General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Happening in June: The Complete Zero Trust Network Security Event

Greetings everyone, Don't miss Palo Alto Networks' Complete Zero Trust Network Security event coming up in June. This event will cover the following points related to the newly unveiled Zero Trust Network Security: Secure access to the right applicat...

seattle-launch-live-community-r2b-1100x120.jpg
jdelio by Community Team Member
  • 479 Views
  • 1 replies
  • 4 Likes

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 18160 Views
  • 41 replies
  • 32 Likes

Seeing these errors in my log pan_packet_diag.log

Hi seems to be filling up my log file ? I have no idea 2020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_need_hdr_insrt_log(pan_cfg_url_policy.c:274): url_profile (nil), cfg available: 12020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_ne...

SSL decryption on PA incase the SSL termintated on WAF

We have a website hosted behind WAF and Firewall (Palo Alto). The WAF already has the server valid SSL Certificate from public CA. Do we need to install SSL certificate (decryption ) on PA Firewall also for inbound traffic to make it more secure ?

msalhi by L0 Member
  • 1017 Views
  • 3 replies
  • 0 Likes

Block Tor application traffic.

Hi We are planning to block Tor application traffic in our PA device , so do we need to write security policy in both the direction and also share the steps to block the traffic in Palo Alto device. Thanks,Yusuf

Yusuf_PA by L1 Bithead
  • 2646 Views
  • 10 replies
  • 0 Likes

Resolved! Panorama Upgrade

Hi All, I carried out an upgrade on a Panorama appliance this morning, M-100 model. Went from 9.0.6 to 9.0.9-h1. Process was fine however it needed a cold boot (pull power cables) to recover, it did not come back on its own. Couldn't even console to ...

Custom signature not working

Hello Team, I need to create custom VA signature which can detect specific chrome browser version and block internet also from that browser.I have created custom signature which can detect specific version and can block http traffic too but https tra...

Resolved! What can I do with a Global proect subscription?

(posted this in the global protect forum, but this seems to get more traffic, and maybe more suggestions, so I moved it here) So I'm about due to retire my old 3050's and upgrade to 3250's - and this time I've convinced management to buy me the globa...

darren.g by L4 Transporter
  • 1712 Views
  • 6 replies
  • 0 Likes

Authentication Bypass in SAML Authentication.

Dear Support Team, Please do us favour to update Security appliance Palo Alto with latest signature which help to prevent from latest vulnerability Authentication Bypass in SAML Authentication. Patch requirement for CVE-2020-2021 PAN-OS: Authenticati...

Custom Application Signature

HelloFor the same application, I have several links and ports (https://application.intra.mydomin.corp:8530/toto, https://application.intra.mydomin.corp:8130/titi, https://application.mydomin.corp:8530/toto,..) and I would like to create a rule and sp...

2 global protect gateway cert in linux machine

Recently I have setup 2 global protect gateways and performed certificate + Credential authentication. In windows pc, I can able to successfully installed 2 gateways certificates and trusted its working fine. In Linux Ubuntu when installed the 2nd ga...

Resolved! Destination NAT issue or routing change

Hi All, I have had a destination nat running for months without issue. NAT: Source VPN Interface to Inside Interface: Destination Address: 192.168.90.231 Destination Translation: 10.0.8.82 Rule: Source VPN to Inside : Source IP to 192.168.90.231 It h...

a.jones by L3 Networker
  • 660 Views
  • 2 replies
  • 0 Likes

Resolved! OCSP Responder with Self-Signed Certificate

Following https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIzCAK, I created an OCSP responded. When creating the user certificates, for signed by I tried both the Root and Intermediate certificate. I allowed HTTP_OCSP on bo...

Capture.PNG

public ip addresses and link address /30

Hi, I have a question regarding public interface configuration. ISP gave me /30 link network address space and /28 public IP address pool. Can you suggest me best way to configure this public address on PA. Should I use virtual wire, loopback interfa...

patux80 by L0 Member
  • 888 Views
  • 1 replies
  • 0 Likes