General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! DNS security question

I have a question about DNS security and what exactly it does. For example, if I configure all DNS security domains to "sinkhole" but we already have our URL filtering profile blocking all of these domains already is configuring DNS security redundant?

Claw4609 by L5 Sessionator
  • 3548 Views
  • 4 replies
  • 0 Likes

Resolved! Help with DNS?

Hello Live Community. I am in a bind. I have all of our clients on networks using DHCP from our Palo Alto and pointing to Googles servers for DNS. Very quick and slick. unfortunately I need all computers, tablets, phones, etc... to see a server inside our Palo Alto. Is there any way to do this without compromising the DNS settings, or speed? ...

JCMoritz by L0 Member
  • 2402 Views
  • 3 replies
  • 0 Likes

Block SSH traffic

We are using PA 5250 firewalls. We are not using decryption on it. Now, we want to filter the ssh traffic satisfying all these 2 conditions: C1) Allow access to *.mywebsite.com for ssh traffic AND allow file download upload C2) Allow access to abc.xzy.zom and jkl.efg.com for ssh traffic AND NOT allow file transfers Because we are not using...

PAFWNoob by L1 Bithead
  • 2505 Views
  • 1 replies
  • 0 Likes

description update in security rules via Panorama CLI

Hi Team, i was trying to update description on existing multiple security rules via Panorama cli. but found that if i add description via cli it just simply replace the whole existing description. So, is there any way to add/update the description without removing the existing description on rules. Thanks Virender Singh

vsingh31 by L1 Bithead
  • 1916 Views
  • 1 replies
  • 0 Likes

Error while committing changes

Hi Team, Getting the below error while committing the changes. I read an article where it says it might be due to memory issue so rebooted the device and checked but still the same issue. Could you please suggest as soon as possible. DLP Configuration not found DLP Configuration populate successfully Error: Error preparing global objects failed ...

Resolved! Cannot login to GUI after pa-vm deployment

I deployed a pa-vm image 10.2.1, set the management IP from the CLI. When I try logging in with the GUI, I put in my credentials and then get the following error "Your login session has expired and you have been logged out for security reasons. Please log in again if you wish to continue." I'm able to SSH into the cli. Things I've tried: 1. rebo...

L3Svc process stopping automatically on PA-3020 firewall

Hi Folks, We are facing issue with the captive portal and had seen that the l3svc processor is not running. We had tried to restart the l3svc process and the mgmt plane process but no luck. our firewall was previously running on PAN-OS 9.1.13h3 and we had downgraded to 9.1.10 and checked but no luck. We had rebooted the firewall again also. Chec...

Resolved! Jobs flooding commit queue.

For the last week or so we have been having issues with download jobs pending and failing in our Panorama. The issue is that there are 2500+ jobs pending on our Panorama and this seems to pop-up at any given time. TAC, to this point, has had us restart the management process, suspend that Panorama and fail over to the other... Until this happens...

Increasing log disk size on Panorama VM

I have Panorama 10.1 running as a VM on ESX. System disk is 224gb and log disk 500gb. I have shut down the VM and moved the log disk to a larger store (2000mb). VCentre now shows the disk as 2TB. However when i boot Panorama it still sees /dev/sdb1 as 500gb. What Panorama commands would i have to run to make it see and use the actual capacity?...

best way to add folders to malware whitelist

having read the document "Add a New Malware Security Profile", I am not clear as to best and properly entering a path to a folder properly. this is a paragraph pulled out of the of the webpage. +Add a file or folder.Enter the path and press Enter or click the check mark when done. You can also use a wildcard to match files and folders conta...

jeperjes_0-1666877018593.png
jeperjes by L1 Bithead
  • 4678 Views
  • 3 replies
  • 0 Likes

GlobalProtect SCEP NDES Dynamic Challenge Failure

Hi, I have been attempting to get GlobalProtect configured with SCEP for many days without success. The issue I am facing occurs when I have the SCEP Challenge set to "Dynamic" under "Certificate Management" (on the firewall), which is what I am wanting. But when using the dynamic challenge, the GP clients fail to retrieve a SCEP certificate. ...

cwilson by L0 Member
  • 10579 Views
  • 3 replies
  • 1 Likes

Resolved! Set permanent IPSec VPN tunnel

Hello guys, would you be so kind and help me with any function, which can set VPN tunnel as a permanent one? Because when tunnel is not using, it goes down and then it will not come up without push on our side. So, maybe there is some function / algorithm which will send over the tunnel small amount of data to keep it alive. I was not able to f...

Global protect welcome page appears multiple time in an hour or so

I have listed two issues with the GP 1. Since I upgrade GP client to 6.0.3 welcome page appears multiple times in an hour or so. Please suggest if any solution 2. Also there is no GP client version yet which can fix the "Sophos AV date capture in HIP check from client machine". As per TAC it will be fix in next version 6.0.4.

sharink by L1 Bithead
  • 1840 Views
  • 1 replies
  • 0 Likes

Resolved! Possible to have a web page presented for webistes where SSL decryption Doesnt work?

Hi All, We use SSL inspection and sometimes we have to add websites to a custom url category for non inspection so the webpage can become visible. Is there an option to have the user presented with a webpage so IT staff will know that it's ssl inspection that is not allowing the webpage to be viewed? I've looked but couldn't find any. Usually wh...

roma by L2 Linker
  • 1863 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels