General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 409 Views
  • 0 replies
  • 2 Likes

Mail attachment virus scanning

How can I implement proper mail attachment virus scanning ?

For incoming mail, I have an antivirus security profile in place that should block virusses (smtp decoder), nothing fancy really:

I notice that the PA doesn't filter attached virusses too well

...

dieter_b by L4 Transporter
  • 7258 Views
  • 10 replies
  • 0 Likes

Wildfire Action doubt

Hello,

We do not have license wildfire in some of our devices.

Do you know if wildfire action (Antivirus Profile) would function without this license?

Regards,

dicu

SOC_CSG by L4 Transporter
  • 2373 Views
  • 2 replies
  • 0 Likes

Inspection of 'http-proxy' traffic

My instinct when I read my own title is to tell me to block the app-id type http-proxy as I can't see inside it and it shouldn't be on my network.

However, I have a requirement, mostly due to legacy infrastructure, where all the traffic passing throug

...

loki by L1 Bithead
  • 5054 Views
  • 4 replies
  • 1 Likes

Can Palo Alto be used as a reverse proxy?

We have this scenario that Palo Alto will receive the inbound mail then will be pass to the PMX server(pure message) going to the exchange server. After going to the exchange server, it must be forwarded to the FW but the problem is that the Core Swi

...

TSPI by L1 Bithead
  • 12273 Views
  • 4 replies
  • 0 Likes

Resolved! LACP from PA to Juniper Switching

Got an odd issue I was hoping someone may have seen.

PA 500 setting up a 4 port LACP bond to juniper switches. Running PanOS 6.1.2

Setup the LACP bond on both ends, LACP would not negotiate. Spent many hours wtf’ing, couldn’t find anything odd anywhere

...

Resolved! Unable to manually upload dynamic content

Hello,

I am currently working on a new PA-3020 deployment. The device has been delivered with old PanOS 5.0.6 release. Also I would like to upgrade it to last PanOS 6.0.x release before going ahead with configuration.

The device has currently no access

...

ldormond by L3 Networker
  • 5095 Views
  • 2 replies
  • 0 Likes

Resolved! Secure LDAP Policy Rule Setup

Hello.

I am trying to setup an application policy rule to allow secure LDAP from our hosting company back to our internal domain controller running MS AD.  I have the appropriate NAT statement setup.

If you look in the log screenshot above, you'll see

...

dannon by L3 Networker
  • 10592 Views
  • 2 replies
  • 0 Likes

Resolved! User-ID Agent Errors on Domain Controllers

I'm getting the following error showing up in event viewer on our Windows domain controller.  We have 4 DC total that have the the user-id agent installed.

As you can see, I am getting a lot of these error.  The IP in question is one from our BYOD sub

...

dannon by L3 Networker
  • 6773 Views
  • 3 replies
  • 0 Likes

Certificate failed to load

Hi all,

We have two PA-4060 in active/passive mode with PAN-OS 4.1.12 (I know, old..).

Yesterday, after rebooting passive device auto commit failed with:

Error: Certificate 'XYZ' failed to load: failed to parse key

and device went to not-ready state.

Afte

...

ISSUE WITH GLOBAL PROTECT

We have configured One VR-1 only

Ethernet 1/1 is a WAN interface

Ethernet 1/2 is a WAN interface

Ethernet 1/3 is a WAN interface

Ethernet 1/4 is a LAN interface

We’ve created

ETH1-ZONE for Ethernet 1/1

ETH2-ZONE for Ethernet 1/2

ETH3-ZONE for Ethernet 1/3

ET

...

  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
Labels