General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 424 Views
  • 0 replies
  • 2 Likes

Application block page - not enabled by default

I've noticed in PAN OS 5.x that the application block page is not enabled by default. Obviously it can be manually enabled.. but was this done for a specific reason to address some common problems experienced by customers?

I could surmise that perhaps

...

CMG by L2 Linker
  • 3019 Views
  • 3 replies
  • 0 Likes

Convert from vwire to layer 3 for globalprotect.

I'm trying to put together a plan of action to get globalprotect to work for us. I have a work ticket open with PA. Our PA firewall is currently deployed in a VWire setup, on the lan side of our router. Here are my big questions for getting this acco

...

Netwerx by L2 Linker
  • 3945 Views
  • 3 replies
  • 0 Likes

Resolved! SYN-Flood packets dropped by unknown rule

Hi everybody,

we got a lot of syn-packets which were dropped  by the rule any-allow. But we haven't this rule, so is it a inbuilt rule and

why do i need a DoS-Rule to be protected against Syn-Floods if there is a builtin rule.

Cheers klaus

kdd by L4 Transporter
  • 5900 Views
  • 14 replies
  • 0 Likes

Resolved! Decryption policy Issue

Hi All,

I'm just trying to configure decryption. because I'm facing Issue while blocking applications(not all the applications got blocked as the policy supposed to do).

First of all, I'm using Trusted CA, and here you are the steps I followed To gener

...

Resolved! GlobalProtect with NATet interface

I have a PA200, and is using eth1 for outside (internet) and eth2 for inside. I'm NATing from eth2 to eth1, as normal.

Now i want to have the management https address on the eth1 for several reasons.

At home its just for testing, but at my office i hav

...

Dropbox (again)

Hello,

We have a requirement to do the following

Block dropbox for some users

Allow dropbox web for some users but block app - use ssl decryption to control uploads

Allow ALL for 2 VIP's - no decryption required

Is this at all possible?

depps by L1 Bithead
  • 3961 Views
  • 4 replies
  • 0 Likes

Resolved! Panorama 5.1 with fw PanOS 4.1.14

Hello Everyone,

We deploy a panorama 5.1.4 and 2 fws are managed on it, one of the fws is running PanOs5.0.8 and another one is running 4.1.14. We can see the fws normally on Panorama -> Managed devices and Templates tabs. however when I finsh a ldap-

...

Resolved! DHCP Service

In the PA software support Boot Server Host Name and Bootfile Name options?

Outgoing SMTP

It used to be best practice to not allow outgoing SMTP except from the primary server.  I am finding more and more applications have a dependency of allowing SMTP outgoing.  I am curious what others are doing with regard to these dependencies.

Thanks,

...

BobW by L4 Transporter
  • 6010 Views
  • 10 replies
  • 0 Likes

Restricting users to Internet only

How can I restrict a certain group (ip range\VLAN) to internet only access.?  I don't want them to get to internal network shares with unfamiliar devices. We use Aruba Clear pass to authenticate and assign IPs and the PA 500 sits on the parameter. I

...

  • 23696 Posts
  • 110 Subscriptions
Top Solution Authors
Labels