General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Global Protect Pre-Authentication with public SSL cert

Folks.

My boss wants me to implement "pre-authentication" for my Global protect clients, so that they authenticate against AD before logging on to their laptops when on VPN, and ergo run login scripts, group policies etc.

I have https://live.paloaltone

...

darren_g by L4 Transporter
  • 3480 Views
  • 9 replies
  • 0 Likes

Resolved! GlobalProtect DNS server ignores the access routes

Hey all,

Just another PaloAlto funkiness I found out today...

When you configure a DNS server under the gateway configuration for GlobalProtect a route will automatically be added to route traffic to this DNS-ip through the tunnel: REGARDLESS of what y

...

mr.linus by L4 Transporter
  • 2132 Views
  • 2 replies
  • 0 Likes

Resolved! FTPS and Service - problem

Hello

I have FTP server on Debian 7 (ProFTPD 1.3.1) and security rule:

and now FTPS connection works.

With "application-default" as a service FTPS sessions hangs on listing directory and sfter some time FTP client was disconected.

I'm on 6.0.2 PAN with l

...

_slv_ by L4 Transporter
  • 8402 Views
  • 20 replies
  • 0 Likes

Resolved! Cannot run GlobalProtect Portal on preferred IP address

Please correct any wrong statements:

1. I connect my PA to the "untrust internet" via ethernet 1/1

2. My ISP assigned me 164.67.80.0/24 block of IPV4 addresses (actually this is a lie...)

3. I assigned 164.67.80.2/24 to ethernet 1/1

4. The PA is capable

...

cstech by L2 Linker
  • 3199 Views
  • 3 replies
  • 0 Likes

Mirror traffic from tunnel interfaces to SPAN port

Hello Everyone,

I'm new to the PA firewall's and trying to figure out how to monitor my tunnel interfaces, and the traffic flowing through them.

I have a PA-3020 running as an endpoint for several tunnels. I want to mirror the traffic from those tunn

...

edevansky by Not applicable
  • 4086 Views
  • 5 replies
  • 0 Likes

Destination NAT on a Vwire?

Is there documentation on how to do this?  All I have found is incomplete.  Is the Destination Zone the same or different than the Source Zone?  Do the addresses have to include the subnet mask?  Are there any complete examples available?

kentjday by L1 Bithead
  • 4507 Views
  • 10 replies
  • 0 Likes

Resolved! Help with custom vulnerability signature

Can someone provide documentation and insight in regards to creating custom IPS signatures based on the follow scenario?

Consider you have an FTP server. The USER command is vulnerable to buffer overflow. How does one create a custom signature to iden

...

SDorsey by L4 Transporter
  • 2823 Views
  • 4 replies
  • 0 Likes

EDNS Support

In the recent code releases has support for EDNS been added...If so, what release and can you point me in the direction of a good EDNS tech doc?!!

Thank you in advanced,

-jc

jclimer by L0 Member
  • 5042 Views
  • 5 replies
  • 0 Likes

Security Policy-by Computer Name in domain

Hi,

I have a requirement from a customer, that he doesn't want user based security policy for a certain location.

He want that only specific computer names which are in domain should be blocked for certain application.

Is this possible using global pro

...

NiteshS by L2 Linker
  • 2744 Views
  • 2 replies
  • 0 Likes

Redundant Ports

Hi,

the customer is looking for a redundant ports as there looking for a cross connection between two different switches.

is this possible? etherchannel/aggregate port configuration doesn't solve that issue as aggregate port goes in the same switch onl

...

NiteshS by L2 Linker
  • 3461 Views
  • 4 replies
  • 0 Likes

List of custom risks

Hi,

Just started out configuring a new PA3020 and decided to block all risk level 5... there are a couple of apps that I wanted to allow through so re-graded them risk 4.

In the future I want to ensure this is manageable, is there somewhere on the syst

...

Resolved! Panorama Botnet View

Hi All,

Where do you find the Botnet monitor and reports for firewalls running 4.x from a Panorama interface running 4.x? And minimum level permission is required in order to see these Botnet reports?

Appreciate the assistance.

apc050 by Not applicable
  • 5098 Views
  • 6 replies
  • 0 Likes
  • 24194 Posts
  • 100 Subscriptions
Labels