General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Has anyone had an issue using FQDN for syslog server setup?

(active-secondary)> ping host any-splunkproxy1.acme.comPING any-splunkproxy1.acme.com (172.17.64.24) 56(84) bytes of data.64 bytes from 172.17.64.24: icmp_seq=1 ttl=60 time=0.603 ms64 bytes from 172.17.64.24: icmp_seq=2 ttl=60 time=0.565 ms64 bytes from 172.17.64.24: icmp_seq=3 ttl=60 time=0.599 ms64 bytes from 172.17.64.24: icmp_seq=4 ttl=60...

Global Protect Client not asking for passwort

Hi there,we're piloting the GP Client with a few people. Some of them are asked for credentials when connecting (expected behaviour) and some people are not asked for their credentials, but connected successful (not expected).We definitely haven't turned on SSO. The Clients are all installed by the same software distribution task. Also, I can no...

Resolved! Configuring local and LDAP source users in Policies

I have internal employees using VPN and also outside vendors with VPN accounts. In creating the policies (ex. allow employees to all internal servers while only allowing vendor VPN access to specific hosts) it appears that I can only choose LDAP users/groups as the source user. The drop-down only shows AD groups/users. I want to be able to selec...

kkrause by L2 Linker
  • 10541 Views
  • 7 replies
  • 0 Likes

Doubt about combining actions - File Blocking

Hi,Is it correct this profile "file blocking"?Name: BlockDownEXEFiles-Block files with extensions * .EXE-And prompts you before continue downloading files * .ZIP and MS Office-The other extensions anything.Thanks,

SOC_CSG by L4 Transporter
  • 2904 Views
  • 2 replies
  • 0 Likes

Special caracters for response pages

Hi, we would like to use our languages special caracters in our response pages. They are: ç, ñ, áThere is any way to put this caraters in html reponse pages???????thanks

SOC_CSG by L4 Transporter
  • 3663 Views
  • 4 replies
  • 0 Likes

Allow mobile phone access by userid, is this possible?

Our techs often interface with Zenoss, and we have a mobile app that will let us view and interact with the alarms. The problem is we need to establish VPN access first. I also don't want to open the port for the world, and I can't allow a specific ip/range because they will be connecting from various mobile carriers. I'd like to specify an allo...

mcocat by Not applicable
  • 3520 Views
  • 2 replies
  • 0 Likes

Resolved! REST API and Powershell

Has anyone used Powershell to interact with REST API on PA500?When I use the Invoke-RestMethod cmdlet to try and generate a key, I get back an empty response. If I run the keygen through a browser, it successfully returns a key. Running 6.1.1.PS C:> Invoke-RestMethod -Uri http://<ip-of-PA500>/api/?type=keygen%26ampuser=<adminuser>...

sphi by Not applicable
  • 11440 Views
  • 3 replies
  • 1 Likes

Object references - 'where used'

Hi all,I'm new to the Palo Alto's, having cut my teeth on Stonesoft, Checkpoint and Sophos.One nice feature in those solutions was the ability to select an object (of any type) and be able to list everywhere that it was being used - from policies to groups.I've not yet seen a way of mimicing this in PAN-OS 6.0. Is there a way, or a work-around, ...

User-ID for Cloudware

Hi Guys,Just finding for options and thoughts to be honest...We have a service called Cloudware which is almost like terminal servers. What we are seeing is that users using a browser from these servers are not identified on the PAN as it is not covered by AD authentication.I am aware that it is not possible to run the TS client on Cloudware an...

How to traffic-shape traffic over public wireless to app-stores like (app-id) apple-appstore?

Hi,I'd like to implement qos traffic-shaping from our public wireless network to sites like apple's appstore or google's appstore.When i look at the monitor screen of our palo, i only see ssl traffic. Do i need to decrypt the ssl traffic first so i can determine if it's app-id is android-market / apple-store ??Our goal is to limit the amount of ...

Resolved! Allow remote host to port scan

I am looking to allow a single host on the outside to run an NMAP port scan. What can I do to allow this host to get an accurate picture from the outside without giving additional access that may skew the results? In addition I would need it to bypass vulnerability protection (TCP Scan 8001). Looking at my scan attempts I see the application typ...

mcocat by Not applicable
  • 10070 Views
  • 5 replies
  • 0 Likes

SCP export log on PA-7050 and SCP import log on VM-100

Hi,Anyone know if I can run a “scp export logdb” on a PA-7050 and then restore this logdb via a “scp import logdb” on a VM-100 ?I understand that this would override all existing logs on the VM-100 but that’s fine, I just want to make sure this would work.Thanks

  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels