General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

HA failover time

Hello,How many time does failover take in seconds (when it happen)?, I have an Active/Passive deployment and I hope to use 5050 platform

proscar by Not applicable
  • 8883 Views
  • 6 replies
  • 0 Likes

Resolved! Skype-Probe Problem

Hi All,It's again me, with my issues! :smileygrin:I was asking for this issue once, but didn't find any solution.So there were going Skype-probe requests to an XXXX.XXXX.XXXX.XXXX ip address with application(Skype-Probe).It took one week.Then when we noticed, i restarted the internet interface of that host(wi-fi interface) and Everything is wor...

I've noticed an incomplate request to 111.111.111.111

Hi Guys,On PAN's Monitor tab i've noticed that one of our hosts(user's computers) send periodically some packets to 111.111.111.111 and receive any packets.on Application tab it stays incomplete!what is the shit?Did anyone have the problem like this?what can i do for figuring this out? any idea?Huge ThanksTigran

Is there a similar service like IP SLA so the firewall can change default routes as a result of a certain condition

I was just curious...if I have 2 internet feeds but am not peering - I use ip/SLA to guanratee service. If a ping to 4.2.2.2 fails, it drops the current default route and the other default route with the higher AD is the active default route.Is there something similar to this in PAN-OS?

DNS not DNS? Strange UDP 53?

I am seeing a huge amount of traffic outbound from my DNS server that seems to be being dropped by the firewall. Its being dropped because my application rule says "allow DNS server to talk DNS to the internet", it doesn't match that (because its not DNS application according to PAN) and so its dropped.Whats happening is that there is a large am...

Andy_K by L1 Bithead
  • 6878 Views
  • 6 replies
  • 0 Likes

Inconsistent documentation on zone protection

Hello,Palo Alto's documentation is inconsistent on the behavior of flood protection when it is applied by a zone protection policy.1) "Threat Prevention Deployment Tech Note - Version 2.0 RevA", page 44 says that the zone protection based flood protection applies per source-destination-port tuple:"Configure Flood Protection settings based on the...

Resolved! Source and Destination NAT at the same time

HalloBefore going to my question, please assume the following scenario:There is a Non-Palo Alto Firewall in internet (lets call it FW-Extern). There is another Non Palo Alto Firewall inside my network (lets call it FW-intern). The FW-Extern initiates IPSec VPN to FW-Intern. The VPN connections are always initiated by the FW-Extern in the directi...

Pa VPN IPsec

Hi,i have a question regarding the VPN IPsec on Paloalto , is palotlo must be in front end when configuring the PARegards,Sarah

atelcom by L3 Networker
  • 4467 Views
  • 7 replies
  • 0 Likes

Resolved! URL filtering - incosistency with online BrightCloud database

Hello.A while ago website www.rk-celje.si was recognised as malware-site. But in last couple of months the website seems to be clean and online BrightCloud lookup (URL/IP Lookup | Webroot BrightCloud) recognises it as 'Trustworthy' and categorizes it correctly as 'sports'But PA device using BrightCloud for URL filtering keeps saying it's malware...

santonic by L6 Presenter
  • 4325 Views
  • 3 replies
  • 0 Likes

Resolved! Sophos HIP Requirement for GlobalProtect

Trying to add Sophos End Point Security and Control as a HIP requirement to be installed for users connecting with GlobalProtect. Sophos End Point Security and Control is not showing up as a vendor in the list. Sophos Antivirus is in the list but is not recognized and fails the HIP requirement when connecting. Has anyone seen this issue?

ddavis1 by Not applicable
  • 5667 Views
  • 2 replies
  • 0 Likes

Resolved! IPS - new signature's action set to default instead of the action specified in rule

Hello.I have a general IPS profile with a rule (named block-crit,high) which includes all signatures with severity 'critical' and 'high'. Action for the rule is set to 'block'. I have automatic updates on for IPS signatures. Yesterday a new signature (OpenSSL SSL/TLS MITM vulnerability) was released with severity critical. When I checked my IPS ...

santonic by L6 Presenter
  • 16816 Views
  • 19 replies
  • 1 Likes

Scansafe to PANDB URL Category Mapping

Hi All,I'm searching for the mapping between Scansafe and PANDB URL categories.Scansafe categories to be found here:Web Filtering Categories - CiscoThanks for any input you can provide.Stijn

sdw by L1 Bithead
  • 4868 Views
  • 5 replies
  • 0 Likes

Response Pages Customized not working

Hi,i have customized a response page for application blocking. I have uploaded my customized page in "shared" and enabled But i try to access to any app not allowed like facebook and the page is not being showed...my PANOS is 6.0.4thanks

SOC_CSG by L4 Transporter
  • 6429 Views
  • 12 replies
  • 0 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels