General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 496 Views
  • 0 replies
  • 0 Likes

Global Protect Pre-Authentication with public SSL cert

Folks.

My boss wants me to implement "pre-authentication" for my Global protect clients, so that they authenticate against AD before logging on to their laptops when on VPN, and ergo run login scripts, group policies etc.

I have https://live.paloaltone

...

darren_g by L4 Transporter
  • 4617 Views
  • 9 replies
  • 0 Likes

Resolved! GlobalProtect DNS server ignores the access routes

Hey all,

Just another PaloAlto funkiness I found out today...

When you configure a DNS server under the gateway configuration for GlobalProtect a route will automatically be added to route traffic to this DNS-ip through the tunnel: REGARDLESS of what y

...

mr.linus by L4 Transporter
  • 2710 Views
  • 2 replies
  • 0 Likes

Resolved! FTPS and Service - problem

Hello

I have FTP server on Debian 7 (ProFTPD 1.3.1) and security rule:

and now FTPS connection works.

With "application-default" as a service FTPS sessions hangs on listing directory and sfter some time FTP client was disconected.

I'm on 6.0.2 PAN with l

...

_slv_ by L4 Transporter
  • 11209 Views
  • 20 replies
  • 0 Likes

Resolved! Cannot run GlobalProtect Portal on preferred IP address

Please correct any wrong statements:

1. I connect my PA to the "untrust internet" via ethernet 1/1

2. My ISP assigned me 164.67.80.0/24 block of IPV4 addresses (actually this is a lie...)

3. I assigned 164.67.80.2/24 to ethernet 1/1

4. The PA is capable

...

cstech by L2 Linker
  • 4022 Views
  • 3 replies
  • 0 Likes

Mirror traffic from tunnel interfaces to SPAN port

Hello Everyone,

I'm new to the PA firewall's and trying to figure out how to monitor my tunnel interfaces, and the traffic flowing through them.

I have a PA-3020 running as an endpoint for several tunnels. I want to mirror the traffic from those tunn

...

edevansky by Not applicable
  • 5588 Views
  • 5 replies
  • 0 Likes

Destination NAT on a Vwire?

Is there documentation on how to do this?  All I have found is incomplete.  Is the Destination Zone the same or different than the Source Zone?  Do the addresses have to include the subnet mask?  Are there any complete examples available?

kentjday by L1 Bithead
  • 5709 Views
  • 10 replies
  • 0 Likes

Resolved! Help with custom vulnerability signature

Can someone provide documentation and insight in regards to creating custom IPS signatures based on the follow scenario?

Consider you have an FTP server. The USER command is vulnerable to buffer overflow. How does one create a custom signature to iden

...

SDorsey by L4 Transporter
  • 3558 Views
  • 4 replies
  • 0 Likes

EDNS Support

In the recent code releases has support for EDNS been added...If so, what release and can you point me in the direction of a good EDNS tech doc?!!

Thank you in advanced,

-jc

jclimer by L0 Member
  • 6197 Views
  • 5 replies
  • 0 Likes

Security Policy-by Computer Name in domain

Hi,

I have a requirement from a customer, that he doesn't want user based security policy for a certain location.

He want that only specific computer names which are in domain should be blocked for certain application.

Is this possible using global pro

...

NiteshS by L2 Linker
  • 3705 Views
  • 2 replies
  • 0 Likes

Redundant Ports

Hi,

the customer is looking for a redundant ports as there looking for a cross connection between two different switches.

is this possible? etherchannel/aggregate port configuration doesn't solve that issue as aggregate port goes in the same switch onl

...

NiteshS by L2 Linker
  • 4382 Views
  • 4 replies
  • 0 Likes

List of custom risks

Hi,

Just started out configuring a new PA3020 and decided to block all risk level 5... there are a couple of apps that I wanted to allow through so re-graded them risk 4.

In the future I want to ensure this is manageable, is there somewhere on the syst

...

Resolved! Panorama Botnet View

Hi All,

Where do you find the Botnet monitor and reports for firewalls running 4.x from a Panorama interface running 4.x? And minimum level permission is required in order to see these Botnet reports?

Appreciate the assistance.

apc050 by Not applicable
  • 6235 Views
  • 6 replies
  • 0 Likes

Active Directory Users not Authenticating to GP

Hi,

We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.

However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the foll

...

rsaber by L1 Bithead
  • 2937 Views
  • 3 replies
  • 0 Likes
  • 24090 Posts
  • 116 Subscriptions
Top Liked Authors
Labels