General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 294 Views
  • 0 replies
  • 2 Likes

Resolved! Unable to access PA-500 via GUI/SSH on v4.1.7

Greetings,

I have a pair of PA-500s running HA version 4.1.7.  The web interface (GUI) and SSH access to active device was lost for some unknown reason.  The only configuration change done was to set action for a security rule to deny which otherwise

...

Resolved! Captive Portal Session Timeout

You can set the Timeout value of captive portal. Default is 60 min. In my case it is 240 min.

But this is the max TTL. There is a default TTL of 900 sec(15min)

So when a logged on user does not create any traffic for 15 min then the user must logon aga

...

u2343 by Not applicable
  • 6791 Views
  • 6 replies
  • 0 Likes

Resolved! M-100 appliance

Hi there,

Who can tell me more about this appliance? By the look of things this is a server where you can run panorama, capture syslog file ect on. I would use it to run panorama on so do I still need to run the panorama on VMware?

Please provide as mu

...

DendreT by L1 Bithead
  • 2769 Views
  • 2 replies
  • 0 Likes

Resolved! Certificate import issues

I'm having terrible problems importing a trusted certificate into my PA.

I've followed the following guide - https://live.paloaltonetworks.com/docs/DOC-3502

I can create the key ok

I can create the CSR ok

I then submit the CSR to Thawte which then gets a

...

djrodb by L3 Networker
  • 11883 Views
  • 5 replies
  • 0 Likes

Resolved! PAN-OS 5

so the long-awaited v5 is now available.  What are the implications of upgrading to it?

  • is rollback to v4 straightforward (we're on 4.1.8 now)?
  • does it force you to use the new PAN web-filtering database, or can you continue to use Brightcloud?
  • Do we ne
...

Auto-update not functioning

Currently whenever our palo alto 5050s do their dynamic updates they are not finding any new updates to antivirus, applications, or URL filtering. Updates are only found when I manually perform a check. I have all 3 set to download and install with a

...

cbolitho by L1 Bithead
  • 2674 Views
  • 2 replies
  • 0 Likes

Time based No-decrypt rule?

Hi All,

On my site we have a Decrypt-all rule in place (apart from some no-decrypt rules for specific business related sites).

The problem I have is that some users are having issues accessing sites like Easyjet and Ryanair's booking pages, this I am f

...

JRussell by L3 Networker
  • 2942 Views
  • 6 replies
  • 0 Likes

Policies - Security - Rule shadowed by 2nd rule

Much like an access list on a cisco router top to bottom. I recently created 2 rules for our 3rd party ISP to connect internet sticks via our firewall.

1st rule - Allow all traffic via TELUS internet sticks from Trust Vpn, Source (telus), Destination

...

Is it PAN 4.1.8 ready for production environment?


Hello

I find that in PAN 4.1.8 is new feature:

"User/Group-based Portal Configurations – The GlobalProtect Portal now supports multiple agent configurations on a per-user or user-group basis within one portal configuration."

I know that its fresh ... bu

...

_slv_ by L4 Transporter
  • 5693 Views
  • 13 replies
  • 0 Likes

Resolved! configuring NAT with TAGGED subinterfaces

In order to overcome the limited number of physical interfaces on the PA-200, I need to have one physical interface handle traffic for two different zones, A & B. These zones need to talk to each other and to other internal zones (with security polic

...

ewilen by Not applicable
  • 3970 Views
  • 5 replies
  • 0 Likes

Resolved! PA in VWire mode between trunked ports

Greetings,

Before, I get to the matter, I have browsed through the discussions and did find solutions.  But I am unable to understand a few concepts. 

I have a scenario where;

1. The present firewall is a virtual firewall hosted on an ESXi Server.

2. Li

...

Resolved! Exporting NAT configuration

So I'm wanting to get the XML out of the firewall for specific DMZ's so that I can assemble IPAM updates from the XML.

Right now, if I ssh into Panorama, go into config mode, and issue this command:

show device-group DMZ pre-rulebase nat rules

Then I ge

...

jsilvia by Not applicable
  • 3740 Views
  • 2 replies
  • 0 Likes

Using Third Party Certificates on a Palo

Does anyone know what the best certificate to use on a Palo is please? We have a customer who is failing PCI compliance testing as we are using a self signed certificate which was generated on the Palo for Global Protect. Any help or advise would be

...

  • 23644 Posts
  • 107 Subscriptions
Top Liked Authors
Labels