General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Shellshock vulnerability prevention

Does someone know if the PA can automatically block the bash traffic of the shellshock vulnerability? If not what would be the best rule to protect the dmz servers?thanks

warner by L0 Member
  • 7564 Views
  • 11 replies
  • 0 Likes

Palo Alto Proxy Server VM

I have a Tech Note for the YouTube for Schools and Google, Bing, and Yahoo SafeSearch. However, I cannot seem to find the VM for the proxy server that Palo Alto has created.Is there a link for this somewhere?

Resolved! For my next feat . . . User Identification and Active Directory

PAN-200Software version: 6.0.1GlobalProtect Agent: 2.0.4Me, again. Linux/Unix guy, drafted to be the Windows / Network guy when that fellow left.Our network reseller setup the device. I'm trying to dope this stuff out a) because their time is valuable and we're minding our dollars and b) I really need to _know_ this stuff.My next feat is to ge...

bdunbar by L3 Networker
  • 6410 Views
  • 10 replies
  • 0 Likes

SNAT vs DNAT

On our firewall we have some inbound web servers with static NAT policies using SNAT and others inbound web servers/services with DNAT policies. I am trying to figure out which one i should be using. For example the company we hired to implement our firewalls and setup policies use the SNAT way for every Static NAT policy. When I called into s...

Resolved! Fail installing Apps and threats content

Hi,I cant install the new content in my firewall PA. I have tried by WebUI and CLI and its not being installed. If i use WebUI the installation finished OK but its not installed. Using CLI i can see FAIL.request content upgrade install file panupv2-all-contents-458-2380.tgz2014/09/29 15:56:47 4595 Install FIN FAIL 15:57:...

SOC_CSG by L4 Transporter
  • 13181 Views
  • 14 replies
  • 0 Likes

PA-200 does not start up anymore

Hello,all for a sudden my PA-200 is not starting up anymore.The symptomatic is as follows:- after power up the device the status of all LED (on network ports) is permanently green- the status of "power" and "fan" is green- the status of all other led is off- when I connect to the console, the PanOS Bootloader obviously tries to start up the devi...

itsbi by L0 Member
  • 4296 Views
  • 6 replies
  • 0 Likes

How to effetively cut off communication at a scheduled time

Hi,We are running a PA500 box with software at ver 6.0.4. at a boarding school.At a certain time during the night we need to switch off internet access completely (so the students get som sleep before next day). When we do this using schedules in security policies I understand it only denies the creation of new sessions. Ongoing sessions will ...

Microsoft office 365.

I have a customer that uses Office365, and I found out a few weeks ago that this failed due to Microsoft changing their IP's.I have looked and so far Microsoft seem to not give FQDN for their server supporting the office suite that I can find.I have found however that Microsoft has a lot of online document that have 365 pages and more.

JReese by L0 Member
  • 3720 Views
  • 4 replies
  • 0 Likes

User Identification using Windows NPS?

Is it possible to have the user ID agaent look at NPS events to determin a user is authenticated? I am trying to find a way to ID users on a wireless network without using captive portal. My users are all Active Directory users and the devices they would connect with are BYOD. I was hoping that we could have them connect to the WLAN using aut...

mgonzalez by Not applicable
  • 6376 Views
  • 4 replies
  • 0 Likes

malware??

Dumb question perhaps, but why is www.googletagservices.com/tag/js/gpt.js being flagged as a malicious URL? It doesn't come up that way in PA's URL filtering site.It's created a considerable jump in my botnet list.Thanks in advance...//moe

Wildfire Signature Based Blocks

Hopefully a quick question - is there any way to determine whether a executable has been blocked because it was a Wildfire derived signature (for paying customers). It may be obvious when it happens, but hard to know if it has etc.Would like to be able to correlate the protection afforded by the service by providing a discrete count of executab...

apackard by L4 Transporter
  • 5913 Views
  • 6 replies
  • 0 Likes

Site-2-Site IPSEC Tunnel won't come online

i have three offices:office 1: US - northeast 1.1.1.1 PAN-500HAOffice 2: US - southeast 2.2.2.2 PAN-3020HA HQ siteOffice 3: Shanghai China 3.3.3.3 PAN-200all three IPSEC tunnels were up and running. My Office 3 moved locations and when they did that we obtained a new static IP from the executive office we moved into. We updated the fire...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels