General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Acknowledge Traffic Log Threshold Alarms

We recently reached the point where our traffic logs are reaching 90% of quota and alarms are being generated.  I understand that this behavior is normal and I do have the option of turning alarms off if I wish.  I don't want to turn them off but I s

...

SystemAlarms.jpg
herrmoss by L2 Linker
  • 4301 Views
  • 5 replies
  • 0 Likes

Using wildcard pattern/ regex in URL filter

Hello,

 

I like to exclude subdomains from decryption. Therefore I've created a URL category. But I don't like to exlude all subdomains only specific subdomains.

 

For example: I like to exlude domains starting with "whatsapp" and ending with "facebo

...

IP confilicting error

Hi We have configured HA pair on our two PA-VM200 Palo alto firewall. Now IP address of my interfaces eth1/1 (inside 10.1.1.1) and eth1/2 ( out side 10.1.1.2) are showing same as primary 10.1.1.1 on both firewalls and I am getting IP confilicting ...

User-ID Agent Windows 2003 logon events

Hi all,

I sometimes have a really hard life mapping domain users with old Windows 2003 forests using UID Agent (no matter if version 6 or 7))

I'll try to explain: when and only when using UID Agent I cannot read all users logon events or, worse, I ca

...

GlobalProtect - PW Prompt when LDAP Auth is down.

Hi all,

 

 

 

I tried support on this, didn't get much help.  I am using PANOS 7.0 and GlobalProtect 2.2.1

 

 

 

I have a couple hundred GlobalProtect clients using Windows.  I am using pre-logon (always on) with LDAP authentication.  The goal is to

...

snippet1.png
snippet2.png
snippet3.png
mmclimans by L3 Networker
  • 5582 Views
  • 9 replies
  • 0 Likes

Dual NIC - IP Mapping Issue

This appears to happen at random to a random subset of users.

Environment:

> 160 AD DCs

4x UIAs (2 - 80 DCs / 2 - other 80 DCs)

Assume:

All possible DCs that a user would authenticate to are being monitored by the agents.

Scenario:

When users with laptops c

...

Auto upgrade on OS

It looks like an upgrade for the os comes out about every other month, has anyone come up with a way to automate the upgrade process and can you recieve email notification of when new os's come out

jdprovine by L4 Transporter
  • 1735 Views
  • 2 replies
  • 0 Likes

Resolved! Custom Report group by problem

Hello everybody! I am trying to make a custom report to see which users are using our VPN and when. I only need the user and the date, so using the database "Traffic log" is enough. I have only 2 columns selected: Source User, and Date. The run now ...

Detecting encoded C2 Communication

Does anyone have experience detecting C2 communication that is encoded?  I've been working with some malware that communicates back with base64 encoded blobs inside (legit looking) http traffic.  I'd like to be able to decode the base64 text within t

...

saajr63 by L0 Member
  • 1298 Views
  • 0 replies
  • 0 Likes

nsatc.net shows as spyware?

I have a ton of entries in my spyware logs for DNS attempts to nsatc.net

 

Some digging suggests this is a site run by Microsoft related to Windows Updates.

 

False positive?

PCI Vulnerabilities Report

Dear Friends, panos, panagent HULK hshah Steven Puluka hyadavalli mmmccorkle

I have a doubt regarding PCI vulnerabilities scan and enable the signature for the same. when security team scan our WAN interface. he found below

1. SSL Certificate - Self-S

...

Satish by L4 Transporter
  • 10403 Views
  • 16 replies
  • 0 Likes
  • 24195 Posts
  • 100 Subscriptions
Labels