General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Google-Search display captcha

Hello all

Our users getting more and more captcha-messages on google-search with the following explanation:
https://support.google.com/websearch/answer/86640?hl=en

After entering the captcha, google-search works for a while an then the same message is

...

Simplest way to limit bandwidth for internet browsing to preserve for VOIP traffic

Here's my situation. We recently went live with a hosted VOIP system (CallTower hosted Cisco UC). We are relocating our office in a few months so we decided not to put in a dedicated circuit for voice and instead use our 20 meg DIA connection.

We ha

...

Resolved! Captive Portal over IPv6

Does anyone have experience setting up a Captive Portal over IPv6 ?

I found the detail the PAN firewall that have support for it, With IPv4 it's easy.

"IPv6 user information is captured from all of the User-ID-supported repositories and terminal serv

...

Resolved! Multi-Factor Authentication for GlobalProtect

Hello All,

I know the documetnation states to use a certificate as one form of authentication or hte mult-factor. However has anyone out there setup different authentication profiles for their portal and gateway configs? I'm wondering if setting up sa

...

Facebook Browser based and Facebook APP for iOS and Android

We currently allow limited facebook access like posting and allowing to post comments, but block facebook app, chat, etc.

What I have noticed is that while the browser functionality works just fine, from an iPhone or Ipad, it does not. In face, you c

...

User-ID Agent - Domain Override?

Hello All,

I deseprately need an option to override the domain name for user-IP-mappings collected from an User-ID Agent.

I've found that the Terminal Server User-ID agent has that option (https://live.paloaltonetworks.com/t5/Management-Articles/Domain

...

Resolved! suggestions for Pano os 6.1.x

Hi All,

Please suggest a stable release from 6.1.x line

Any help is appreciated.

Regards,

~Harry

Resolved! Using Splunk for collecting PA logs

Hi.

We have a PA-5050 running PAN-OS 6.1.5. With the limited disk space we currently only get about 4-5 days worth of traffic log before it starts overwriting older events. We would like to increase this period to at least 6 months. One solution woul

...

HSTS and HPKP "pinned certs" - breaks decryption and captive portal

I'm seeing many sites recently, like Google and Reddit for example, that are implementing HPKP, which prevents man-in-the-middle decryption like the PA. Currently, Chrome browsers completely ignore the PA certificate on these sites and use the site c

...

How to get a list of all vulnerabilities of Threat Vault?

Hello

Does anyone know if it is possible get a list of all vulnerabilities Threat Vault?

https://threatvault.paloaltonetworks.com/#

I would like to get a list of all vulnerabilities and classify not only by severity.

Thanks,

dicu

Resolved! Global Protect Client settings

I Have configured Global protect and can successfully connect via clients. But after the initial instlal the users have to manually put in the port address along with their username and password.

Is there a way to auto populate the portal address so t

...

Security policies

Is there a good method to get and exported list of all the security policies on the PA without exporting the whole running configuration and in a format that is easy to read?

Resolved! Site-to-Site VPN question

I'm setting up a site-to-site VPN with static routes, which means the tunnel interface doesn’t need an IP address. But I would like to turn on tunnel monitoring and that does require an IP address on the tunnel interface. My question is does this IP

...

View traffics in Mbits

Hi All,

We want to view the traffics in Mbits/sec. We have configured QoS and see the traffics in realtime.

Is there any traffics reports in Mbits?..In Graph, I see the traffics in Bytes.

Please share any alternative ways..

Resolved! Custom report question

I have block/continue set on a URL category and I was looking to see if there is a custome report I could build that would show me the users that use the continue password I have set and for which URLs they accessed?

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free