General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 432 Views
  • 0 replies
  • 2 Likes

Vulnerability Protection - inbound traffic to DMZ Servers

Hello,

Does the Vulnerability Protection Profile provide any benefit to inbound traffic from the Internet to servers on the DMZ? Is it more for web protection from users going outbound to browse the web and not so much from outside sources accessing s

...

CRHC by L4 Transporter
  • 4871 Views
  • 6 replies
  • 0 Likes

SSL VPN Config on 3.1.5

I am attempting to test the SSL VPN using a self signed certificate on 3.1.5  and setting up according to the " How to Configure SSL VPN on PANOS 3.0" document, however the guide does not cover the Client Certificate Profile which is now required in

...

wdhadley by L0 Member
  • 2010 Views
  • 1 replies
  • 0 Likes

Can't find ident

Hello,

I can't find ident/auth app despite that it's listed in :

List of Applications Identified by the PAN

Regards

How do block all flv streaming media

Is there any way to block all flv streaming media for all applicatons that uses flv streaming through web-browsing?

(I could'nt find any application describes "flv" except "Flash application".

But "Flash application" blocks all flash content and this i

...

ssl decryption best practices?

I'd like to look at implementing it but I'm wary of all the potential caveats i.e. applications that don't play nice, and machines that are non-windows or non-domain so wouldn't get a trusted CA via Group Policy.

I've read the guides so know how to do

...

PAN Help files are a bit old

Noticed this while searching some answers about dynamic URL filtering in the help files.

Enable dynamic categorization
Select to enable dynamic URL categorization.
URL categorization takes advantage of a URL filtering database on thefirewall that conta
...

blueteam by Not applicable
  • 2240 Views
  • 1 replies
  • 0 Likes

IPS/IDS for SQL Server behind PAN?

We have a web server in fron of a PAN that accesses MS-SQL behind the PAN.

In the vulnerability profile that we're using, everything (client/server) is set to "default".

I appreciate it's a fairly broad question, but is this enough?

Thanks.

User-ID Agent Refresh Interval?

I'm sorry if I've just not spotted it, but is there any documentation on how often the User-ID agent (for Active Directory) updates?

We've just started to implement some policies using groups and I'm not quite clear in my mind how often the PAN checks

...

Uknown / Blank user

Hi,


I want to view the traffic for all unknown users, but I am unsure how to create this...

I thought about using (user.src neq '') but that does not work I need something similar, essentially I want to view the 'from user' that has no data in (blank)

A

...

djbisbey by Not applicable
  • 1910 Views
  • 2 replies
  • 0 Likes

URL Log

I have seen this come up in one post. Where the user has asked why the URL field is only limited to only the first 63 characters.

Any idea when this might be addressed? It is crucial to log the entire URL for both trouble shooting and forensics purpos

...

Captive Portal Question - Demo Unit

Hello everyone,

I'm currently demo'ing a unit configuring it to our projected needs.  One of the things I'm currently working on it user authentication to the net and am hoping you guys can help me out with this.  I have the captiveportal setup using

...

rjoshua by Not applicable
  • 2540 Views
  • 1 replies
  • 0 Likes

URL Filtering

This was brought up about a year ago from what I can tell but does, or will, PAN support a connector to be used with a Websense server for filtering?

cnelson by Not applicable
  • 3002 Views
  • 1 replies
  • 0 Likes

Monitoring interface traffic with SNMP

I am trying to monitor traffic on some interfaces on our PA 2050 with SNMP.

I'm using RRDtool to pull traffic counters every 5 min.

But, the interfaces in Network\Interfaces in the GUI does not match the interfaces when i do a snmpwalk IfIndex against

...

tysver by L0 Member
  • 2770 Views
  • 1 replies
  • 0 Likes

Resolved! How do PA protect a attack of mac spoof?

Dear Master.

I read that zone protection of docs and notice that PA can protect ip spoof attack using zone protection profile and uRPF. but I cannot find that protecting arp spoof attack.

How do PA protect a arp spoofinig attack?

Thank you.

ttongfly by L3 Networker
  • 4433 Views
  • 1 replies
  • 0 Likes
  • 23698 Posts
  • 110 Subscriptions
Top Solution Authors
Labels