General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Shared Gateway and VSYS

Hi,I've a basic setup with TWO vsys with separate vrouters on each vsys (Maketing and Sales ) and a shared Gateway. Some vpn Tunnels terminating on my shared gateway.I need to implement some static NAT rules for my VPN tunnels, so far so good.Routing 0.0.0.0/0 goes to the Shared gateway and of course other locally routes are routed locally by Vr...

slh by Not applicable
  • 3185 Views
  • 1 replies
  • 0 Likes

Resolved! PPPoA

Hi All,hoping you can help with something I'm now too sure about. I haven't found anything in help or knowledgepoint so far. I've pre-configure a couple of PA-200's in PPPoE mode (ISP modems in bridge mode) to send to a remote site OS. I've just had a response from their local ISP sayng that their DSL services will ONLY run PPPoA. I'm not fa...

Brightcloud tagging Yahoo sites as Phishing and Fraud

Greetings!Today I received several helpdesk calls concerning yahoo! mail not working. Logs show that the 'yming.com' site that yahoo! uses is being flagged as a 'Phishing and Fraud' site.I know I can report it (24-48 hour fix) and can manually unblock, but what a pain. Is anyone else seeing this issue?

cloughr by L2 Linker
  • 5663 Views
  • 6 replies
  • 0 Likes

Allow download of file types that show as ZIP

Hello,I have had a few instances where I've needed to allow certain files types through the data filter. One annoying case was native Office 2007/2010 documents that end in x. What I did was add it to my file blocking profile with the action of ALERT. This is now letting them in. Sometimes I actually have a FQDN or IPs that I can use to allo...

gsvarney by L1 Bithead
  • 9960 Views
  • 6 replies
  • 0 Likes

4.0.9 to 4.1.6 - Issues to be aware of?

Are there any known issues to be aware of if I wanted to go from 4.0.9 to 4.1.6?We had an issue when we went from 4.0.9 to 4.0.11 where the dataplane on our PA-500 randomly rebooted several times and support's initial suggestion was to do a factory reset/restore of the box.I'd prefer not to do that if it's avoidable, so I figure there should be ...

Dual/HA IPsec tunnels with 2 ISPs ?

Hello,I have 2 PaloAltos, one is running on robust and redundant Corp internet ISP, another one on a remote location with 2 public ADSL (and miserable quality ofc !). My goal is to have a redundant IPsec link between the two PaloAltos :How would you achieve this ? I have several scenarios in mind:PA2 builds 2 tunnels (one from each ISP) all tim...

essnet by L4 Transporter
  • 2553 Views
  • 1 replies
  • 1 Likes

Resolved! Hotmail Categorization Weirdness

Hey folks,User reported MSN mail being blocked as phishing-and-other-frauds, but my Hotmail and her other MSN email accounts work fine. I investigated and found that the server:sn123w.snt123.mail.live.comIs being categorized by the PAN device as phishing-and-other-frauds, but other MSN servers are not, like this one:co105w.col105.mail.live.comw...

Negative lookahead regular expression not working

HiBit of an advanced regex feature, but I would like to set up a custom vulnerability signature to detect browsers (user-agent) that are not Internet Explorer. True, one could detect Firefox specifically, but there are so many different browsers in the wild that it is impossible to match them all.The regex I'm attempting therefore is: User-Agent...

SSL decryption and Http redirection

Hi,I am testing SSL decryption and it seems to work fine except when Http redirection is involved. E.g. when you try to connect to Https://gmail.com , google redirects you to https://www.google.com and it gives me a certificate error because of the hostname in the cert does (www.google.com in this case)not match with the hostname that you are c...

SLOW INTERNET

Hi GUys ,I`m deploying a PAN.Everything is OK , COnfiguration , URL Alerts , AV , AS everything on ALERT MODE.But my problem , after COnfigure a L3 INterface to receive IP via dhcp client from my ISP router , my connection with internet becomes very slow!I think the problem is on the PAN because when i rollback to my PF SENSE everything works go...

Thiago by L3 Networker
  • 5996 Views
  • 4 replies
  • 0 Likes

Antivirus Update Frequency

Is this specified anywhere?I can't seem to find where the antivirus update schedule is stated explictly.Or is it just part of the weekly content updates?

KGC by L3 Networker
  • 10432 Views
  • 7 replies
  • 0 Likes

HA Active/Active

Hi,Can anyone tell me if HA Active/Active on a PA-500 requires three links in total? As there are limited ports on the PA-500 this may cause an issue.Also, if this the case - is there any option on having an IPSEC VPN terminating on the passive firewall in an Active/Passive HA configuration (i suspect the answer to this is no).Andrew

singersit by Not applicable
  • 4650 Views
  • 4 replies
  • 0 Likes

Blocking traffic from another country

Hello,We have an Extranet server which sits on our DMZ... http and https are allowed through the firewall so that outside users can access the web app on that server. My server admin asked me if I can block all inbound traffic from China and Taiwan as he gets a ton of hack attempts coming from those countries. Our web app doesn't serve anybody...

dwoolley by L1 Bithead
  • 6554 Views
  • 5 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels