General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 14544 Views
  • 1 replies
  • 4 Likes

Best Practices query for Security settings

Hi ,

 

I have a customer who has Threat prevention , AV, Wildfire ,licesne

 

The Network is divided into various Security Zones - like Users , Printers, Voip , Front end servers , Backend Servers , there are around 15 zones

 

Now we have the BPA report and

...

Resolved! Session End Reason auth-policy-redirect

Allowed all http and https traffic to Untrust, still the traffic on port 80 is getting blocked. Any idea why it is So?  

 

Rule allowing http and https traffic

 

 

Traffic log

Rule.jpg
APR.jpg
Bijesh by L0 Member
  • 6088 Views
  • 3 replies
  • 0 Likes

LAB'ing PaloAlto

Hi, 

 

I have installed a couple of PA-vm firewalls but i am not able to test upgrading PAN-OS or enable multi Vsys support.

Am I using the wrong model in the lab? Is there a way I can do the above? Are there any trial licenses without limitations?

 

I lo

...

qasim02 by L2 Linker
  • 1068 Views
  • 2 replies
  • 0 Likes

scheduled policies to affect existing sessions

Dear community,

 

I configured schedule on policies and it seems that as per design the existing sessions are not affected by the schedule:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-schedules.html 

 

Meaning th

...

LIMIT SERVICES (2000) IN PA 5020 ios 8.1.10

HELLO EVERYB,

 

i there any way to increase de limit of servies? in our case er arrive to  2000 service (ports) in PA 5020 WITH IOS 8.1.10?

 

have i to increase at the hardware level? or sfoftware?

 

thank u so much

JESELITO by L1 Bithead
  • 1521 Views
  • 5 replies
  • 0 Likes

Request a Signature for CVE be Mitigated

Is there a proper way to request a CVE be mitigated by the Palo firewall and added to the Threat Vault?  

I have read the conditions for a signature being added, but it doesn't tell you where to request one. 

 

https://knowledgebase.paloaltonetworks.com

...

RMaine by L0 Member
  • 1147 Views
  • 3 replies
  • 1 Likes

Resolved! Traffic hitting policy rule it shouldn't

Hi,

 

PanOS 9.1.0

I need to block traffic to certain websites and domains.

I created a URL Category object and put just one site inside (example.com).

I then created a firewall rule like this:

 

Source zone: LAN

Source address: any

Dest Zone: WAN

Dest address:

...

Error in CEF format for Threat logs

The following guide provides the parsing for CEF-style Log Formats for PAN-OS 9.1:

https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cef/pan-os-91-cef-configuration-guide.pdf

 

We have been using this for a while, but because now we have

...

MarcelST by L3 Networker
  • 1238 Views
  • 1 replies
  • 0 Likes

List all deny rules from cli

I have to list all deny rules (from cli)

The following command "show running security-policy | match index " list all security rules by name

For example:

"AllowBrach1IN; index: 1" {

....etc

What I want is:

- deny INBOUND traffic rules only but regarding en

...

jls3j999 by L1 Bithead
  • 3099 Views
  • 14 replies
  • 0 Likes

Resolved! PaloAlto 5260 upgrade

Hi, 

I am upgrading so PA firewalls from 8.1.7 and 8.1.9 to 8.1.13, normally I wouldnt ask these questions but since these firewalls are extremely critical I need to be extra cautious. 

been looking at the upgrade Matrix and couldnt see a clear answer

...

qasim02 by L2 Linker
  • 1616 Views
  • 4 replies
  • 0 Likes

User group Mapping

Wndows logon user name is ABC\xyz, and the user id fetched from AD group is ABC.local\xyz, and because of that the traffic is not hitting the configured rule. Any workaround to fix this?

zamiedu by L0 Member
  • 1008 Views
  • 3 replies
  • 0 Likes

getting DDNS working with DYN.COM service

I have to deploy some PAN firewalls at locations where ISPs only support DHCP. This seems to be increasing in some countries. I subscribed to DYN.COM but I am stuck on the certificate profile. I need the DYN.COM public cert and CA for dnsalias.com do

...

namijo by L0 Member
  • 1066 Views
  • 2 replies
  • 0 Likes
Top Liked Authors