General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! How to block malware coming over VPN

Last week we had an internal user that was infected with CryptoLocker. Our users get through GPO network drives and also some of the files on these drivers were infected. We could disinfect the system and the files and we generated a GPO so no malware can be run from %appdata% and we also did some other changes. The only thing I'm afraid about i...

ZEBIT by L3 Networker
  • 3419 Views
  • 1 replies
  • 0 Likes

Resolved! How to make Windows / Cisco / PA network secure?

We have several GPO running on our clients to make the network secure as possible. Also the clients and severs are running in different VLAN. But which other configuration changes to I need todo to make the network secure?Maybe use NPS but what are the condition I need to make? Thanks in advance

ZEBIT by L3 Networker
  • 2465 Views
  • 1 replies
  • 0 Likes

Sinkhole Feature Trouble

We implemented the DNS Sinkhole feature about the time 6.0 came out. I've actually had a hard time using the threat and traffic logs for incident response. We can't pinpoint which hosts are hitting what URLs or malicious domains. The threat logs show all the suspicious DNS queries that come from our DNS servers but not the hosts themselves (beca...

How Does DNS Sinkholing Work?

Can anybody offer a detailed explanation of how DNS Sinkholing works and possibly a real world example of it?I can only find this documenation: How to Configure DNS Sinkholing on PAN-OS 6.0 and it doesn't provide a lot of details on how it works.It seems like the DNS request is allowed but when traffic starts to flow the firewall notices the des...

Can't get syslog to work via data port

Hello folks, Maybe someone has seen this before. I've got my syslog profile, log forwarding and policy setup the way they should be configured but the only exception is that I'm using a data port and UDP 1514. I've configured a service route and also allowed the syslog server on my interface management profile. The connection between the firewal...

x by L1 Bithead
  • 3066 Views
  • 1 replies
  • 0 Likes

Resolved! Configuring a port for a dedicated WAN link.

I recently ordered a 1GBPS dedicated fiber connection between my primary site and DR site. The ISP doesn't assign me an IP address or anything and says it is just a layer 2 connection. So I am a bit confused on how to configure my PA 3020s(one at each location). I have installed an sfp module from PA into each side but they are not coming up....

Mogus742 by L0 Member
  • 3494 Views
  • 1 replies
  • 0 Likes

critical severity default action alert

I am trying to understand the meaning of the default critical vulnerability action "Alert". This question was brought up by management who gets the PAN Content Update email and I want to give them an accurate answer. For example, Adobe Flash Player Memory Corruption ID 38112 is rated as critical and, as most critical vulnerabilities, the default...

Resolved! Baseline Procedure for DOS Prevention

Hello everyone,I was looking at setting up the DOS profile/protections on a PA-3020. I obviously need to baseline the traffic/system and was curious if there areany docs, Perhaps hidden, that would help me in this.Essentially I will need to grab stats. I realize Cacti can do this, but my customer does not have any available tools. : (thank you...

dbrenipc by L3 Networker
  • 4371 Views
  • 2 replies
  • 0 Likes

How do I create a browsing report thats easy for a CEO to read...

Hi,I have been tasked with creating a report out of our Palo Alto firewall that shows the following.For a period of 1 monthUsers Hours\Sessions on a websiteTop 20 visited websites.Top 20 Categories.We are using the user agent so all the data should be there, I can see some of it but getting this into a format that easy to read for a CEO?Can some...

tezza by L2 Linker
  • 5067 Views
  • 2 replies
  • 0 Likes

Trouble differentiating between malware already seen by WildFire and malware 'first seen' by WildFire

I'm having trouble determining which malware has already been seen by WildFire (therefore it was not re-sent for analysis and blocked by the FW) vs. a file that our organization sent to WF and was determined to be malicious after analysis (not seen before by WF) . This would significantly help our organization respond to malicious files that may...

r_gine by L1 Bithead
  • 5063 Views
  • 3 replies
  • 0 Likes

Resolved! Custom Button on URL Continue Response Page

Is it possible to create a custom button for the URL Continue Response Page? My customer is complaining that the Continue button that is part of the pan_form is too small and would like to create a larger one to use.

jwolach by L4 Transporter
  • 13135 Views
  • 8 replies
  • 0 Likes

Polycom can not answers a call

hi all.i have a problem with palo altl and polycom.When i make a call from inside to outside >> it okwhen a call from outside comming >> i can not answersi open all port, allow all application as: h.323, h.252, rtp...pls help me know why

dat.tran by L2 Linker
  • 8484 Views
  • 9 replies
  • 1 Likes

Import ssh key

Is there a way to import an ssh key into a firewall?For instance, I run the following commands:ssh-keygen -t rsa (The public key is now located in /home/demo/.ssh/id_rsa.pub The private key (identification) is now located in /home/demo/.ssh/id_rsa)ssh-copy-id user@myfirewallWhen I run the ssh-copy-id command, I asks me to login and I get this:Un...

QoS Guaranteed

Hi, I would like to book (guaranteed egress) 5Mbps for streaming in one of my vlan. My outide-Internet (egress) interface is eth1/1. The class for streaming is CLASS 1 (real time) right????whats the difference between "clear text traffic" and "tunneled traffic"??? Im using a PA2020, i can do QoS for limited bandwith and guarranteed in this model...

SOC_CSG by L4 Transporter
  • 4156 Views
  • 5 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels