General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 425 Views
  • 0 replies
  • 2 Likes

Resolved! Global protect question

I've seen multiple videos on global protect and need clarification. My first question is do you need to configure a static route on virtual router? Second quezon is to you need to configure NAT? Tutorial I've seen sometimes so these configurations so...

Clarification of rule processing order?

I had two firewall rules in the following order:

 

  • Any Internal > Any External > Any Application > Service TCP 80/443
  • Any Internal > Any External > Application filter "web browsing" > Service "App Default"

 

With a "decrypt" profile on web based email

...

Global Protect Limitations

Is there a way to stop disabled AD computer accounts from connecting to GP?  We have a HIP profile attached to the GP rules which force the user to be compliant (ie. member of domain and have AntiVirus).  however, when we disable their computer accou

...

rrau by L3 Networker
  • 3108 Views
  • 5 replies
  • 0 Likes

Resolved! Issue with CPUID with PA-VM-100 on Vitualbox

Hi Guys!!

 

I have installed a PA-VM -100 on my VirtualBox but the problem i m currently facing   is as follows:

 

- The CPUID does not appear on the dashboard  (general info)  i m only able to retrieve the UUID any idea why ?

- Can I disconnect The

...

big_Gilo by L2 Linker
  • 2516 Views
  • 2 replies
  • 0 Likes

data filter on comment

Hi community , 

is there any way to filter comment contained some bad words (f**ck , so on)  that is written by our employers to add any website(often use  http) ? 

Resolved! Policy Configuration App-ID

Dear colleagues.
I do not have much experience in PA and I would like to help me with a configuration that is very basic for some.
I wish to make is a policy in which App where certain app block p2p (torrent, Tor, ultrasurf) and allow other application

...

Edluna by L1 Bithead
  • 2173 Views
  • 1 replies
  • 0 Likes

Best practiecs

Is anyone using these recommended settings?

 

set deviceconfig setting tcp urgent-data clear

set deviceconfig setting tcp drop-zero-flag yes

set deviceconfig setting application bypass-exceed-queue no

set deviceconfig setting tcp bypass-exceed-oo-que

...

jdprovine by L4 Transporter
  • 5657 Views
  • 11 replies
  • 0 Likes

PANOS 7.0 SNMP logical interface counters

I tried the feature and the RX and TX counters are a way off from the physical interface (Tested on 5060 using e1/21 and e1/22 for AE1).   I opened a case with TAC,  and this is the explaination from TAC,

 

For hardware interfaces (ethernet1/21 and e

...

When will a new GlobalProtectClient GUI/UI be written?

We've been holding off replacing our Cisco Anyconnect clients as the interface of GlobalProtect is a big downgrade for us.

 

Any idea when/if there will be improvements made to the GP UI?

 

At the moment it looks like it was developed by engineers with n

...

GPforWin7.png
anyconnectwin_reconnect2.png
pmc by L2 Linker
  • 6635 Views
  • 4 replies
  • 6 Likes

Resolved! cli: traceroute host, ping host use connected interface

Is it possible to have traceroute host and ping host default to using the interface the cli was connected to?

 

We have the Management Interface of our PA 500 set to an internal address, like 192.168.129.11.  We can connect to it from our mpls networ

...

Crazy policies needed for BGP and VPN

Hi,

first read this article:

https://live.paloaltonetworks.com/t5/Learning-Arti​cles/Any-Any-Deny-Security-Rule-Changes-Default-Be​...

 

then

 I have this exactly behavor but I don't have wrote any/any/deny rules!

In my enviroment both intrazone-defa

...

Vulnerability exemption

Hi


what is actually
simple-client-critical
simple-client-medium

 

I

 

I  want to change the default action from alert to block .
the rule is under simple-client-medium , but the search result shows it is under
simple-client-high

Thanks

 

 

 

36029.png
sib2017 by L4 Transporter
  • 1870 Views
  • 2 replies
  • 0 Likes
  • 23697 Posts
  • 110 Subscriptions
Top Solution Authors
Labels