General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Certificate for Secure Web GUI creation

HelloWhich attributes shall an external CA certificate have to be accepted as a Secure Web GUI Certificate?I have imported one, but SSL Management doesn't work with it. These are its attributes: Version: 3 (0x2) Serial Number: 15:28:3b:46:00:00:00:02:38:da Signature Algorithm: sha1WithRSAEncryption Issuer: DC=in...

Best practice for OWA and OMA

HiI'm getting rid of our old ISA server which we used to expose OWA and OMA and want to use our PA-500 to allow domain users access to OWA and OMA (for their iPads etc).I've noticed that the application 'Outlook-web' is used for OWA and its dependancies are SSL (understandable) and Web-Browsing (not so understandable but it must be needed otherw...

TDC by L1 Bithead
  • 5615 Views
  • 4 replies
  • 0 Likes

Commit Error (sslvpn)

Hi,I am recieving the following error when issuing a commit,Management server failed to send phase 1 abort to client sslvpnManagement server failed to send phase 1 to client useriddCommit failedThe only change in configuration is adding new local users which are used for global protect.I am running 5.0.1Regards

rsaber by L1 Bithead
  • 5265 Views
  • 4 replies
  • 0 Likes

Inbound SSL Decryption and monitoring

Hello,I'm trying to setup inbound SSL decryption. It is a pretty basic setup. Two layer 3 interfaces on a PA-500. One interface is in an 'Outside' zone, the other is in a 'DMZ' zone. In the DMZ zone is a web server with a signed SSL certificate. The PA is NATing the server in the DMZ to the appropriate address space Outside.I have imported th...

Cisco IPSEC VPN client connecting to PAN 4.1

Hi folks,there were no way to establish a ipsec connection between a Cisco VPN client and PAN. I was "inspired" by the globalprotect guide but wasn't enought.At the cisco vpn client side, I had configured just the ip address, the group and pwd, and nat-t. At the PAN side, I had configured the globalprotect portal, the gateway(using the third-par...

robclav by Not applicable
  • 7845 Views
  • 7 replies
  • 0 Likes

Static route on Management Interface

Hi all,how can I define an additional static route on the Management Interface?I have a setup with a customer were the communication from the management interface to two specific IP addresses has to be routed over another next-hop which is not the default gateway of the management interface. Therefore I need to define a static route on the manag...

Resolved! TAP Mode and IPv6

Hello Everyone,Is it possible to monitor mirrored IPv6 traffic in TAP mode? I have a PA-500 and it has been enabled for IPv6 firewalling. Apart from checking this option, is there anything else that has to be done to monitor IPv6 traffic? If it is possible, will I being seeing the IPv6 traffic under Source and Destination columns?Many Thanks,...

Resolved! External CA Management Certificate

HelloIs it possible to use an external certificate from our corporate CA for the SSL Management Interface of the firewall?I have already Imported it, and the corporate root certificate, but I don't know how to change the management interface configuration, which is using a certificate issued by the own Palo Alto Firewall (version 4.1.10)Thank yo...

Resolved! Combining policies from different virtual systems

So we are migrating from ASAs to PA 5050's. We are trying to do it with as little interruption as possible so what we did is put the PAs inline behind the ASAs using vwire. Our thought is to build our 4 environments as separate virtual systems in order to get our rulebase built and verified then once it's verified we can migrate the 4 virtual ...

Brinkman by Not applicable
  • 2523 Views
  • 1 replies
  • 1 Likes

Resolved! Firewall Configuration Essentials 101 Exam Retake Help

The end of last year I took the Firewall Configuration Essentials 101 v.4.1 exam. I didn't pass so I've spent some time studying and playing with Palo Altos. I returned to retake the exam and it doesn't show up under pending evaluations and I request to take it again and it says I already requested it. My understanding is that we are given three...

Resolved! Blocking lists of IPs

I'd like to block a list of IP addresses based on the ZeuS IP Blocklist. What is the best/preferred method for doing this on the Palo Alto? Thanks

sconley by Not applicable
  • 8668 Views
  • 5 replies
  • 1 Likes

ACC shows Threat Hit with Severity as Medium while ThreatLogs shows Severity as Informational

Hi All,currently we have a Test-device from PaloAlto for evaluation (PA-5020, PANOS 5.0.2, AV-Sig 946-1309, App&Threats-Version 357-1692, URL-Filter 4044).Today I took a look at Threat Prevention Summary in ACC and saw a few Hits "Trojan-Ransom.foreign:madeleine.adclear.net" ID=4091550 with Severity "Medium".Then I was searching in ThreatLog...

Resolved! about control softether

Hi All,We would like to control softether with PA5020 which runs PanOS 4.1.10, but we can not find keyword "softether" in the applications.Anyone knows how to control softether in the PA fw?Thanks.Regards,Joy

Resolved! Manually trigger a logevent for a threat or a rule?

There is a test-command one can use in the CLI to identify which security policy a specific packet will hit.But is there also a command to issue a log-event?For example when you are about to manually configure triggers in your logserver to react on - otherwise im forced to send real traffic through the box and it will take some more time to acco...

mikand by L6 Presenter
  • 2736 Views
  • 2 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels