General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 585 Views
  • 0 replies
  • 0 Likes

Behaviour app override

Hi, we are having an issue using app override. 

 

1) We have created a custom app for Oracle (without timeout). Using these ports: tcp1521-1541.

This is the config

 

This is the app override policy:

 

This is the security policy (app any and ports

...

App customized.jpg
appoverride.jpg
reglaaplica.jpg
ports high.jpg

Clearing Traffic Log

Running 7.0.6 on 7050's I cleared traffic logs and lost connectivity to management sever and took about 30 min after restart of mgmt sever for traffic logs to reappear . Is this normal. Which log file has info on managemt disconnect files/reason info

...

system alert high opaque: websrvr: Exited

After we upgraded from 7.0.6 to 7.1.2 in one go we started receiving this error message. Does anyone know what causes this ?

We are running active/active on 3050's

domain: 1
receive_time: 2016/06/02 10:25:41
serial: 001701002580
seqno: 2017446
action

...

Nested Policies Suggestion

Not really sure where to put this, but thought it might be a good idea and wanted to share it. Im still rather new to PA and so far I am enjoying it! However, I noticed after a while of creating and editing security policies it becomes quite a mess a

...

aimet by L0 Member
  • 1882 Views
  • 1 replies
  • 0 Likes

Two-factor PAN webconsole authentication

Hi,


I would like to use a two-factor authentication for the administrators when they access the PAN-500 web console.

With an authentication sequence I can use 2 ways to authenticate but I want to force the use of both. Is that possible?

Oasen by L0 Member
  • 4743 Views
  • 3 replies
  • 0 Likes

Cipher suites decryption 7.1

Hi guys,

 

Configuring inbound SSL inspection on 7.1, decryption does not work with the newly supported cipher suites shown in the document below.

 

https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969

 

On

...

Virtual System licensing question

Hi guys,

 

I have never installed a virtual system so I am wondering how licenses for the Antivirus, URL filter etc are applied, are these applied to the base firewall or do we need to get a license for each virtual firewall hosted on the virtual sys

...

SSL decrpytion and TeamViewer

I was wondering if TeamViewer uses certificate pinning so I tried to decrypt it. I've set a simple decrypt rule to decrypt everything from one IP going to internet. But the rule doesn't seem to work for TeamViewer. All SSL sessions are decrypted but 

...

santonic by L6 Presenter
  • 3694 Views
  • 2 replies
  • 0 Likes

How to Remove Configuration Lock

Hi,

How can we remove the configuration done on PAN by other admin, which has not been yet committed, but shows up on the configuration locks?

 

Best regards,

B.

Besfort by L2 Linker
  • 2427 Views
  • 1 replies
  • 0 Likes

Resolved! DAGPusher and DAG

Luigi,

 

Can you confirm DAGPusher name should match tag for DAG in PAN-OS?  I can't have the DAG updated with Minemeld indicators

 

Thanks

 

Bertrand

blebail by L3 Networker
  • 15061 Views
  • 9 replies
  • 0 Likes
  • 23921 Posts
  • 113 Subscriptions
Labels