General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

traceroute application allows tcp port 80

Hi,

Received a call from a client said their external scanner shows their servers behind the firewall allows tcp port 80 connections and able to passive finger those servers, but there is no firewall rule permit tcp port 80 to those servers.  Digging

...

Google-calendar-base from iOS devices


Hi,

I applied an SSL decrypt profile and with no blocking configuration if decryption would fail. Now I notice that on iPad with IOS7.0.x the calendar from google is not working.

It appears in the traffic log as decrypted and the application is seen on

...

Resolved! Active Active unique address on DevID 0 and DevID 1

Hello- I am reading through the docs on ActiveActive HA and floating IP.  The diagrams show that for intf  A there is a10.1.1.253 address on the Active-Primary intf and a 10.1.1.252 on Active Secondary.

My question is, how do I configure the different

...

dbrenipc by L3 Networker
  • 1441 Views
  • 2 replies
  • 0 Likes

Palo Alto Software/Threat/AntiVirus Update Policy

Hi,

I am having an internet facing firewall which needs to be kept updated with the Threat/AV software.

I have configured the service route to use the correct interface for updates. However, it still cant check and download the required updates. As it

...

DCN by Not applicable
  • 1955 Views
  • 5 replies
  • 0 Likes

Resolved! How can I edit group entry or delete group using xml-api?

Hello.

It is possible to create group and add group entry using XML-API at User-ID. like below.

<uid-message>

<version>1.0</version>

<type>update</type>

<payload>

<groups>

<entry name="group1">

<members>

<entry name="domain\user1"/>

<entry name="domain\user2"/

...

namok77 by Not applicable
  • 1755 Views
  • 2 replies
  • 0 Likes

Management Interface outside of firewall

Knowing that one does not *usually* put a device management interface outside of the firewall, on the public Internet, in the case of PAN gateways is there any severe problem with this? I have a situation where putting the management of these devices

...

Resolved! Data filter with SSH proxy decryption

So, I would like to be able to enforce file blocking between our external FTP,sftp,scp server that is published in our DMZ. Users coming into the DMZ are NAT'ed from a public IP space to 172.16.0.0/16 space. I have enabled SSH proxy decryption betwee

...

Resolved! When PA move Active-Passive what problems?

Hello~

PA Devices are HA environment

one of them failed disk or temperature raise

Does PA move other device?

because I don't know exactly about moving HA

Link Fail, Path Fail, HA Link Fail I know

I think that Environment occur alarm(FAN, Disk, Temperature,

...

VMware and Paloalto

Anybody had  issues with VNware servers and Palalto firewall. Suddenly our webservers not able to communicate from DMZ to internal network where the SQL servers are.

Adrian

alupea by L0 Member
  • 690 Views
  • 1 replies
  • 0 Likes

User Agent report?

Hi,

PanOS 4.1.14. Is it possible to report on user agent connecting via my 2020? To be able to report on Firefox, Chrome or IE versions for example would be useful .

Further still..(and I doubt this..) to instigate a policy based on a user agent?

Tha

...

nickcx1 by Not applicable
  • 1638 Views
  • 3 replies
  • 0 Likes

Resolved! Customizing Captive Portal login response page

I'd like to customize this page, but I don't see it listed in the GUI (5.0.x) Device Tab / Response Pages.  I can see the rest, including the Captive Portal Comfort page... but no logon page?

The page in the web browser is titled "User Identification

...

cenders by L3 Networker
  • 4521 Views
  • 5 replies
  • 0 Likes
Top Liked Authors