General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Discussions

Join Us for a Tech Deep Dive Miniseries!

 

Stop Zero-Day Threats in Zero Time with Nebula PAN-OS 10.2.

 

Join us live for an in-depth look at the latest advancements in cybersecurity, best practices, tips and tricks, demos and
more to protect your business and defend against threats in real

...

nebula-on-demand-tech-deep-dive-miniseries-live-community-banner-2600x600.jpg
jforsythe by Community Team Member
  • 429 Views
  • 3 replies
  • 1 Likes

Resolved! Using variable for PANOS version when using CEF (Arcsight)?

According to https://live.paloaltonetworks.com/docs/DOC-2835 the (current) certified formats for use with CEF is:

Traffic

CEF:0|Palo Alto Networks|PAN-OS|4.1.0|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst s

...

mikand by L6 Presenter
  • 1828 Views
  • 4 replies
  • 0 Likes

with Net Optics bypass switch deployment

Hi,

The bypass switch detects heartbeat from Palo Alto firewall to determine if it is alive.

What happens if, by any chance,  PANOS become unresponsive but the hearbeat ping is still alive? will the bypass mode be ON?

anyone having this experience with

...

cl_wong by Not applicable
  • 770 Views
  • 2 replies
  • 0 Likes

Resolved! copy security profiles and log options

Hey all,

Do you find it annoying you can not copy security profiles and log options the way you can copy zones, objects, user, applications and services from one security rule to another through the GUI?

Manually adding the same security profile for a

...

mr.linus by L4 Transporter
  • 962 Views
  • 2 replies
  • 0 Likes

Resolved! DMZ or NAT for web server

Hi there,

I'm looking for some insight on the best security design for several externally accessible web applications. We have several public IP addresses available and can simply do a 1:1 NAT for each web server, put it in a DMZ, or both. Each web se

...

Resolved! panorama user for specific vsys

Hi,

we created a user with device group and template admin role(only selecting monitor allowed)

also created a user with that role and choosing only 1 vsys for access control

when we logged in with that user we can see other vsys's traffic logs which ar

...

panos by L6 Presenter
  • 782 Views
  • 1 replies
  • 0 Likes

Twinax Cable for PA-5000

Hello everyone,

Has anyone installed an PA-5000 series (PA-5020 and PA-5050) with a standard twinax wire? I want to connect a PA-5020 and PA-5050 to a Juniper SW with a twinax cable (EX-SFP-10GE-DAC-5m), and I want to know if it is possible or if anyo

...

Smartekh by L1 Bithead
  • 1297 Views
  • 3 replies
  • 0 Likes

Terminating multiple IPsec tunnels on an interface

Currenly all routing must take place on our core network. (due to backup ipsec tunnels and faster MPLS circuts)

Here is what we want to do but I am not sure how to accomplish this.

We have four IPsec Tunnels that we do not want to be routed to each oth

...

rbit0965 by L1 Bithead
  • 1224 Views
  • 2 replies
  • 0 Likes

SSL decryption

How would one  implement a man in the middle SSL decryption configuration on the Palo Alto without the client's browser popping up with a untrusted cert message?

DendreT by L1 Bithead
  • 696 Views
  • 2 replies
  • 0 Likes

Resolved! In management plane there's some mysterious process.

Hi guys,

I've found out that our customers PA keeps high management cpu usage, and it seems that this process use most of the resource.

what's the 'appweb3' process and why the user is 'nobody'? Is there somebody who can explain this??

Thank you very m

...

JTR by Not applicable
  • 2563 Views
  • 4 replies
  • 0 Likes

Resolved! Paloalto Panorama Communication after license expired

We have couple of Paloalto 5050 firewall, which license got expired recently.   Is it possible to connect these firewalls with Panorama.

After device has been added in Panorama with device serial number, it is not connected and device IP details not s

...

Resolved! URL Log displays a lot of '%16%03%01/' as url for SSL traffic

What's wrong with the URL filtering and logging of the PaloAlto FW? We have many URL logs like '%16%03%01/' when users visit SSL websites.

Is URL detection for SSL websites broken?

Are there other users who have this problems?

We are not 100% sure but i

...

obor by L1 Bithead
  • 2158 Views
  • 9 replies
  • 0 Likes

DNS Response Address Translation

Can the PA's perform an address translation (assuming an appropriate NAT rule is configured) for an IP address that's presented as an answer in a DNS response message? I.E as highlighted in red below.

I have tested it and it doesn't work, if the funct

...

debsPal0 by Not applicable
  • 900 Views
  • 3 replies
  • 0 Likes
Top Liked Authors