General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Stopping email alert for Syslog related Logs.

How stop email alerts for syslog related logs? For example Email alert is generated for every one hour that syslog server is active.Note: The log severity level for email alert is configured for high and it should be changed.

Gururaj by L4 Transporter
  • 4639 Views
  • 3 replies
  • 1 Likes

Resolved! A lot of unknow-udp traffic (port 123)

HiI observed since 04/09 a lot of traffic clasified as unknown-udp from my DMZ to Untrust. It could be missidentified because I have security rule that allow NTP.It could be related to 429 package of Thread prevention update. Now I'm on 430-2169.Do You have the same?RegardsSLawek

_slv_ by L4 Transporter
  • 5158 Views
  • 3 replies
  • 1 Likes

Resolved! software update schedule

Hi quick question regarding software updates. I know you can pull updates manually within the device, but I was under the impression that these updates would pull and install automatically. We had a consulting company help with our install so I may be missing where the updates might be scheduled?:Our current update status shows:The current softw...

bino150 by Not applicable
  • 3247 Views
  • 1 replies
  • 0 Likes

Resolved! Log Category and Current Category : PAN-DB

Hello,Anyone here having the same issue? Please see the image below,The URL that we are browsing isn't match with the Log Category.We already tried re-downloading the whole URL PAN-DB. Also, the URL category on the cache identifies "youtube" as streaming-media.Thank youRegards,hartkently

QoS policies

hi!i have a question regarding the QoS feature, so here goes:the scenario is the following - we have 2 apps for which we would like to limit the bandwidth, lets say app1 and app2. we have edited one of the QoS classes in the default QoS profile, class 3, and set the max guaranteed bandwidth to 2Mbps.the next step would be to create the QoS polic...

Heratbleed CVE-2014-0160 - New Vulnerability Signatures

Palo Alto released multiple vulnerabilities for the Heartbleed bug.New Vulnerability Signatures (3)SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Versionmedium40039OpenSSL TLS Heartbeat Brute Force - HeartbleedCVE-2014-0160alert3.1.0informational36417OpenSSL TLS Heartbeat Foundalert3.1.0medium36418OpenSSL TLS Malformed Heartbea...

Antivirus and apps - Error in retreiving data - PAN OS 6.0.1

Hi,I'm a customer with two PaloAlto PA-2020 with active/passive config running without issues.I've just upgraded from 5.0.11 to 6.0.0 and then to PAN OS 6.0.1 (latest)Starting with PAN OS 6.0.0 I can't check for apps and antivirus upgrades from the "Dynamic Updates" link. It gives the error "Error in retrieving data".This situation didn't happen...

MGCP being dropped since upgrading to 6.0.1

We upgraded our PA5020 from 5.07 to 6.0.1 to utilize TLS 1.2 to handle decryption but as a result we have created an issue with our phones. We have a couple call managers behind the PA5020's at our data center and several branch offices around the world that rely on them. The branch MGCP gateway uses UDP 2427 to send notification messages and TC...

froggyj by Not applicable
  • 5258 Views
  • 4 replies
  • 0 Likes

Resolved! PaloAlto and VCS gateway - H323 / SIP

Hi all,Installing a palo on network with VCSExpressway (cisco ToIP) module.After reading other discussion (https://live.paloaltonetworks.com/message/7757#7757, https://live.paloaltonetworks.com/message/12132#12132, , for a "full" compatibility between palo and VCS, we have to create app override for disabling the app L7 PA's analyse (for NAT rea...

VinceM by L5 Sessionator
  • 4460 Views
  • 2 replies
  • 0 Likes

Resolved! Can a Subnet Live on Both Sides of an IPSEC Tunnel?

We are planning on moving to a new office space. We need the networks in the new office space and the current office space up and running at the same time during the transition. This has raised the question on how this can even be done. We were wondering if it's possible to create IPSec VPN tunnels between offices on our PA3020s and have the sam...

Service Contract Ending

My service contract is about to end, and we are not planning on extending it as we are replacing our 3020s with some other firewalls. We are still planning on using the firewalls in our network, but not to do the threat detection stuff.I would like to make sure theses boxes still work if they are not under a service contract. It seems silly to...

kzaugg by L0 Member
  • 3043 Views
  • 3 replies
  • 0 Likes

SSL-VPN Portal not being displayed

Hello,we're running a couple of PA-500 v.3.1.5 in HA, with SSL VPN Client v.1.3.4.We're experiencing strange access issues to the VPN Portal depending on the browser being used.When trying to access the portal url we get a blank page with endless loading icon.This happens on Win7 64 with Firefox 28, while it works fine with IE9/10.On another sim...

GRE over ipsec

hello,I have an existing customer with an Cisco router. On this router is terminated a GRE over IPsec tunnel.Now they have bought an PA500 appliance. Is it possible to have the GRE over IPsec tunnel on PA, or the only way will be to reconfigure the tunnel to IPsec?thanks alotRudolf

  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels