General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! configuring NAT with TAGGED subinterfaces

In order to overcome the limited number of physical interfaces on the PA-200, I need to have one physical interface handle traffic for two different zones, A & B. These zones need to talk to each other and to other internal zones (with security polic

...

ewilen by Not applicable
  • 2245 Views
  • 5 replies
  • 0 Likes

Resolved! PA in VWire mode between trunked ports

Greetings,

Before, I get to the matter, I have browsed through the discussions and did find solutions.  But I am unable to understand a few concepts. 

I have a scenario where;

1. The present firewall is a virtual firewall hosted on an ESXi Server.

2. Li

...

Resolved! Exporting NAT configuration

So I'm wanting to get the XML out of the firewall for specific DMZ's so that I can assemble IPAM updates from the XML.

Right now, if I ssh into Panorama, go into config mode, and issue this command:

show device-group DMZ pre-rulebase nat rules

Then I ge

...

jsilvia by Not applicable
  • 2010 Views
  • 2 replies
  • 0 Likes

Using Third Party Certificates on a Palo

Does anyone know what the best certificate to use on a Palo is please? We have a customer who is failing PCI compliance testing as we are using a self signed certificate which was generated on the Palo for Global Protect. Any help or advise would be

...

Filter out certain traffic (DNS)

I am looking for a way to omit DNS traffic from showing up in the Top Applications widget. I thought Application Override might have been the way but it proved unsuccessful. Anyone try this before? Or have something you can point me to?

Thanks in adva

...

phalen00 by Not applicable
  • 907 Views
  • 1 replies
  • 0 Likes

Traffic on untrust interface - problem

I have a problem. I have 8Mb internet connections some of my servers are directly connected to internet (I have a switch connected to servers and PA200).

Every day throught untrust interface are made backups of this servers. So the traffic on untrust

...

_slv_ by L4 Transporter
  • 1366 Views
  • 4 replies
  • 0 Likes

Resolved! Guidance in setting up ssl decryption - cert management

I am trying to get this setup for a customer and this is my first time setting up ssl decryption. The customer has SBS2011 so they do have AD CA. I created a domain cert for the PA and exported the root cert. I imported both of these into the PAN fir

...

SDorsey by L4 Transporter
  • 2587 Views
  • 7 replies
  • 0 Likes

Best Practices for Application Policies?

I was wondering if there is a best practices document for setting up a policy to control particular applications. I've already dug through the Skype tech document which tells to enable unknown applications. Are there any other applications that work

...

nugentec by L1 Bithead
  • 8116 Views
  • 19 replies
  • 0 Likes

SMB Fragment Packet Found(32332)

Hi,

Anyone have experience of this firing off continuously for 'normal' LAN traffic (deffo not being used as an evasion technique) since the signature was modified (v337)?

Cheers

apackard by L4 Transporter
  • 1066 Views
  • 1 replies
  • 0 Likes

VMWare series firewall

Just noticed a section of he help file for PANOS 5 which mentions a virtual firewall series from Palo Alto.  Sure am interested in some more info....

Bob

BobW by L4 Transporter
  • 828 Views
  • 1 replies
  • 0 Likes

Resolved! Problem with multiple Netflow profiles

Hello,

I encounter a problem using multiple netflow profiles on our PA-500 running PAN-OS 4.1.8

I have defined 3 different neflow profiles, each refers to a specific port on the same host.

Each profile is assigned to exactly one physical layser 3 interf

...

lavision by L2 Linker
  • 2443 Views
  • 5 replies
  • 0 Likes

Block page and SSL

Hey all,

So, we have a need to block everyone but a small AD group access to a couple pages.  Now, we don't want to just "deny" them in the rule (we have a comfort page that promps them they are blocked and allows them to request access) - I don't wan

...

mrsold by Not applicable
  • 2728 Views
  • 6 replies
  • 0 Likes
Top Solution Authors
Top Liked Authors