This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Application-based DoS capabilities?

I am seeing several atempts by the same IP address utilizing t.120 to connect via port 3389 to the various Windows Servers that I have with external IP addresses (and, yes, some are actual Terminal Servers). I would love to be able to configure a threshold of denying this type of activity via the application with an activity threshold similar t...

mmartin by L1 Bithead
  • 3947 Views
  • 3 replies
  • 0 Likes

Resolved! Session Clearing

I have a PA-500 Firewall. I am trying to test some policies, however, when I add and remove users from groups, the Palo Alto isn't picking this up fast enough. Does anyone know the command line to clear out a session from the Palo Alto so it will re-check which group a user is in?Thanks!

kaysun by L1 Bithead
  • 4161 Views
  • 3 replies
  • 0 Likes

Resolved! Panorama Distributed Certs

Am I going mad, or can anyone else not actually use certificates imported in Panorama and then distributed to end devices?Once I have pushed these to PA's I cannot seem to apply them to 'functions' via the GUI or the CLI.Using the same certificate uploaded directly to the PA, everything is fine.I'm on PAN-OS 4.1.4.Rgds

apackard by L4 Transporter
  • 3343 Views
  • 3 replies
  • 0 Likes

Need to logout/login to see new signatures?

I think I may have found a bug with PANOS 4.1.1 on PA-5050s where the WebUI will not display new signatures until the user has logged out and logged back in again.I left a browser (Firefox 10) logged in for several days, using it just enough that the session did not time out. During this long session, a content update was installed. However, w...

Mack by L2 Linker
  • 2588 Views
  • 2 replies
  • 0 Likes

SSL decryption notification response page. Don't load !

Trying to set up SSL decryption these are the steps ive done:* Configured SSL decryption rules* Installed certificated on FW* Installed cert on client computer with gpo, (yes it removed my warnings about saftey)But it won't warn the user with the response page even though iv'e enabled it under Device > Response Pages > SSL decryption opt-o...

Create an App-ID for YouTube in the context of facebook

HI guys I am trying to create a custom App-ID to identify Youtube in the context of facebook, I would like to use this for a possible App QoS.Dependency is youtube from facebook but defining youtube app in the context http-host-header is too complex, so I was thinking of using youtube app as dependency and look for triggers as facebook referrer....

Importing Configuration from Fortinet

Hi,I'm experiencing a problem for importing configuration file from a cluster Fortinet 310B. After conversion, i try to load the file, and i recieve a message "File pan_conversion_l3.xml is malformed". I have tried to compare with the first configuration file fform the PA4020, I saw ther's no certificat on the top, but I'm not shure, if it's the...

Web Browsing

HiWe're about to install the web filter licence for the PA. Our current system is a proxy configuraiton via websense. Now that we're going to use the PA for web filtering is the best practise to create a security rule allowing all internal PCs direct access to the Internet using the common web based ports or is there some other way of making the...

djrodb by L3 Networker
  • 2431 Views
  • 2 replies
  • 0 Likes

Resolved! Block page for vulnerability protection

I have been testing the security profile for vulnerability protection. I set the action for all critical threats to block. What should I expect to see on the user computer screen if a site does contain a critical threat recognized by Palo Alto? Should the user see a block page?

oshcomp by Not applicable
  • 4789 Views
  • 3 replies
  • 0 Likes

MAC address filter and DHCP enforced...

Hi!Is it possible to create Policies based on MAC address instead of IP addresses?Also, can we enforce DHCP clients only mode? Meaning that the firewall only allows those who obtained IP's from the DHCP server. Seems like DD-WRT got the DHCP-Authoritative option:http://www.dd-wrt.com/phpBB2/viewtopic.php?p=650805thx!

gebis by Not applicable
  • 9641 Views
  • 3 replies
  • 0 Likes

Resolved! ACC Not displaying drop-down boxes when filtering is applied

We have an issue where the drop-down boxes in the ACC disappear when filtering is applied.For instance, when I go into the ACC, I see all my data.1) I click on the web-browsing application to see the top users. The information displays properly.2) Then I click on a specific user to see that user's activity.I'd like to see a list of the top URLs ...

Captive Portal page to load when user-id is known?

Working on an idea to allow a manner of login/logout for users coming through captive portal auth.On a system that may or may not be identified on the back-end, I can load the captive portal page URL manually and set/change the user-id.When I try to load the page again, I only get a blank page - is there a URL I can load to generate a 'logout' o...

keklund by L1 Bithead
  • 3985 Views
  • 3 replies
  • 0 Likes

How to transfer security policies created on the device on Panorama?

Hello,I'am planning to transfer security policies from the PAN FW to Panorama. First the policies was created on the device, but now we are planning to adopt a configuration model in witch we will only use Panorama to centrilize the management of policies and objects. So is there any methode to make the transfer easly (objects export, policies e...

asia by L3 Networker
  • 3572 Views
  • 3 replies
  • 0 Likes

PA-500 LDAP Checkin Timing

Does anyone know how often a PA-500 checks in with LDAP to determine group members? I was adding users to a group that should be blocked from outside access, however, even after 10 minutes and several restarts the user can still get right out to the internet. How long does it take for the Palo Alto to check back for group members?On that same ...

kaysun by L1 Bithead
  • 2083 Views
  • 1 replies
  • 0 Likes

PBF for YouTube Redirect to external proxy?

Since URL-Rewrite is still not an option in PanOS (I think only recently they announced that it may be on the roadmap), I've been investigating ways to redirect YouTube traffic to an external proxy server that supports rewrite. I need to do this to implement the new Youtube for Schools service.Wondering if this is a workable scenario:- Setup an...

keklund by L1 Bithead
  • 9238 Views
  • 4 replies
  • 0 Likes
  • 24379 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks