General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! I'm not able to setup Netflow on Palo alto 5.0.4

Dear all I'm not able to setup netflow on Palo alto 5.0.4As i followed the menu Network-> Interfaces-> Ethernet. Click the link for the interface on the Ethernet tab -. But i can not find netflow on this menuCould you advise me more.. please ? Thanks

Firewall Statistics Report

We are looking at upgrading our firewalls from the PA-500 to the PA-3050s. The company I work for is growing fairly rapidly and it's looking good that the company will continue to grow. In order to get the funding for these firewalls we need to prove that we need them or at least that the 500s are obsolete or are quickly becoming that way. I am ...

Unauthorized SSH access through port 22

HelloI have a rule that permit traffic from "untrust" to some servers in "DMZ" but only for applicacions FTP, SSL and web-browsing, the problem is someone has gained access through SSH using the tcp 22. Shouldn't the PaloAlto has block this kind of traffic? Anyone knows a solution for this problem or know how to block some ip address?Best regard...

SOC_CSG by L4 Transporter
  • 5531 Views
  • 2 replies
  • 1 Likes

URL Filtering in Vwire SSL Trust Question

Hi,I have a customer who is currently only running the PA in vwire. They need to have custom URL filtering continue and override pages.My question is what needs to be done to have the end users browsers trust the certificate in vwire?I know in layer 3 mode I can use a pushed out trusted root certificate going to a L3 interface. Based on my testi...

bparker by Not applicable
  • 3101 Views
  • 2 replies
  • 0 Likes

Resolved! Integration between websense and Palo Alto

Hello All,I really need your fast help in an issue I have.I would like to know, if I configured the Palo Alto to forward http and https traffic on ports 80, 443 to websense using "policy based forwarding" , can websense normally receive traffic and do its URL Filtering on it?I have read on websense that:"Websense Filter Service is a receiver for...

gshaker by L1 Bithead
  • 5941 Views
  • 1 replies
  • 0 Likes

Changing communication port

Dear All,Hope you are doing well.I want to access the PaloAlto web portal from the internet. if I type the public IP it will be connected but i want to put a port number that only my team know it and for more security.Ex: 10.10.10.10 :44443or is there another way to connect from public IP

Resolved! Detailed troubleshooting of drop counters

Hi,I am having some issues with odd packet drops, and "show counter global filter severity drop" shows a lot of packets being dropped due to "Packets dropped: 802.1q tag not configured/Packets dropped: invalid interface" (same amount of packets dropped on both, so I assume these are related).Are there any way of getting a log of what has been ha...

arvesynd by L3 Networker
  • 34078 Views
  • 6 replies
  • 0 Likes

GlobalProtect and Proxy

We are running 5.0.8 on a 5020 with GlobalProtect 1.2.7. Iam just setting up GP (single gateway version) and am running into an issuewith proxy. Our laptops have a variety of proxy settings depending on the OUthey are in. The automatic configuration script works just fine after I put inan exception for our DSN name to the vpn hostname, but even ...

ldavie by L2 Linker
  • 2777 Views
  • 1 replies
  • 0 Likes

API call to clone multiple URL Filtering categories

Hi,I am trying to clone 2 URL Filtering Profiles "testProfile1" and "testProfile2" into "testProfile1-1" and "testProfile2-1" using the following REST API call.https://HOST_IP_ADDRESS/api/?key=LUFRPT1mQUJoTjh4S05rbkpBcWtLb2pZRERJekJTcDA9U2F1cU8ybzFzajFiaG5DSXV4UHJOOUdRWTJOaTVEQmU0eVY2VkZlMlVwQT0=&type=config&action=clone&xpath=/confi...

vp194m by L1 Bithead
  • 3158 Views
  • 2 replies
  • 0 Likes

Resolved! Problems with xauth and iphone vpn

Hi,I have a iphone (ios 7) what i am trying to connect to our global connect vpn setup.Android have the same problem, and computers using the global connect client is working fine.This worked fine some time ago, but now I am not able to pass any traffic through the vpn. Looks like there is a issue with default route.We have not the global connec...

klumpen by L1 Bithead
  • 7318 Views
  • 8 replies
  • 0 Likes

Resolved! Blocking Google Images Content

Hi,We have blocked Sex, and Nudity in the Category section.And that works fine for all the users on our PAN 4.xBut when the users go to google.com, and search for sex,they can still view unwanted content in the "Images" table of google.comHow can I stop this for Google, as well as other search engines...Regards,Tau

rz185016 by Not applicable
  • 7732 Views
  • 2 replies
  • 1 Likes

PA-200 with DHCP assigned Internet IP and GlobalProtect using self signed certs

Hello everyone, trying to find a how-to or config guide on how to configure PA-200 that has 2 interfaces configured, eth1/1 and eth1/2 runnin PANOS v5.0.8, downloaded and activated 1.2.7 GP client on the PA-200. eth1/1 is in untrust zone and setup with ip using dhcp from the ISPeth1/2 is in trust zone and setup with 192.168.1.1/24I would like to...

VM-100 L3 subinterface responding issue

Hello All,almost a year I have production VM-100 deployed on 5.1 ESXi infrastructure. One interface is divided to 2 subinterfaces and configured like L3 with one virtual router. Policies was deployed and everything working fine until users complain that they don't have internet access. After initial troubleshooting I noticed that from PAN perspe...

Tician by L3 Networker
  • 2131 Views
  • 1 replies
  • 0 Likes

Resolved! Upgrading from 4.1.6 to 5.0.0

Hi,i have several bug in my actual version 4.1.6. Yestedary my Pa rebooted suddenly because this bug "this was the last error 'infra-group: restarts exhausted, rebooting system'"So i would like to upgrade my device.Can i pass from 4.1.6 to 5.0.0 directly or i need a inteediate version???thanks

Custom report on certain file types?

Hi there,I want to be able to do a custom report showing me who has been downloading certain file types (avi for instance) on my network. Or at least, how I would be able to interrogate the data filtering logs to be able to show me this?The file types in question are all set to Alert on the data filtering profiles we use, but I want to be able t...

JRussell by L3 Networker
  • 4113 Views
  • 3 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels