General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 81 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3327 Views
  • 2 replies
  • 14 Likes

Dual ISP, PBF and DMZ

Hello.

I have a specific question about certain situation. There is a customer with 2 ISPs, let's call them ISP1 and ISP2. Customer has a single PA device to which both ISPs are connected. Each ISP provides a block of public IP addresses which are rou

...

santonic by L6 Presenter
  • 5327 Views
  • 11 replies
  • 0 Likes

Maximum number of UserID Agents for 4.1.x ?

Whats the maximum number of UserID agents that can be configured to talk to the firewall ?

ie. Will the firewall complain if we have 200+ userID agents configured to talk to it?

I know each agent can monitor a maximum of 100 domain controllers.. but ho

...

ucteam by Not applicable
  • 4326 Views
  • 10 replies
  • 0 Likes

static routes

Hi

I have 4 interfaces;

eth1/1 = sub1 -> 10.10.1.1/24

eth1/2 = sub2 -> 10.10.2/1/24

eth1/3 = mpls -> 10.10.3/1/24

eth1/8 = wan -> x.y.z.w

default router on all interfaces

but now I need to route all 0.0.0.0/0 traffic from sub1 over the MPLS (10.10.3.10) and

...

FlexyZ by L3 Networker
  • 2946 Views
  • 6 replies
  • 0 Likes

Application-based DoS capabilities?

I am seeing several atempts by the same IP address utilizing t.120 to connect via port 3389 to the various Windows Servers that I have with external IP addresses (and, yes, some are actual Terminal Servers).  I would love to be able to configure a th

...

mmartin by L1 Bithead
  • 2751 Views
  • 3 replies
  • 0 Likes

Resolved! Session Clearing

I have a PA-500 Firewall.  I am trying to test some policies, however, when I add and remove users from groups, the Palo Alto isn't picking this up fast enough.  Does anyone know the command line to clear out a session from the Palo Alto so it will r

...

kaysun by L1 Bithead
  • 2761 Views
  • 3 replies
  • 0 Likes

Resolved! Panorama Distributed Certs

Am I going mad, or can anyone else not actually use certificates imported in Panorama and then distributed to end devices?

Once I have pushed these to PA's I cannot seem to apply them to 'functions' via the GUI or the CLI.

Using the same certificate up

...

apackard by L4 Transporter
  • 2236 Views
  • 3 replies
  • 0 Likes

Need to logout/login to see new signatures?

I think I may have found a bug with PANOS 4.1.1 on PA-5050s where the WebUI will not display new signatures until the user has logged out and logged back in again.

I left a browser (Firefox 10) logged in for several days, using it just enough that the

...

Mack by L2 Linker
  • 1846 Views
  • 2 replies
  • 0 Likes

SSL decryption notification response page. Don't load !

Trying to set up SSL decryption these are the steps ive done:

* Configured SSL decryption rules

* Installed certificated on FW

* Installed cert on client computer with gpo, (yes it removed my warnings about saftey)

But it won't warn the user with the res

...

Create an App-ID for YouTube in the context of facebook

HI guys I am trying to create a custom App-ID to identify Youtube in the context of facebook, I would like to use this for a possible App QoS.

Dependency is youtube from facebook but defining youtube app in the context http-host-header is too complex,

...

Importing Configuration from Fortinet

Hi,

I'm experiencing a problem for importing configuration file from a cluster Fortinet 310B. After conversion, i try to load the file, and i recieve a message "File pan_conversion_l3.xml is malformed". I have tried to compare with the first configura

...

Web Browsing

Hi

We're about to install the web filter licence for the PA. Our current system is a proxy configuraiton via websense. Now that we're going to use the PA for web filtering is the best practise to create a security rule allowing all internal PCs direct

...

djrodb by L3 Networker
  • 1731 Views
  • 2 replies
  • 0 Likes

Resolved! Block page for vulnerability protection

I have been testing the security profile for vulnerability protection.  I set the action for all critical threats to block. What should I expect to see on the user computer screen if a site does contain a critical threat recognized by Palo Alto?  Sho

...

oshcomp by Not applicable
  • 2901 Views
  • 3 replies
  • 0 Likes

MAC address filter and DHCP enforced...

Hi!

Is it possible to create Policies based on MAC address instead of IP addresses?

Also, can we enforce DHCP clients only mode?  Meaning that the firewall only allows those who obtained IP's from the DHCP server.  Seems like DD-WRT got the DHCP-Author

...

gebis by Not applicable
  • 6202 Views
  • 3 replies
  • 0 Likes
  • 24125 Posts
  • 100 Subscriptions
Top Solution Authors
Labels