General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! PanOS 6.1.0 and Bash

I see what might be conflicting claims regarding Bash and its full remediation in 6.1.0. Here I see that 6.1.0 is still vulnerable to bash based on the claimsPalo Alto Networks Product Vulnerability - Security AdvisoriesHowever, here I see that at least CVE-2014-7169 is claimed to be remediated. I'm hoping that means CVE-2014-6271 is no longer...

URL filtering

I am trying to elminate my ISA 2006 server and use url filtering. The setting to use the ISA server were applied using a GPO that sets the internet options/connections to user the proxy server. I modified the GPO and have confirmed that the internet options setting was removed from the users pc's. But the users are still going to the old proxy s...

infotech by L4 Transporter
  • 17785 Views
  • 30 replies
  • 0 Likes

Virus Alerts

Is it possible to create email alerts for a virus type threat alert only? With them set as medium i don't want all the medium threat alerts.

markk96 by L3 Networker
  • 3455 Views
  • 3 replies
  • 0 Likes

Automatic logon with GlobalProtect when settings are set to "on-demand"

Some of our users are experiencing automatic logon, even if the GlobalProtect is configured with on-demand. In most cases this is just a minor inconvenience, but one of our portals are configured with two-factor authentication, and when they chose "deny", GP continues to try and connect repeatedly. This is however inconvenient, since their users...

Resolved! Email Links

I have been blocking the url category for web-based email per my company policy, but i am having issues with newsletters that have links. For example this one I have. An email comes in to view the upcoming items for sale. here is the linkHealthy Snacks at Work | Corporate Wellness - fresh2deskIf you look at the link link.rm0003.net/go/mnQgWuXbk...

markk96 by L3 Networker
  • 3182 Views
  • 2 replies
  • 0 Likes

Cryptowall 2.0?

Starting to see Cryptowall 2.0 infections anyone heard any updates from PA on a threat update for this? based on my google search it's been in the wild for a week or so.

travisj by L2 Linker
  • 8649 Views
  • 10 replies
  • 0 Likes

HA failover time

Hello,How many time does failover take in seconds (when it happen)?, I have an Active/Passive deployment and I hope to use 5050 platform

proscar by Not applicable
  • 8863 Views
  • 6 replies
  • 0 Likes

Resolved! Skype-Probe Problem

Hi All,It's again me, with my issues! :smileygrin:I was asking for this issue once, but didn't find any solution.So there were going Skype-probe requests to an XXXX.XXXX.XXXX.XXXX ip address with application(Skype-Probe).It took one week.Then when we noticed, i restarted the internet interface of that host(wi-fi interface) and Everything is wor...

I've noticed an incomplate request to 111.111.111.111

Hi Guys,On PAN's Monitor tab i've noticed that one of our hosts(user's computers) send periodically some packets to 111.111.111.111 and receive any packets.on Application tab it stays incomplete!what is the shit?Did anyone have the problem like this?what can i do for figuring this out? any idea?Huge ThanksTigran

Is there a similar service like IP SLA so the firewall can change default routes as a result of a certain condition

I was just curious...if I have 2 internet feeds but am not peering - I use ip/SLA to guanratee service. If a ping to 4.2.2.2 fails, it drops the current default route and the other default route with the higher AD is the active default route.Is there something similar to this in PAN-OS?

DNS not DNS? Strange UDP 53?

I am seeing a huge amount of traffic outbound from my DNS server that seems to be being dropped by the firewall. Its being dropped because my application rule says "allow DNS server to talk DNS to the internet", it doesn't match that (because its not DNS application according to PAN) and so its dropped.Whats happening is that there is a large am...

Andy_K by L1 Bithead
  • 6855 Views
  • 6 replies
  • 0 Likes

Inconsistent documentation on zone protection

Hello,Palo Alto's documentation is inconsistent on the behavior of flood protection when it is applied by a zone protection policy.1) "Threat Prevention Deployment Tech Note - Version 2.0 RevA", page 44 says that the zone protection based flood protection applies per source-destination-port tuple:"Configure Flood Protection settings based on the...

Resolved! Source and Destination NAT at the same time

HalloBefore going to my question, please assume the following scenario:There is a Non-Palo Alto Firewall in internet (lets call it FW-Extern). There is another Non Palo Alto Firewall inside my network (lets call it FW-intern). The FW-Extern initiates IPSec VPN to FW-Intern. The VPN connections are always initiated by the FW-Extern in the directi...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels