General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 542 Views
  • 1 replies
  • 4 Likes

Resolved! Populating Panorama from an existing firewall.

We have a lab PA2050 that I have tweaked to exactly where I want it to be. We are now trying to add it to a lab Panorama and I would like to populate Panorama with all of the policies and objects from the lab 2050. I exported the running config to an

...

Failed to get CRL http:// ...

Im getting tons of failed to get CRL errors in my logs all of the sudden. Im not sure what I did (if anything) to cause this.

Ive tried to fix it,

  • I tried to enable  "Server CRL"
  • I did a nslookup on crl.verisign.com and I cant see any connections outbou
...

choff123 by L3 Networker
  • 1463 Views
  • 4 replies
  • 0 Likes

Resolved! Security Policy Configuration.

Hi Gents, here is my PA design as active active.

to be clear, the server farm is connected to the Core switches, and the Clients are connected to both Agg switches.

the PA Configuration is in VWire mode.

the question here is, when I create a security po

...

Methods for creating security policies

When creating security policies would it be better to create a separate policy for inbound and outbound traffic, trusted and untrusted, per user group or one policy to manage both ways to minimize number of policies

Resolved! No app ID for for WinRM, port 5985?

I am trying to add WinRM to a allowed policy and I am not finding the app for it. Does PA call it something different? I was thinking there was a way to search the app db by port but nothing is coming up.

jeffm by L0 Member
  • 1887 Views
  • 1 replies
  • 0 Likes

Resolved! GRE protocol traffic

Hello to All,

I noticed some strange behavior regarding GRE protocol, and try to explain what exactly is strange:

Customer has unfortunate GRE VPN tunnel and in one policy "Public_ulaz_GRE" they stated to pass only GRE and NVGRE protocol respectively.

...

Tician by L3 Networker
  • 4078 Views
  • 2 replies
  • 0 Likes

Setting Restricted Access to Certain GlobalProtect Users

All,

I am a PA beginner so bare with me. I am trying to restrict access to only a few servers to several of our GlobalProtect VPN users. I could set these users into groups but how would I restrict access for each group? We have a PA-500 with 5.0.6 OS

...

TroyFlex by Not applicable
  • 4154 Views
  • 4 replies
  • 0 Likes

Captive Portal - need help with configuration

Hello

I'm using CP since over 6 months. It's working quite good.

I moved my servers from internet (untrust zone) to my DMZ zone. I realized that traffic between WiFi network and servers in DMZ (using public adreses) is allowed without CP.

In WiFi zone I

...

_slv_ by L4 Transporter
  • 1586 Views
  • 5 replies
  • 0 Likes

Application and Threat Summary report

Hello,

i am confused a little bit when i found out that 10.0.0.0-10.255.255.255 is listed in Top 5 Destination country. What actually refers 10.0.0.0-10.255.255.255 in this instance?

Regards,

OmarKhan by Not applicable
  • 832 Views
  • 1 replies
  • 0 Likes

Resolved! schedule dynamic updates from Panorama

Dear,

I was wondering if it was possible to schedule a dynamic update (download&install) from Panorama.

  • I know I can configure dynamic updates from the panorama (templates/device/dynamic updates). But I don't want my devices to download the dynamic upd
...

mr.linus by L4 Transporter
  • 1276 Views
  • 1 replies
  • 2 Likes

M-100 - Log collector storage commands

Anyone know the command to show the actual distribution of current logs on a log collector? Basically, i need the output of "show system logdb-quota" at a collector level. I know how to view my defined % allocations and how view the overall disk spac

...

chrisp by L3 Networker
  • 1118 Views
  • 2 replies
  • 0 Likes

Resolved! File Types blocking and logging

Hi Gents,

I have installed Palo Alto 5050 between the users and my Server Farm.

the Issue here is that I created a policy that allows access to the file server based on specific applications or ports, but now I want to prevent users

from saving mp3, and

...

Resolved! Blocking videos for a special url category

Hi,

We know that url category only works with http and https.So if we want to block all videos(http-video,flash,youtube videos) for a url category(for example social-networking),  can we do this with PaloAlto ?

(with custom signatures or anyhting else)

panos by L6 Presenter
  • 1773 Views
  • 7 replies
  • 0 Likes

Zone protection isnt blocking scan

Hi

We have created a zone protection profile for zones UNTRUST/DMZ/TRUST to prevent scan  but we have realised that this zone protection profile isnt working.

Why isnt blocking this scan??? we have the default values in the zone protection profiles....

...

Top Solution Authors