This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4115 Views
  • 0 replies
  • 0 Likes

Signature Questoin - New Malware Affecting Cisco Devices - SYNful Knock

Please review the following white paper produced by Mandiant. This also has SNORT rules attached.https://www2.fireeye.com/rs/848-DID-242/images/rpt-synful-knock.pdfQuestion: Has Palo Alto produced a signature update for their IPS/Firewall devices to catch this type of attack/malware?If so, can you please provide details.Thank you,Baber

Wildfire Alerts

Has anyone else noted a materical change in 'dubious' Wildfire alerts in the last 24 hours? We have seen a material shift - as if a new detection engine/function has been enabled (and may possibly be a bit too sensitive).

apackard by L4 Transporter
  • 6010 Views
  • 8 replies
  • 0 Likes

Download Managers

Haveing alot of problems with Download Managers. We use continue/forward on alot of downloads including exe's but the problem we are running into is when someone downloads an installer that in turn tries to pull down other files from offline, They have no way of hitting a continue page and therefore the installer just stalls and fails. What ...

DNS big text threat seems to bypass security rule

I have a strange circumstance here, I think. I've received several threats in my threat log for "DNS Answer Big TXT Record Response Anomaly" Threat ID 31580 (not sure if that's relevant or not, it just seems an odd similarity) So yesterday I had a few instances of this threat from a particular IP. My usual response (like it or not) when I see ...

mkeller by L1 Bithead
  • 2087 Views
  • 1 replies
  • 0 Likes

Resolved! Usefull CLI commands to work with logs

Hello I spend a lot of time playing with logs, ie. less mp-log ikemgr.logHow to:- go to end of this file?- search forward/backward keyword- scrool up/down and you problably know many other userfull keywords. Please share with us who are not well trained 😉 - yet RegardsSLawek

_slv_ by L4 Transporter
  • 77155 Views
  • 6 replies
  • 1 Likes

PA Trunks ?

I want set up two interfaces from PA as shown below. Traffic via Link will get to SW1 and on to S1, the same for the other link. The two are separated for security reasons. The issue is that, say SW1 fails we will need to re-wire SW2 to allow continued operation (shown in dotted line). But the security rules on the PA will not allow this witho...

Untitled.png
RC-BHF by L2 Linker
  • 2233 Views
  • 2 replies
  • 0 Likes

Resolved! XML API config options - edit ordelete to remove user from config rules ????

I have a question about the XML API config REST requests. First, do I need to explicitly request the commit lock in the API before making calls to edit or delete elements in a request (or is this done automatically by the API ?) Second, I am trying to delete a user from a rule set. Can I use the edit config to a blank member (like <membe...

Can't Email Monthly Reports?

I can generate monthly custom reports, andI want to mail these to management but the email scheduler is only giving me the option for daily or weekly email schedules. "Management" unfortunately aren't very keen on logging into the Palo to retrieve their reports, they want them sent. Is there a way to schedule monthly reports?

djr by L4 Transporter
  • 2309 Views
  • 1 replies
  • 0 Likes

VM-100 responding with SYNACK on all ports

Hey, I've got an evaluation of the VM-100 (v7.0.2) setup, but I'm finding that for some reason the firewall appears to be intercepting requests and completing a TCP 3-way handshake, regardless if the ultimate destination has the port open or not. Has anyone got any idea if this is normal behaviour, or if I've miss-configured something somewher...

block http download based on the download file hash value

Dear all, I have asked to look for a solution, we want to receive alert based on specific file download via http, we have the file MD5 or SHA1 hash value. Can I do this with a PAN? The filename could change, I don't know the file size but I have the file hash value.. Thanks for your helps in advanced, E

Palo Alto networks PA-500 with PowerDesine 3001 POE modem

Hello, I like to replace the cisco ASA 5510 with PA-500 in the company . I do all the necessary configuration in the PA-500 but always it still a problem of internet connection. I configure the PA-500 with the same specification configured in the Cisco ASA5510 ( MTU size, the Vrouter...) but always I still have the same problem. In the guide ...

RCHAIBI by L2 Linker
  • 3691 Views
  • 3 replies
  • 0 Likes

Resolved! Panorama Traffic log forwarding

I have traffic log forwading from Panorama to an external syslog server working correctly however I would like to see the device the log was generated from included and not the default "Panorama". Is this possible? This is what I see on the external server: Oct 20 13:10:59 Panorama 1,2015/10/20 13:10:59,001801009725.............. Thanks

r24481 by L1 Bithead
  • 4898 Views
  • 3 replies
  • 0 Likes

Resolved! Panorama CLI - list of values

We run Panorama v7.01 and have a requirement to edit the template stack from the CLI. The CLI path is as follows: configure edit template-stack <stackname> set template ??? Under the set template context I need to add a list of templates, however cannot work out the correct syntax. The help (?) switch shows "[ start a list of values" b...

Resolved! shell request failed on channel 0

Trying to do an SCP copy to a server, but I can't get past "shell request failed on channel 0". Using Solarwinds, and it says Authenticated user "username" from IP "ipaddress", but it always fails from the firewall. Any ideas?

craymond by L4 Transporter
  • 21858 Views
  • 4 replies
  • 0 Likes
  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks