VM-

...

Send OSPF default route with PBR

I have a network were what I would like to have happen is that the PAN device tracks its connection to the internet and as long as that is alive send a default route to its neighbor.  If that fails i would like it to stop sending that default route s

...

Redundant IPSEC VPN with cisco and VPN monitor

Hello Experts

 

I have PA on hub site and Cisco ASA at spoke site. At hub site, I have two ISP links, and ASA establish two IPSEC VPN with hub PA through both ISP, one IPSEC is primary and other is backup

 

Now to failover, I am thinking to use VPN monit

...

Resolved! IPSEC VPN negotiation without traffic

Hello Experts

 

Is there any option to initiate a IPSEC VPN without passing actual traffic. Like in Juniper SRX, there is option "establish-immediately" or in Juniper Netscreen "rekey" option 

 

Regards,

 

GR

Rule too allow access to group of URLs?

PANOS 7.0.4 and I'm struggling to do something that feels basic 

 

I need to allow anything on the LAN access to

 

  • *.sophos.com 
  • *.sophosupd.com
  • *.sophosupd.net
  • *.sophosxl.net
  • ocsp2.globalsign.com
  • crl.globalsign.com

as per https://community.sophos.com/kb/en-u

...

Regex

Is there any specific regex pattern for Palo Alto ?
i am trying to create a Regex that matches SSN but it doesnt seem to like it.
It either errors out as it should be 7 bytes long or it is invalid.

Resolved! Order of different NAT

Hello Experts

 

I am just wondering, what is the order of different NAT on same packet. Lets say I want to do destination NAT and source NAT for the same packet. What NAT will happen first destination NAT or source NAT?

Resolved! Destination NAT or Static NAT

Hello

 

If I configured static NAT and destination NAT for one public service to be accessible from Internet. What type of NAT rule will be utilized by  PA, I mean static NAT or destination NAT or it soley depends upon the order of rules?

Resolved! Proxy ID in SA?

Hello Experts

 

I have site to site VPN between HQ PA and branch PA. I used the proxy id on HQ as Local: 172.16.110.0/24 remote: 10.10.10.0/24 and everything is working.

 

Now brach office need to access another subnet in HQ that is 172.16.111.0/24. In t

...

  • 24011 Posts
  • 115 Subscriptions
Top Solution Authors
Top Liked Authors
Labels