This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4139 Views
  • 0 replies
  • 0 Likes

NTP attacks - threshold-based blocks?

Our campus has been getting a lot of NTP DDoS attacks of late. While the simple solution would be to shut it down except for necessary systems, the problem (as per usual in public-sector) is that everyone seems to want to run something that uses it and complains if we start blocking. Looking at the attacks, it's very easy to see the difference ...

aaronm by L1 Bithead
  • 9478 Views
  • 9 replies
  • 1 Likes

Resolved! activ/passiv-cluster police in sync but different rule handling

Hi everyone,some trouble if i turn the activ one to the passiv and vice versa. the policy was syncronized but the result was different.Same rule and same source / destination and same App (ssh). in the unsuccessful log i can't either see session- id or outbound-interface.successfulunsuccesfulboth ports are identically configured and are up. I ap...

kdd by L4 Transporter
  • 3043 Views
  • 2 replies
  • 0 Likes

Dynamic updates ERROR after updated 6.0.0. Why? HELP

HI I updated yesterday software from 5.0.10 to 6.0.0 But after such an error occurredBefore that everything was normalBut after such an error occurredmany reboots, many check updates but the error is stillWHY HOW TO FIX HELP

MRPAM by L1 Bithead
  • 4444 Views
  • 4 replies
  • 0 Likes

Resolved! Wildfire in Dynamic Update

Hello~Since PAN OS 5.0.x more We can download wildfire signatures in dynamic updatebut I don't know understand about Minutes Pass HourIs it same the other AV, Content threshold (hours)?

Resolved! Where is SSL processing done - data plane or management plane?

Bit of a curly one which I'm not sure of the answer on.We're hitting our PA2020's pretty hard in the SSL VPN department (now hitting up to 50 or 60 clients at a time), a reasonably recent ramp-up owing to some business expansion - also have several IPSEC VPN's running through the same box.I'm noticing that in my performance graphing, the firewal...

darren_g by L4 Transporter
  • 5584 Views
  • 6 replies
  • 0 Likes

DoS applictation attack to DNS server - how to prevent, and how to create report showing IP addressess with the highest number of session (not bytes) opened to it

From time to time I observe a lots of DNS queries (not UDP floods) from Internet to my DNS servers. Unfortunately those queries have negative inpact to my old firewall (it can't establish so many sessions, which makes the network stops).Probably my DNS servers are targets of:- DoS application layer attacks: target specific applications, eg DNS d...

PA acquires stealth mode startup Morta

"Morta Security is a stealth-mode start-up developing a new paradigm to counter advanced cyber threats. Traditional layered network defense is broken and Morta is poised to turn the tables on advanced attackers. Led by executives and engineers from the National Security Agency, Morta's technology uniquely combats advanced malware. We mix start-u...

Cisco VPN Client syslog to user-id agent

Hi,We are trying to have Cisco ASA VPN server to send syslog message to kiwi syslog server. The kiwi syslog server uses the vbscript to feed vpn username and vpn assigned ip address to user-id agents. The cisco vpn client log-off message does not contain the vpn assigned ip address. Anyone solve this problem before?Thanks,Ernest

Benefits of using DNS Proxy?

Are there any Security benefits to using the current implementation of DNS proxy on the PAN? I have seen on the ver 6.0, a new feature called DNS sinkhole, but I don't think it will require the DNS proxy feature. Watchguard checks DNS headers and a couple of other criteria for DNS based attacks, but I don't see anything in PAN documentation that...

craymond by L4 Transporter
  • 6392 Views
  • 7 replies
  • 0 Likes

Custom Report

Hi allIn user activity report there Browsing Summary by Website and i need to use it in custom report instead of Full URL description as the reportRegards

Resolved! force refreshing of user-group-mapping

Hello,to get some information of a user-group i use the command: show user group name "abc" and i got all members of the groupand then : debug user-id refresh group-mapping group-mapping-name "abc" and i got "server-error abc is invalid group-mapping-name"Whats wrong or is there a fault in my understanding?Regards Klaus

kdd by L4 Transporter
  • 4924 Views
  • 4 replies
  • 0 Likes

Problem with ssh decryption after SSH server upgrade

After upgrade ssh server to OpenSSH_6.4p1-hpn14v2, OpenSSL 1.0.0j 10 May 2012 I can't connect to this server when using ssh decryption on Palo Alto.Before ssh server upgrade, decryption was working correctly and I could connect and decrypt ssh traffic.When I'm trying to connect from client PC I get response:'Server unexpectly closed network conn...

Custom APP-ID

Hi,I'm trying to create a custom APP-ID for nearmaps.com. However, cannot get the monitoring to identify the traffic. Following is how I created the APP-ID,captured the header information from HTTPFox on Firefox. Refer attached screenshotIm not sure what i'm doing wrong here. Appreciate any response.

Shayan by L1 Bithead
  • 3169 Views
  • 1 replies
  • 0 Likes

Resolved! Log recovery after Panorama downtime

If the Virtual Panorama goes down for a several hours for maintenance and then comes back online will the Panorama reliably request and receive the updates from the individual firewalls logs for the time it was down so that the logs will be complete? What caveat's may be expected.Customer has a Virtual Panorama that collects logs from several fi...

Monitor session end reason

Hello,How to check what was the reason behind session end? I mean it could be RST, FIN or timeout from firewall.Regards,ifpilm

ifpilm by L1 Bithead
  • 3086 Views
  • 2 replies
  • 0 Likes
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks