General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 409 Views
  • 0 replies
  • 2 Likes

Control android and other smartphones

I managed to use the setup for blockin iphone/ipad trafic.

https://live.paloaltonetworks.com/docs/DOC-1503

Some questions...

How do we do this for other smartphones?

And is it possible to control this with IP range for instance? Or other methods?

Thinki

...

oddmbjer by Not applicable
  • 2779 Views
  • 1 replies
  • 0 Likes

URL Block Question

So I have a need to block almost all internet access for a certain group of folks.  They are in a warehouse and only need access to a few websites (time clock, shipping sites, etc) related to their jobs.

How I'm doing this currently is to use a Activ

...

What is Trusted CA Certificate used for?

According to the PA-3.0_Administrators_Guide.pdf:

"
Trusted CA certificate—Import an additional intermediate certificate authority (CA) certificate to trust when doing SSL decryption. If the firewall encounters a certificate that is not signed by a tru

...

rps by L3 Networker
  • 7811 Views
  • 9 replies
  • 0 Likes

Custom URL not working

Hi,

I have a PA2020 system with Custom URL category defined and it was working fine on 3.1.4.

When we upgraded to 3.1.6, the Custom URL category was not working and URL present in the custom category were being blocked, even if they were in the allow l

...

vinesh by L2 Linker
  • 3370 Views
  • 5 replies
  • 0 Likes

Resolved! Using LDAP/AD names for firewall GUI login

Hi

I believe I've successfully set up LDAP authentication in our Palo device. All of our groups and users are appearing when searched for using "show user ldap-server server all" and they show up in Authentication Profiles when changing the Allow List

...

SMB URI Filtering (Custom Applications)

I'm wondering if it is possible to define an 'application' based on an SMB URI path?

Example - I have two shares on a SMB SAN server \\san\public and \\san\secret; is it possible to apply a firewall rule to a Palo device that sits between this server

...

apackard by L4 Transporter
  • 2736 Views
  • 4 replies
  • 0 Likes

SYN Flood

hi : I have a question in regard to Flood Protection Thresholds under Zone Protection. Do the thresholds for Alert/Activate/Maximum apply to counting SYN packets directed at a partuicular host or to counting SYN packets directed at all the hosts in t

...

wlu by Not applicable
  • 3307 Views
  • 4 replies
  • 0 Likes

Checkpoint FW-1 Telnet Authentication - PA Alternative?

Hi

We will be installing 2x PA4050s into our datacentres to replace our current Checkpoint Alteon Switched Firewalls. We use Checkpoints "telnet authentication" on TCP port 259 to allow super users access through the firewalls based on their IP addres

...

fmd by L3 Networker
  • 2748 Views
  • 4 replies
  • 0 Likes

Since update to 3.1.4 no ssl decryption

We have some user categories with "no decryption" but the default rule "decrypt".

Before updating from 3.1.3, https://secure.eicar.org/eicar.com.txt was blocked reliably. Since 3.1.4 not. Nothing else was changed.

In fact i cannot see any ssl decryptio

...

mhuels by L3 Networker
  • 3030 Views
  • 4 replies
  • 0 Likes

PBF based on Apps

Hi All,

I want to PBF all my google Apps traffic via ISP1 and the rest via ISP2. Under the PBF rule -> Applications I see only a subset of Apps which includes my customs Apps too. But not all Apps from where I could choose from.

Any advices please?

Than

...

actibit by L2 Linker
  • 2982 Views
  • 2 replies
  • 1 Likes

Dual ISP for SSL VPN

I am having trouble getting SSL VPN to work on a newly added modem. Essentially, I want to add a new ISP connection to my PA and configure it to be used for SSL VPN. I tried to add a PBF rule, but apparently, pbf requires traffic to cross zones. So f

...

dpayne by L1 Bithead
  • 2135 Views
  • 1 replies
  • 0 Likes
  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
Labels