General Topics

Question to app dependencies

Hi guys!

I'm new to Palo Alto.

Scneario:

I make a new rule from an inside zone to the internet with the app gmx-mail.

gmx-mail depends on web-browsing and ssl.

Do I have to add web-browsing and ssl to this rule to make gmx-mail work?

Or could I make anothe

Can't seem to connect to Cisco ASA

Using the following Phase 1 settings:

I keep getting this error:

Received unencrypted notify payload (no proposal chosen) from IP x.x.x.x[500] to y.y.y.y[500], ignored...orIKE phase-1 negotiation is failed. Unable to process peer’s SA payload.

Check th

Surveillance system

Has anyone here used a surveillance system?? I'm in need of a security system, but I don't have any idea on how to select the best one. I recently happened to read an article http://www.fire-monitoring.com/ip-cctv-moving-future/ and thought it will b

Skype for Business using App-ID?

Does anyone have a definitive list of which applications are required for 365 hosted Skype for Business to work please?

I'm using MineMeld to product a dynamic block list of the 365 Skype for Business IP ranges published by Microsoft and I've settled

Multiple WAN Interface Setup, different zones

Hi all

I'm struggling to configure a VM-200 with multiple WAN interfaces. I've read a few forum posts on the subject and I understand the suggestions (PBF, 1:1 vs 1:Many NAT, etc) but the situation I'm in is a little different.

We are running the VM-

Send OSPF default route with PBR

I have a network were what I would like to have happen is that the PAN device tracks its connection to the internet and as long as that is alive send a default route to its neighbor.  If that fails i would like it to stop sending that default route s

Redundant IPSEC VPN with cisco and VPN monitor

Hello Experts

I have PA on hub site and Cisco ASA at spoke site. At hub site, I have two ISP links, and ASA establish two IPSEC VPN with hub PA through both ISP, one IPSEC is primary and other is backup

Now to failover, I am thinking to use VPN monit

15-20 seconds of denied traffic when applications and threats are updated

According to our traffic logs a lot of traffic is denied during a period of 15-20 seconds every time we update applications and threats on our PA-5050. Is this normal? This is all kinds of traffic like mssql-db, web-browsing, ms-sms etc.

Rule too allow access to group of URLs?

PANOS 7.0.4 and I'm struggling to do something that feels basic 

I need to allow anything on the LAN access to

• *.sophos.com 
• *.sophosupd.com
• *.sophosupd.net
• *.sophosxl.net
• ocsp2.globalsign.com
• crl.globalsign.com

as per https://community.sophos.com/kb/en-u

Regex

Is there any specific regex pattern for Palo Alto ?
i am trying to create a Regex that matches SSN but it doesnt seem to like it.
It either errors out as it should be 7 bytes long or it is invalid.