General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Alarms on the PAN

How do get alarms to work on the PAN device. I have gone in to Device --> Alarms and set security violations threshold to 1 and the time period to 3600. However, I do not get any alarms. How does this work exactly. I can set a "security violations threshod", but what exactly makes up a security violation?

TomH by L1 Bithead
  • 2705 Views
  • 1 replies
  • 0 Likes

Resolved! Using User-ID v4, how do I exclude users in certain groups?

In the old style v3 user-ID agent, I could exclude certain groups of users from being mapped. How do I do so in v4?Background :We have certain users in a department group "Infosys" who are being blocked from web browsing. It turns out they're launching an MS tool under administrative credentials and user-ID is matching their IP against this new ...

broadleyn by Not applicable
  • 6317 Views
  • 6 replies
  • 0 Likes

SSL decryption, which version of SSL is used ?

All,We have implemented SSL decryption for a customer. The certificate used on the PA is the same as on the server.Our systems are scanned weekly by Qualys. One of the vulnerability is the following:1/ SSL Server has SSLv2 Enabled VulnerabilitySolution:Disable SSLv22/ SSL Insecure Protocol negotiation weaknessSolution:OpenSSL has released new ve...

loosj by Not applicable
  • 3152 Views
  • 2 replies
  • 0 Likes

Resolved! Timed Report

Hi,How can we generate a custom report with a start and end time in it?Pleas help.Thanks,Rex

policy-based ipsec vpn

i want to configure policy based IPSec vpn , in the administration guide i can see the steps for route-based IPsec VPN using tunnel interface , and directing the interesting traffic through the tunnel interface , nut i want to configure it without tunnel interface

Building a custom signature

Hi there,I have some DVR CCTV cameras on some other sites that I need to be able to view within my network behind the PA box. At the moment I have been able to get them access by doing a security rule allowing access from certain users/IP's to the IP addresses of said DVR's onsite. However, I have not been able to lock these down very much. At t...

JRussell by L3 Networker
  • 2439 Views
  • 1 replies
  • 0 Likes

Resolved! How to unblock "Virus Download Blocked"?

A client want to download a exe file from a bank website to log into its online banking system, however she got the following message after she clicked download link "http://www.cmbc.com.cn/download/民生个人网银安全控件.exe".Is there anyway to unblock the specific exe file in PAN?The software version is 4.1.7.Virus Download BlockedDownload of the virus ha...

yq by L0 Member
  • 12683 Views
  • 2 replies
  • 1 Likes

Resolved! URL Filter - Block one and log the rest

On a PAN with no BrightCloud license, you can still use the URL filtering "Block" and "Allow" lists. Right now I use that feature to have a "log-all" URL filtering policy where I have "*" in the block list and an action of "alert." But now I have one (or it could be a short list) of URLs that I want to really block, i.e. an action of "block." Ho...

cosx by L2 Linker
  • 4021 Views
  • 3 replies
  • 1 Likes

Exporting Security Policies

One of our PCI Compliances is to have a record of the firewall rules, and review them once every six months. My Director likes to have them in a Excel Spreadsheet. Since the beginning, we have went from 79 policies to just about 200 policies, and copy and pasting them into Excel is beginning to become cumbersome. Is there there something I am mi...

mharding by L4 Transporter
  • 4505 Views
  • 2 replies
  • 0 Likes

Resolved! OSPF A/P HA Config with Floating Static Routes

I am trying to understand the sample OSPF Active/Passive HA configuration outlined in Tech Note: How to Configure OSPF https://live.paloaltonetworks.com/docs/DOC-1939 . The problem I have is with the floating static routes defined on upstream and downstream routers intended to reduce failover times. Floating static routes are described in s...

oshcomp by Not applicable
  • 5854 Views
  • 1 replies
  • 0 Likes

Resolved! Traffic log filter result abnormal with non admin account on PanOS-4.1.7-h2

Hi All,We run PanOS 4.0.9 on PA-2050 previous, and traffic log filters results are normally. however after we upgrade PanOS to 4.1.7-h2, the traffic log filter results with non admin account are abnormally, but when we change back to admin account and do the same, it works normally.The non admin account was created by admin, and authenticated wi...

Dynamic block lists - possible xml config corruption

We recently upgraded to 5.0 and one of the first things I wanted to try out was the dynamic block lists. I set up 4 block lists (dshield, zeus tracker, palevo tracker, spyeye tracker) and tested to make sure the URLs were accessible. I rec'd the message that they were accessible/readable, so I set them to pull data daily at 7:00am, 7:01am, 7:0...

sconley by Not applicable
  • 3032 Views
  • 2 replies
  • 0 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels