General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

How can I be notified of failed hardware via email, snmp or syslog?

Hello everyone,

We have experienced a FAN failure on our PA-500 and had the red led for the fan and a red fault led (but no idea for how long) - As we wasn't notified of this hardware failure. So my question is how can I set the Palo up to notify me

...

Can I block files by signature?

I had a client ask if I could block files by hash. Without additional information -- such as what protocol, application, host, user-agent, etc. -- it wouldn't be possible to do this with a threat signature, so how else could it be done?

Cheers,

Corey

m

...

Resolved! Panorama doubts.

It is possible to edit a rule placed on the firewall through the panorama, because I can not edit rules coming panorama, directly on the firewall.

How to drop new SSL sessions when limit is reached in 6.1.X?

We'd like to drop any new SSL sessions if the system has reached the SSL Decrypted Session Limit.

This page, How to Implement and Test SSL Decryption, says to run:

> set deviceconfig setting ssl-decrypt deny-setup-failure yes

but it doesn't seem to be t

...

How to Avoid Remote SSH Scan

Hello

I have a lot of events "deny" followed by other "allow"; All of these to port 22 (SSH) from remote host to several IP(s) in my Untrust and DMZ Zone.

<14>Jun 24 04:01:17 fw2orgt 1,2015/06/24 04:01:16,0003C102047,TRAFFIC,drop,0,2015/06/24 04:01:16,

...

Local user passwords problems with GP after upgrade PAN OS

Hi, I've just migrate from PAN OS 5.0.10 to 6.0.7 and GlobalProtect users have got problems with login. They had the password saved on their GP agent, but connection was refused and users were blocked due to intensive login attempts. We're using loca

...

Resolved! Reset an interface to initial state of Not configured

Hi,

just starting up with my first PaloAlto device, and have a simple question for which I don't seem to find a solution in the documentation. By default, the interfaces of a new firewall are are unconfigured, i.e. the GUI shows their status as "not c

...

Resolved! Zone protection email notification?

Hello

I would like to get email notifications when Host Sweep/TCP Scan and other events related to the zone protection is triggered.

Any way to forward them to email?

Resolved! Does or when will Palo Alto support IKEv2?

I am just trying to confirm if Palo Alto supports IKEv2 at this time.

Thanks

Resolved! ECMP

Hi - is it possible to do ECMP (equal cost multi-path routing) using static routes? If not - is it possible to achieve ECMP using OSPF on the PA4050. We have a need to load balance the default route out of a PA4050 over multiple L3 gig interfaces (th

...

PA blocks spyware - identify compromised computer

Hi there,

we're running the following setup:

trusted zone | DC zone | Internet

Client/Proxy/some old DNS Server| DNS Server| Internet

I see that the PA is blocking malware traffic (app DNS). But the attacker is either the proxy, asking the DNS in the DC

...

Resolved! is it support ECMP protocol ??

Hi all.

Is it support ECMP protocol from PAN??

I can’t find whether ecmp protocol support from datasheet and knowledge base.

does PA has any other similar protocol if not support ecmp??

Please refer to below URL for ECMP.

http://en.wikipedia.org/wiki/E

...

Resolved! How to configure ECMP Equal Cost Multi-Path Between Palo Alto And Cisco

Is it Possible to achieve ECMP between a cisco router and a PA-2000 series running PAN-OS 4.1.7

If Yes Can somebody point me to the right direction.

Thank You

802.1q tagged sub-interfaces on PA-500 v6.1 not working

I'm trying to consolidate multiple Layer3 interfaces into a single Layer3 interface using subinterfaces and VLAN tagging, but it's not working.

I'm hoping someone can point out the error in my configuration.

The current working configuration:

FIREWALL
et

...

Gp Configuration

Hello Friends,

We want to configure our Remote VPN (Global Protect ) on two ISP and we should be able to manually switch the gateway at client end and no Lic is required for that?. Please suggest.

Regards

Satish

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free