General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Online Cloud Storage

Hi,

I want to put together a policy to manage our user's access to online storage. We would like to restrict access to all but a few storage companies (DropBox, Hightail) and wondered how others manage such a task.

Also, I'd like to accurately pull a

...

Resolved! Enabling Jumbo Frames

Enabled jumbo frames at Device, Setup, Session. Question is, do I still have to go to each interface and specify the MTU size per interface or is the default value what I set at the device level? Basically, if I don't touch the interfaces what MT

...

Why pdf file action is forward on wildfire?

Hello.

I am seeing data-filtering logs for wildfire and have found some logs.

It is pdf file log that action is forward.

Wildfire configuration is any application and action forward.

But PDF is not PE file.

I don't understand Why pdf file action is forwar

...

Resolved! PA-500 - Error: Number of profiles (4294967292) exceeds vsys capacity (50)

I've inherited the management of a PA-500 that was previously linked to a Panorama server.

When I try to commit I receive the following error

VSYS1

Error: Number of profiles (4294967292) exceeds vsys capacity (50)

(Module: device)

Commit failed

I've l

...

Resolved! Configuring CRLs

All,
I am using a microsoft CA to issue machine certificates for global protect authentication. All is working, but the downloading of my internal CRL. Is there something I need to configure besides checking the "User CRL" option in my certificate p

...

Using client certificates with an authentication sequence for Global Protect

Hello,

Is it possible to use client certificates for both AD and local users for global protect? I have a working authentication sequence, but have a requirement to use client certs. If it is possible, would it be better to generate the certificates

...

Resolved! Prevent Scan

HI,

we have detected that we are suffering a scan of all servers in our DMZ, the IP source is 151.236.14.140, on port 443.

How can we avoid this kind of attack or prevent it??

Thanks

GlobalProtect support for OSX 10.9

Anyone got GP to work with OSX 10.9? Do we need to wait for an update?

Thanks,

E

HTTP Report

Hi,

I want to create a report based on the predifined canned report HTTP Applications. I have tried loading it as a template and it doesn't show up in the list of templates. I have also found it in the CLI as top-http-applications the output of whic

...

Resolved! smtp/pop3 over SSL - how to configure security rules?

Hi

I moved my email serwer from untrust to DMZ. Everything almost is working fine, almost ...

This server has ftp and webmail function too, so my security rules looks:

I checked on aplipedia for aplication smtp and pop3. Accroding to aplipedia smtp uses

...

Torrent

Hello Guys,

Have anyone of you noticed something regarding torrent(bittorrent, transmission..etc..)?

We received a report that a torrent app which is transmission is able to evade the app detection of Palo Alto NGFW.

I tested it in my lab, I use Bittorr

...

TCP Sliding Window checks stops after L7 scan is completed for a session

Hello,

Does anyone have a document confirming the expected behavior from PANOS 4.1 regarding the TCP Sliding Window checks when the L7 scan is completed (hw session offload) for TCP session?

Thanks

Migrate from ASA 5505 to a PA 3020

Any one know the best what to migrate this configuration from a Cisco ASA 5505 to a PA 3020 here it show run information for the interfaces from the ASA 5505

interface Ethernet0/0

switchport access
vlan 900

!

interface Ethernet0/1

switchport access
vl

...

Problem with chained Cert

Hello

I made a CSR. Got my Cert and did the stuff mentioned in the "how to chained certificate", Copied the intermediate on top of my cert.

but the PA-500 did not accept it. okey i tried it without the intermediate cert text - and it worked. Request is

...

Resolved! Youtube safe mode

Hello all,

Yes its youtube again, for a while now youtube has been working fine since we turned on the safety-mode feature and forced students to select safe-mode.

But this week they have been complaining that not all the videos work.

I have looked at t

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free