General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! SSL Ciphers

Does anyone have the ciphers list to configure on ISS and Apache that will fully support decryption? We're running PAN-OS 6.0.

mharding by L4 Transporter
  • 4637 Views
  • 4 replies
  • 0 Likes

Resolved! GlobalProtect Gateway on Different IP address

Let's say we  have an external facing interface  Ethernet1/3  with  Ip address of 1.1.1.14/28.   The upstream isp router is 1.1.1.1 all other addresses (1.1.1.2-1.1.1.14) are routed to the Palo Alto and in use for various web services, etc..

Per the d

...

travisj by L2 Linker
  • 4890 Views
  • 4 replies
  • 0 Likes

Resolved! VPN port and default port the same?

Hallo all,

i have only one phyical ethernet interface on firewall which is facing the internet. I also want to make this PA firewall as an IPSEC Tunnel endpoint. So all my internal traffic uses this ethernet interface to go to internet. And VPN traffi

...

Basic noobie question.

I am looking to what I would call port address translation, but am unfamiliar with how to do it on the PA. Basically I need a public IP to route SNMP traffic to one inside address, and syslog traffic to another inside address. This will also only app

...

mcocat by Not applicable
  • 2952 Views
  • 6 replies
  • 0 Likes

Resolved! WildFire Question

Have a question about the functionality of WildFire.  Here is the scenario (assume we have a WildFire subscription so we are getting updates every 30 minutes):

  1. User gets an email to download "file.exe" at 0800
  2. This hash does not match anything and is s
...

mrsold by Not applicable
  • 5386 Views
  • 7 replies
  • 0 Likes

Resolved! Userid Not detected for some traffic

We are using 4 User-id Agents and today some users started experiencing problems with certain sites they use.  The same sites for all users.... but not all sites.  We have many ad group based rules and some are still working while others seem to have

...

cdp181 by L1 Bithead
  • 4878 Views
  • 3 replies
  • 0 Likes

Resolved! PAN OS Upgrade 6.0.5 failure and success

Hello All

Out of the box, my 3050 Firewall had PAN OS 5.0.x and I wanted to upgrade it to.the latest 6.0.5 release. My Firewall does not have internet access yet, and so all the following things were done offline by downloading files on my laptop.

So,

...

VMware View rules configuration

Does anyone have any information on how to get user-id to work with a VMware View security server sitting in the DMZ? Right now the only way we can get PCoIP traffic to flow to is by specifying the ip of the VDI machine that is being connected to. Wh

...

Global Protect Troubleshooting

I have a portal and 3 gateway's setup.  From my home network and a couple other home networks Global Protect works with no issues,  We can disable the client, re enable it, change to different gateways on the fly and it connects right up.

Now for some

...

markk96 by L3 Networker
  • 4725 Views
  • 4 replies
  • 0 Likes

Upgrade to 5.0.14-h3 stopped traffic

We just attempted to upgrade some 5020's to 5.0.14-h3(mainly to patch the evasion vulnerability) and quickly found that the upgrade broke traffic traversing the firewall.  During the short period of time it we were running on 5.0.14-h3, there were a

...

jambulo by L4 Transporter
  • 2967 Views
  • 6 replies
  • 0 Likes

Resolved! What SSL/TLS versions are allowed for WEBUI

Hello,

I'm trying to verify which SSL/TLS versions and Ciphers the PANs accept for WEBUI connections.  Specifically I am trying to verify that it does not accept connections using weaker Protocols or Cipers and if it is configurable.

Please note that

...

Netflix application rolled in to web-browsing?

Last week I ran an ACC report for the top 25 applications.  Netflix was #3 (university environment, so it's to be expected).  Today, I ran the same report and Netflix (as an application) is no where to be found.  I launched Netflix on my computer to

...

bhelman by L2 Linker
  • 3749 Views
  • 3 replies
  • 0 Likes

Resolved! App-ID for Apple iOS Update

Hi All,

I'm preparing for tomorrow's iOS8 update.  Last year with iOS7, we got slammed on bandwidth.  This year now that we have the Palo Alto, I'm configuring QoS so that the iOS update doesn't eat all of our bandwidth.

Does anyone know what App-ID th

...

wocomike by L1 Bithead
  • 5671 Views
  • 5 replies
  • 0 Likes

User-ID IP mapping

Why does some traffic in the logs not have a user tied to the IP address at times even tho in the logs the IP has a user mapped to it most of the time.  This is causing policy to be dropped down to a different level.

markk96 by L3 Networker
  • 2829 Views
  • 5 replies
  • 0 Likes
  • 23576 Posts
  • 103 Subscriptions
Top Liked Authors
Labels