General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Block FTP Brute Force Attemps - Threat ID 40001

Hello,I want to block Block FTP Brute Force Attemps.The default rule in the PA alert only in theThreat log.I added a new Vulnerabolity Protection Rule:Action: BlockHost type: Any (also tried Server)Category: brute-forceSeverity: AnyCVE: AnyVendor ID: AnyI placed the rule above al the default rules (see attachment).If I simulate a ftp brute force...

Resolved! AD Groups Not Showing Up

I'm using User-ID and Active Directory groups to identify traffic from specific people. The User-ID part seems to be working because Source User shows up in the logs and I can configure firewall rules using individual user-IDs. However, I'm having issues with the AD groups. The Palo Alto is able to pull existing groups from Active Directory a...

PSC_IT by L1 Bithead
  • 11107 Views
  • 4 replies
  • 0 Likes

Resolved! Multiple Block Pages?

Hello,Is it possible to create/select/use a custom response/block pages for specific URL categories? For example: can I have one specific custom response page for "unknown" categories, and another block page for "malware" categories?Thanks,-Paul

apc050 by Not applicable
  • 7668 Views
  • 3 replies
  • 0 Likes

Resolved! Best practice for committing changes in active-passive HA?

When making policy changes in an active-passive HA pair, do you usually edit and commit the policy using the active device, or the passive? I have always made my changes on the active device, but lately I've been thinking that because the management CPU usage on the passive device is much lower, it might be faster running the commit there. I c...

IPS \ Application Signature

Hi allI need to write ips / application signature to recognize sender and recipient in SMTPfor example:If smtp sender A send mail to recipent B - Allow.If smtp sender A send mail to recipent C - BlockI will be happy if anyone know how to do it.Alon

along by Not applicable
  • 2518 Views
  • 2 replies
  • 0 Likes

GP VPN dual factor auth, and contractor access.

I have two questions regarding the Global Protect Gateway / Portal (SAN the GP Licensing)- I am wanting to setup two factor authentication for users to authenticate to Global Protect Gateway/Portal with a (common) client certificate installed on their machine that our IT department installs. I currently have just AD authentication integrated but...

cmateam by L3 Networker
  • 4255 Views
  • 1 replies
  • 0 Likes

Chrome Updater not working if EXE is blocked / application not recognized

Hi,in one customer setup we face the following problem: We disabled EXE file downloading. In order do allow services to update we use an application filter with subcategory update and allow that traffic. Works like a charm for google-update, ms-update etc. However today I noticed tons of blocks from xxxxxx_Chrome_updater.exe (xxxxx being date, v...

Resolved! Commit issue - Error updating NAT IP pools

After updating Policy and Nat Rules, I got the follow commit errors:- Error: Error: Error updating NAT IP pools- Error: response from cfgpush.s1.dp1.comm.cfg-dp: Error updating NAT IP poolsThis error still occurs if i disable (or even delete) the newly added rules. Since i did a commit ~10min before, i am sure, i didn't changed anything else.So,...

User_333 by L2 Linker
  • 2746 Views
  • 1 replies
  • 0 Likes

Resolved! Globalprotect iexplorer 9 Proxy

Hi All,i've a globalprotect vpn to connect to office, when i'm at customer site. I use a macbook pro and vpn works well, on the other pc, a Dell with windows 7, the vpn works fine if i connect in thetering from my mobile phone, but if i try to connect over customer proxy i see up and down continuosly and the vpn doesn't work. i've also checked t...

fcellini by Not applicable
  • 2791 Views
  • 1 replies
  • 0 Likes

GlobalProtect behind proxy

GlobalProtect is using SSL and IPSec. Is GlobalProtect proxy aware? Ie. if GlobalProtect client is located on a network that dictates the use of a http/https proxy to get internet access?BR,Nicolai

snaft by Not applicable
  • 4735 Views
  • 4 replies
  • 0 Likes

L2 Networking - some help needed

HiI just started with PA and try to get my head around the "slightly" different concept of how my PA50 does things.I have currently the following "playground":my PA500 sits between the two switches.There is a Router running on the VMWare Machine which has one interface in VLAN1 (untagged) and one in VLAN2 (tagged). This router is the default gat...

u13550 by L3 Networker
  • 3769 Views
  • 4 replies
  • 0 Likes

Combine two methods for the authentication GlobalProtect Client

Hello,I want to know if it's possible to use two factor for a succeed authentication with GlobalProtect Client. I explain it.In the configuration of GlobalProtect Client, you can define two method for the authentication of the clients (portals and gateways are the same configuration):- Authentication Profile: you can define LDAP, Radius, local d...

arnaud_b by Not applicable
  • 3634 Views
  • 2 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels