General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

PA acquires stealth mode startup Morta

"Morta Security is a stealth-mode start-up developing a new paradigm to counter advanced cyber threats. Traditional layered network defense is broken and Morta is poised to turn the tables on advanced attackers. Led by executives and engineers from the National Security Agency, Morta's technology uniquely combats advanced malware. We mix start-u...

Cisco VPN Client syslog to user-id agent

Hi,We are trying to have Cisco ASA VPN server to send syslog message to kiwi syslog server. The kiwi syslog server uses the vbscript to feed vpn username and vpn assigned ip address to user-id agents. The cisco vpn client log-off message does not contain the vpn assigned ip address. Anyone solve this problem before?Thanks,Ernest

Benefits of using DNS Proxy?

Are there any Security benefits to using the current implementation of DNS proxy on the PAN? I have seen on the ver 6.0, a new feature called DNS sinkhole, but I don't think it will require the DNS proxy feature. Watchguard checks DNS headers and a couple of other criteria for DNS based attacks, but I don't see anything in PAN documentation that...

craymond by L4 Transporter
  • 6618 Views
  • 7 replies
  • 0 Likes

Custom Report

Hi allIn user activity report there Browsing Summary by Website and i need to use it in custom report instead of Full URL description as the reportRegards

Resolved! force refreshing of user-group-mapping

Hello,to get some information of a user-group i use the command: show user group name "abc" and i got all members of the groupand then : debug user-id refresh group-mapping group-mapping-name "abc" and i got "server-error abc is invalid group-mapping-name"Whats wrong or is there a fault in my understanding?Regards Klaus

kdd by L4 Transporter
  • 5115 Views
  • 4 replies
  • 0 Likes

Problem with ssh decryption after SSH server upgrade

After upgrade ssh server to OpenSSH_6.4p1-hpn14v2, OpenSSL 1.0.0j 10 May 2012 I can't connect to this server when using ssh decryption on Palo Alto.Before ssh server upgrade, decryption was working correctly and I could connect and decrypt ssh traffic.When I'm trying to connect from client PC I get response:'Server unexpectly closed network conn...

Custom APP-ID

Hi,I'm trying to create a custom APP-ID for nearmaps.com. However, cannot get the monitoring to identify the traffic. Following is how I created the APP-ID,captured the header information from HTTPFox on Firefox. Refer attached screenshotIm not sure what i'm doing wrong here. Appreciate any response.

Shayan by L1 Bithead
  • 3218 Views
  • 1 replies
  • 0 Likes

Resolved! Log recovery after Panorama downtime

If the Virtual Panorama goes down for a several hours for maintenance and then comes back online will the Panorama reliably request and receive the updates from the individual firewalls logs for the time it was down so that the logs will be complete? What caveat's may be expected.Customer has a Virtual Panorama that collects logs from several fi...

Monitor session end reason

Hello,How to check what was the reason behind session end? I mean it could be RST, FIN or timeout from firewall.Regards,ifpilm

ifpilm by L1 Bithead
  • 3165 Views
  • 2 replies
  • 0 Likes

Tunnel Monitor Configuration question

Operation CommitResult FailedDetailsIPSec tunnel #NAME enabled tunnel monitoring while binding to tunnel interface tunnel which has no IP address assigned to it yet.I receive this error when configuring a tunnel monitor to the IPSec tunnel. I'm guessing the actual tunnel interface needs an IP, what what kind of configuration is needed when that ...

rking13 by L1 Bithead
  • 5351 Views
  • 4 replies
  • 0 Likes

IPSEC Tunnels and HA Failover

Hello, In a scenario with two palo alto firewalls where the active firewall fails over to the passive firewall, if there are IPSEC tunnels established are they suppose to automatically come up on the second firewall when the failover occurs or do we have to initialize them manually? If we wanted them to automatically come up, how would we do so?...

MarkTan by L2 Linker
  • 5518 Views
  • 3 replies
  • 0 Likes

dynamic address group

Hi,when adding an dynamic address gorup with a lot of criteria(each or criterias not and)is there a way to learn which criteria related to which ip address.when using command " show object dynamic-address-group all" I cannot understand which ip is related to which object.Thanks.

VPN to dynamic (ddns) destination

I have a VPN setup to a destination that using ddns to keep the hostname across IP changes. This works fine as long as the remote end is initiating the tunnel, but it seems the PA cannot be configured to be able to also *initiate* the tunnel:When the remote IKE Gateway is configured to "Peer Type: Static" I could enter an IP address, but since t...

ctr_ts by L1 Bithead
  • 4034 Views
  • 2 replies
  • 0 Likes

SFTP Timeout

We are experiencing a timeout across SFTP; while SSH seems to be set to timeout at 120 hours, SFTP transfers are timing out at the 1 hour marker.Is this an expected result? And if so, can we adjust the timeout for SFTP specifically?Thank you.

CalvinR by Not applicable
  • 3576 Views
  • 1 replies
  • 0 Likes

Resolved! Software Upgrade

Hi Everyone - I have a 4050 HA pair (4.0.12), 2050 HA pair (5.0.1) and several 500's (5.0.3). I am looking to upgrade the software on all firewalls but have had issues (typically high CPU and memory issues) with all these versions of code. Can you recommended a stable version of code? Does anyone have a similar set up (with the HA clusters) a...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels