General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! How do I reset a PA activated address block action?

Since you are able to Block the source and/or destination IP address as an action taken in a protection rule (IPS, Spyware, Zone protection etc...) is there a way to reset the timer before the elapsed time has been reached. If you block for 3600 seconds and find out 5 minutes after the event took place that it is a false alarm do you have the a...

HITSSEC by L4 Transporter
  • 2490 Views
  • 2 replies
  • 0 Likes

VPN tunnel config question

I'm running PANOS 4.0.13. Can I set up a tunnel where the peer IP is 1.1.1.1 and the remote proxy id is the same IP as the peer? I think I tried this before on an earlier release and it didn't work, so I had to NAT. Thanks!

iguarino by L0 Member
  • 2621 Views
  • 2 replies
  • 0 Likes

OCSP query

Hi,We are implementing a SSL-VPN solution using Global Protect and our own CA. From what I have seen the OCSP queries are made on demand, when the certificate is presented for the first time, and then at a fixed interval(60 minutes). I tried changing the interval using the "debug sslmgr set ocsp-next-update-time" but did not have any effect on t...

sslvpn 4.0.x issue

Hi,When configuring sslvpn we tried to use an Adsl modem which makes its public 1.1.1.1 NAT 443 to a local ip 172.16.2.1this ip is PaloAlto's L3 interface.Default gateway of PaloAlto is 172.16.2.2 which is modem.People can access to internet from PaloAlto with modem's public ip (NAT enabled on modem)When we access to public ip of modem with http...

Resolved! Blocking files by URL Category and Zone direction

Hello,I currently have a security rule that blocks the downloads of ".exe" files from the "unknown" URL category (which sits above my general Internet/WildFire Forward rule). It works extremely well in dropping a huge amount of the garbage out there. However, occasionally the garbage makes it past that rule and sends up a WildFire event. Agai...

MGoodnow by L4 Transporter
  • 3304 Views
  • 2 replies
  • 0 Likes

Days needed for Palo Alto subscription to release

Hi All,Our palo alto subscription currently near the end of subscription expiration date.We've ask quotation for the new license from PaloAlto distributor, and based on information from the distributor it will take 4 - 6 weeks for new subscription to be issued after the payment.Does it takes that long for issuing new subscription?regards,

Resolved! Wildfire report

I like wildfire, but I think the web frontend must be more elaborated. I'd like to customize and export reports to text to obtain statistics about ip origins, filenames, ...

aojea by Not applicable
  • 2446 Views
  • 1 replies
  • 0 Likes

Resolved! url filtering update error

Hi,I searched about this but couldn't find anything to solve an issue about upgrade brightcloud databese.On dashboard version is 0First installation and we get error.On the pcap we seeHTTP/1.1 401 UnauthorizedTransfer-Encoding: chunkedServer: Microsoft-HTTPAPI/2.0Date: Sat, 30 Mar 2013 17:40:54 GMTMar 30 19:40:54 Failed to download 'full_bcdb_4....

Did anyone succesfully connect with globalprotect through the IOS App ?

Hi,I just downloaded the app from the appstore, and just at the point where i got enthusiastic, i got a certificate error which should not be there because the chain is correct.After clicking OK, i got the error "Cannot connect to Globalprotect. Your internet connection or Globalprotect network appears te be offline." But if i try to connect thr...

Best Practices Agent configuration of many DC

Hi all,There are 18 seperate Domain Controllers on different cities.using 2 user id agent with all DC's make very high traffic between these sites and affect voip packets.When we disable the agent we saw that this is the issue.So how can we configure this ? Should we install 1 agent to every city DC or ???Thanks.

PA200 replacement fan

Aside from an RMA on the whole box, what can be done about a noisy PA200 fan (without getting a void warranty of course ) ?

BCH by Not applicable
  • 2860 Views
  • 1 replies
  • 0 Likes

Virtual-wire active/passive HA issue

Hello!We are testing out a topology in the lab, with 2 PA-2020 in an active/passive HA cluster. They are between 2 pairs of Cisco switches and should play a role of redundant in-line firewalls. The connection to the switches is with FO modules on ports e1/13 and e1/14 (these ports are in a monitor group).What we have noticed is some strange beha...

cannot block hotspot shield

HIit seems it has became vey diffcult to block hotspot shield , even though the application is being idenfied by palo alto , still hot spot finds it way by port 80 . is there any way to block hot spot shield.Also From IPAD/IPHONE it is easily connectingThanksShabeer

shabeerc by L2 Linker
  • 8330 Views
  • 7 replies
  • 0 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels