General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Block Traffic Based Upon Countries Source. Vulnerability Protection and For a Specific Time Interval

Hello My objective is block automatically traffic IP for a different time intervals Based upon Countries (Top attack) and applying a vulnerability profile. This is my Vulnerability Protection Profile and his rules: Rules (1-3600 sec). I don't want block an IP for a long time. 1 test Critical1800. Where 1800sec=30minutes 2 test High 1200. W...

8Z5bcjp
4KvzKau
1sn4Sub
UN5P1bt
SOC_CSG by L4 Transporter
  • 5909 Views
  • 6 replies
  • 0 Likes

any to application default

We are working on hardening our firewall rules by replacing any to application default(service) and from any to the specific application(application). Example - we changed any to web-application and any to application-default. People hitting the same rule had different results some it didn't work and they weren't able to get to the web page and ...

jdprovine by L4 Transporter
  • 5733 Views
  • 11 replies
  • 0 Likes

High count of packet retransmissions/Dups over IPSEC/VPN

Hi! I'm running IPSEC-VPN (AES256/SHA256/DH14) tunnel between a PaloAlto PA-500 and a Fortigate 110C via Internet (10MBit up/down guaranteed both sides - latency between 40 and 50ms).90% connections are ICA/HDX connections (TCP 1494 and 2598) for XenDesktop connections.The connection is working not very well. The ICA-sessions are quite stable ...

e.g. ICA-Traffic
e.g. RDP-Traffic

ipv6 aggregator

Is there an ipv6 aggregator on the roadmap?I noted that the URL aggregator can already extract them when the miners includes ipv6 IPs in the URLs (ex: office365), but did not find a way to get just the IPv6 addresses.

mr.linus by L4 Transporter
  • 3189 Views
  • 1 replies
  • 0 Likes

Resolved! dns amplification attack

Hi, What are the best practices need to be followed to protect from the ddos dns amplification attack . How to filter the trace from the log if there is any attack happened ? Thanks

sib2017 by L4 Transporter
  • 6848 Views
  • 4 replies
  • 0 Likes

Resolved! RegEx for specific DNS strings

I was working on getting Data Filtering to block specific DNS requests with no resolution.So, I am creating a Custom Application for DNS with a Pattern matching, which is partially working.Working strings:Under Objects/Applications/("Added applications, DNS DDOS, DNS DDOS1, OUR DNS").Configuration: Category = "general-internet", Subcategory = "...

Export config from TFTP (non-management interface)

I was trying to export my running-config.xml with TFTP. It works fine when doing it from the management interface but is not working from any other interface. If I use the source-ip to export the configuration i get a Timeout even though I can ping my TFTP server with the sourced-ip I'm using to export. ANything that I need to change or missing ...

Who's coming to Ignite?!

We're only a week away from Ignite and the Live Community team can't wait. This year, we'll have an even bigger group of folks participating in the event. "reaper", "jdelio", and "kiwi" will all be there, participating in the Live Community booth, breakout sessions, and more. It's a great opportunity meet these community leaders, ask them questi...

Resolved! Session End Reason column NOT available on PA200

Hi All, I am checking traffic logs under Monitor tab. In order to troubleshoot issue and understand behavior of a specific traffic flow, I think "Session End Reason" column is really needed. That's why I am writing on community. We have two PA firewall: - PA-200 - PA-500 On PA-500 I can clearly see column mentioned, while on PA-200 is NOT...

Two Factor Authentication over SSH

I have my Panorma appliance configured to use Radius with 2FA for the management interface and for the web interface that works great. It prompts for the one time password and authenticates. But when we try to SSH to the appliance we are not prompted for the one time password and the authentication fails. Is anyone using this type of configur...

clear user-cache ip command

I know how to clear user to ip mapping using clear user-cache ip <ip address>, I want to know how i can do it via Gui. I need to give access to one of the users to be able to perform this task.

About FSCK on Panorama

Hello My customer use two M-100s. One is used to Panorama and another is used to log-collector. I upgraded two M-100s from 6.0.9 to 6.1.10. I used manual upgraded way because environment what can not access to internet. 1. panorama was upgraded to 6.1.0 manual. 2. panorama was upgraded to 6.1.10 manual 3. log-collector was upgraded to 6.1.0 m...

Resolved! How to activate new cert for GUI on 7.0?

Hi all, On 6.1 and prior, I could choose 'Certificate for Secure Web GUI' under Device tab > Certificate Management > Certificate. On 7.0, I can't find this option. I generated SHA-2 self signed certifacate on the box. Then, how can I use this certiface as webui? In addition, 'set deviceconfig system web-server-certificate <cert_n...

emr_1 by L6 Presenter
  • 2917 Views
  • 2 replies
  • 0 Likes

Resolved! Custom Captive Portal Agree to terms checkbox only?

I would like to setup a captive portal on my guest wifi, but I am not interested in capturing info for user ID, I just want to force the users to see a terms of use that they have to click through before connecting. I have looked at the custom templates but I am not sure if I can really over ride them the way I want. Has anyone tried to do t...

Tech101 by L1 Bithead
  • 3829 Views
  • 2 replies
  • 0 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels