General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2943 Views
  • 2 replies
  • 14 Likes

CLI FTP Export Log URL Issue

I'm trying to run a report on user activity via the webfilter for a particular user. I would use the GUI but the the GUI is only allowing me the last 500 hits (via a custom report). If I go to the actual monitor and try to export I get a server 500 e

...

Resolved! permitting/denying asymetric TCP flows at the VYSY level?

Can "set deviceconfig setting session tcp-reject-non-syn no" or similar somehow be configured at just the VSYS level?  ( I know it functions at the device level)

So as to provide some VSYS's the ability to process asymetric flows and others not.

Regard

...

CMG by L2 Linker
  • 2046 Views
  • 2 replies
  • 0 Likes

User mapped via CLI but no through Web-UI

Hello all:

I am trying to configure an user in a security policy but when I write the first 4 letters of his username it doesn't appear (screenshoot attached). However, it does appear throug CLI:

admin@PA1(active)> show user ip-user-mapping all | match

...

COMIP by L2 Linker
  • 4271 Views
  • 6 replies
  • 0 Likes

Resolved! untrusted webbrowsing


Hi there

Ive set up the firewall with a trusted lan for staff and untrusted lan for visitors.

I don want the visitor lan to access the staff lan, however the first rule created was to allow webbrowsing, i cloned it and added the visitor source addess t

...

zip file blocking is also blocking docx files

The organization policy is to block ZIP file types.

We are having problems with docx file type which they are a ZIP file but in the file blocking profile I can see Paloalto should know how to recognize docx files but we still get drops

i would like to

...

minow by L4 Transporter
  • 3929 Views
  • 4 replies
  • 0 Likes

File Types and Md5 Hashes

I write SIEM content (Mostly Arcsight and Q1), I have found PAN to be very effective in identifying adverse traffic. One thing that would be great, that in addition to recognizing the file type such as "file Microsoft PE File(52060)" which is useful

...

Another PA bypass

Found this one recently:

http://www.what2code.net/?p=150

http://www.youtube.com/watch?v=wPHeAkv8BaE

Where dns is being used to tunnel ssh traffic through and of course there will be ways to bypass things but how is/will PA address this latest finding?

(a

...

mikand by L6 Presenter
  • 6012 Views
  • 10 replies
  • 0 Likes

Ignore_user_list

Hello,

I'm using PAN Agent 3.1.2 on WIN2008 server and somethimes after restart the Ignore_user_list seams to be ignored )user on the lista are still identified by the PAN firewall).

Does someone had this problem ? there is way to have an alert or log

...

Security policies did not take effect after Sleep Mode

Hi,

Just like to find out if there is a known  issue with Palo Alto and Windows 8 for direct internet policy.  Currently, we have defined a policy in PA to allow AD user to connect to internet.  However, based on my observation, once my notebook goes

...

Operation Failed: Invalid Sequence

Hello,

I recently upgraded to Panorama 5.1.0 (I know, I'm a glutton for punishment!) and am experiencing an issue when attempting to add items to an application group. We've tested this with several workstations and both IE and Chrome and each result

...

Resolved! syslog no log sometimes

Hi,

Pa200 configured to send all to syslog.Sometimes(Random) no log comes to syslog.Did Anyone see an issue like this  ?

5.0.5 panos.

panos by L6 Presenter
  • 2549 Views
  • 6 replies
  • 0 Likes

Resolved! GlobalProtect assigning zone based on AD group membership?

I'm fairly sure I can't do as the subject line, so I'll explain why I think I want it, and hope someone can suggest a better workaround.

We're a college campus with (roughly) 3 classes of users: students, general faculty and staff, and "special" staff

...

rgraves by Not applicable
  • 3616 Views
  • 6 replies
  • 0 Likes

App-ID 'hotmail' false positive?

Hello,

after our recent newsletter distribution, we now see lots of blocked App-ID 'hotmail' in traffic directed to our web servers. Those are requests to HTML resources (images) just referred to from Hotmail website, most likely Hotmail users reading

...

gstrehl by L1 Bithead
  • 4440 Views
  • 10 replies
  • 0 Likes
  • 24030 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors