General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

New LIVE AMA event, LIVEcommunity Team Roundtable!

If you are curious to know more about how the LIVEcommunity works, have a chance to chat with community team members, or ask a non-technical question? Now’s your chance! The floor is open for all you burning questions now through June 24. The LIVEcom...

ama-graphic.png
jdelio by Community Team Member
  • 198 Views
  • 0 replies
  • 3 Likes

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 18432 Views
  • 41 replies
  • 32 Likes

Resolved! Global Protect User Groups

I want to user map configuration to AD user group for Global Protect clientless VPN. This works quite will if authentication is LDAP.Have you any idea how can I get it to work with Radius authentication? Presuming that the user has the same name as t...

BatD by L4 Transporter
  • 926 Views
  • 3 replies
  • 0 Likes

Resolved! SSL decrypt exclusion for url ec2-13-57-194-193.us.west-1

Hi Everyone, IP 13.57.194.193 ssl decryption exempt was failing and IIn ssl decrypt exclusion list I put *.amazonaws.com and still in traffic logs I see the IP 13.57.194.193 getting ssl decrypted. I have attached the nslookup for this ip. Can you ple...

clipboard_image_0.png
MP18 by Cyber Elite
  • 1703 Views
  • 4 replies
  • 0 Likes

Resolved! Rule usage report in PanOS 8?

Is it possible to create (scheduled) rule usage reports in PanOS 8, ideally from Panorama on a per device group basis? I see the rule usage data present, seems silly there wouldn't be a capability to query against it.Rules (not) used withing last X d...

BoDollis by L2 Linker
  • 1557 Views
  • 3 replies
  • 0 Likes

Resolved! GUI only works with Incognito

Hello -We replaced our palo last night and now the GUI will only open in Incognito mode in Chrome. I tried clearing the cache. That didn't help.

Shawverr by L3 Networker
  • 2062 Views
  • 6 replies
  • 0 Likes

Resolved! scp export log traffic to a server not using port 22

Hello, I'm trying to send an export of traffic log to a server that use port 40111 instead port 22.I'm using this command in Panorama: scp export log traffic to pppp@1.1.1.1:40111 But receive a timeout indicating that host 1.1.1.1 hasn't available po...

bprietoc by L1 Bithead
  • 756 Views
  • 2 replies
  • 0 Likes

Blocking vs. logging throughput

If I have a security policy applied to all my zones which includes profiles for everything (AV, spyware, vulnerability protection, etc.) but the actions are all just logging or alerting and not blocking, would that affect my throughput? I was wonderi...

Resolved! Replacing a Palo

Hello -We had one of our Palos die on us, we have the replacement and I have read this document: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHFCA0 But, I'm hoping someone on here can give me some real world experience ...

Shawverr by L3 Networker
  • 1302 Views
  • 2 replies
  • 0 Likes

Resolved! 1:1 destination nat mapping

Hi everybody, does anybody know if it is possible to write a single destination NAT policy in order to map ip addresses from a given range/network to a corresponding range/network of the same size preserving the host portion of the address? I try to ...

grenzi by L3 Networker
  • 2489 Views
  • 3 replies
  • 0 Likes

PA session end reason is decrypt error -

In PA i saw this behavior for session end reason is decrypt error and traffic is working fine.I check with users where session end reason is decrypt error they told me they have no issues.we have ssl decryption enabled and PA is running 8.1.9IS this ...

MP18 by Cyber Elite
  • 5137 Views
  • 2 replies
  • 0 Likes

Safe Search Issue

Transparent safe search is not enforced for networks which are using the PA box for DNS proxy. I have enabled Safe Search tick in URL filtering. Still no go. We have enforced with local DNS servers and that is working. However the interfaces using PA...

Proxy.jpg

Resolved! DSRI for VPN Tunnel

I can't seem to find a clear answer to this, and there may not be one. I have a VPN tunnel between 2 sites, both on PA-820's. Would "disable server response inspection" on the VPN policy on both sides benefit from this? What are the potential downsid...

VPN S2S and Description ssl in Wires mode

Hello, I have a couple of doubts and I would like you to help me about it. 1.- Is it possible to perform an Ipsec VPN when the firewall is in V-Wires mode? Only having an IP in the administration interface? 2.- Is it possible to perform SSL decryptio...

Lcarocas by L0 Member
  • 810 Views
  • 2 replies
  • 0 Likes