General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

system alert high opaque: websrvr: Exited

After we upgraded from 7.0.6 to 7.1.2 in one go we started receiving this error message. Does anyone know what causes this ? We are running active/active on 3050's domain: 1 receive_time: 2016/06/02 10:25:41 serial: 001701002580 seqno: 2017446 actionflags: 0x0 type: SYSTEM subtype: general config_ver: 0 time_generated: 2016/06/02 10:25:41 dg_hie...

Nested Policies Suggestion

Not really sure where to put this, but thought it might be a good idea and wanted to share it. Im still rather new to PA and so far I am enjoying it! However, I noticed after a while of creating and editing security policies it becomes quite a mess and difficult to manage. I believe if there is a way to create folders or nested security policies...

aimet by L0 Member
  • 2218 Views
  • 1 replies
  • 0 Likes

Two-factor PAN webconsole authentication

Hi,I would like to use a two-factor authentication for the administrators when they access the PAN-500 web console.With an authentication sequence I can use 2 ways to authenticate but I want to force the use of both. Is that possible?

Oasen by L0 Member
  • 5497 Views
  • 3 replies
  • 0 Likes

PANOS 71.2 GLOBAL PROTECT 3.0.2 Gateway Protocol error. Check server certificate

Hello, I'm using GP 3.0.2 on a Win7 PC (PAN OS 7.1.2). I'm getting error 'Gateway x.y.z: Protocol error. Check server certificate.' error message. I have already reinstalled the client on my computer. Same error message. My colleguea, using WIN 10, can connect without any problem. Using Dual Factor Authentication (Vasco and LDAP). Both authen...

licenselu by L4 Transporter
  • 2679 Views
  • 1 replies
  • 1 Likes

Cipher suites decryption 7.1

Hi guys, Configuring inbound SSL inspection on 7.1, decryption does not work with the newly supported cipher suites shown in the document below. https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969 Only the cipher suites shown in the document below again work. The document above states that ECDHE...

Virtual System licensing question

Hi guys, I have never installed a virtual system so I am wondering how licenses for the Antivirus, URL filter etc are applied, are these applied to the base firewall or do we need to get a license for each virtual firewall hosted on the virtual system? Gerry

SSL decrpytion and TeamViewer

I was wondering if TeamViewer uses certificate pinning so I tried to decrypt it. I've set a simple decrypt rule to decrypt everything from one IP going to internet. But the rule doesn't seem to work for TeamViewer. All SSL sessions are decrypted but teamviewer-base isn't. I've also tried sharing file over it and I didn't see it in data log, also...

santonic by L6 Presenter
  • 4472 Views
  • 2 replies
  • 0 Likes

How to Remove Configuration Lock

Hi, How can we remove the configuration done on PAN by other admin, which has not been yet committed, but shows up on the configuration locks? Best regards, B.

Besfort by L2 Linker
  • 2949 Views
  • 1 replies
  • 0 Likes

No User ID in traffic logs (unless I filter soruce user afterwards) and User activity report blank

Has any one expereinced any issue to where the ACC shows source user-id but when ser report is ran its blank? Equallu I do not se user name in Traffic logs but when I filter by source user the name shows up. I tried restarting agent and everything still no luck. I also can see user name in User ID agent on windows machine

Dangers of creating a permiscuous IPSec VPN ( responder only) VPN

We have a business partner that wants to create an IPSec VPN tunnel with our PA-5050 using pre-shared keys, but they don't want to provide a Public IP address for us to peer with. Their other clients configure the remote peer address of 0.0.0.0 basically allowing any remote IP as a peer. My spidey sense is telling me this is a bad idea. The...

fmurray by L1 Bithead
  • 4315 Views
  • 2 replies
  • 0 Likes

What Firewall Change Management software is working with a PAN ?

Hi,Is there anyone that can tell me which Firewall Change Management ( Skybox, Tufin, Algosec,.... ) is REALLY working with a PAN ?Most of them claim they can do it, until you test it... nothing works...Some of them announce PAN support for next year.I would like to get in touch with someone who has really done this kind of integration and who i...

Resolved! DAGPusher and DAG

Luigi, Can you confirm DAGPusher name should match tag for DAG in PAN-OS? I can't have the DAG updated with Minemeld indicators Thanks Bertrand

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels