General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! acc risk factor

Hello Support Team,

I'd like to know a mathematical formula of acc risk factor.

It doesn't seem a session-based average value.

Regards,

Tomoyuki Komure

Tomoyuki by Not applicable
  • 7547 Views
  • 7 replies
  • 1 Likes

Application block page - not enabled by default

I've noticed in PAN OS 5.x that the application block page is not enabled by default. Obviously it can be manually enabled.. but was this done for a specific reason to address some common problems experienced by customers?

I could surmise that perhaps

...

CMG by L2 Linker
  • 1728 Views
  • 3 replies
  • 0 Likes

Convert from vwire to layer 3 for globalprotect.

I'm trying to put together a plan of action to get globalprotect to work for us. I have a work ticket open with PA. Our PA firewall is currently deployed in a VWire setup, on the lan side of our router. Here are my big questions for getting this acco

...

Netwerx by L2 Linker
  • 2339 Views
  • 3 replies
  • 0 Likes

Resolved! SYN-Flood packets dropped by unknown rule

Hi everybody,

we got a lot of syn-packets which were dropped  by the rule any-allow. But we haven't this rule, so is it a inbuilt rule and

why do i need a DoS-Rule to be protected against Syn-Floods if there is a builtin rule.

Cheers klaus

kdd by L4 Transporter
  • 3187 Views
  • 14 replies
  • 0 Likes

Response Page Operation

All,

So, just a possible silly question about the order if you will of response page activation - specifically around the Application Block and the URL Block.  Per the documentation:

Application Block Page:  Activated when application access not allowe

...

mrsold by Not applicable
  • 1124 Views
  • 0 replies
  • 0 Likes

Resolved! Decryption policy Issue

Hi All,

I'm just trying to configure decryption. because I'm facing Issue while blocking applications(not all the applications got blocked as the policy supposed to do).

First of all, I'm using Trusted CA, and here you are the steps I followed To gener

...

Resolved! GlobalProtect with NATet interface

I have a PA200, and is using eth1 for outside (internet) and eth2 for inside. I'm NATing from eth2 to eth1, as normal.

Now i want to have the management https address on the eth1 for several reasons.

At home its just for testing, but at my office i hav

...

Dropbox (again)

Hello,

We have a requirement to do the following

Block dropbox for some users

Allow dropbox web for some users but block app - use ssl decryption to control uploads

Allow ALL for 2 VIP's - no decryption required

Is this at all possible?

depps by L1 Bithead
  • 2526 Views
  • 4 replies
  • 0 Likes

Resolved! Panorama 5.1 with fw PanOS 4.1.14

Hello Everyone,

We deploy a panorama 5.1.4 and 2 fws are managed on it, one of the fws is running PanOs5.0.8 and another one is running 4.1.14. We can see the fws normally on Panorama -> Managed devices and Templates tabs. however when I finsh a ldap-

...

Resolved! DHCP Service

In the PA software support Boot Server Host Name and Bootfile Name options?

Outgoing SMTP

It used to be best practice to not allow outgoing SMTP except from the primary server.  I am finding more and more applications have a dependency of allowing SMTP outgoing.  I am curious what others are doing with regard to these dependencies.

Thanks,

...

BobW by L4 Transporter
  • 3601 Views
  • 10 replies
  • 0 Likes

Restricting users to Internet only

How can I restrict a certain group (ip range\VLAN) to internet only access.?  I don't want them to get to internal network shares with unfamiliar devices. We use Aruba Clear pass to authenticate and assign IPs and the PA 500 sits on the parameter. I

...

Top Solution Authors
Top Liked Authors