General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

HA - Path-monitoring - VLAN-TAG-Vwire environment

HA - Path-monitoring - VLAN-TAG-Vwire environmentHello good afternoon, as always thanks for the support and for the good will as always, it is much appreciated. I have the following question: Environment detail: HA firewall, Vwire, with Vlan Tags by subinterfaces of a portchannel ( Ae1 ). Is it possible to apply some kind of Path monitoring,...

Metgatz by L4 Transporter
  • 2026 Views
  • 1 replies
  • 0 Likes

Common Criteria EAL4+ with AVA_VAN.5 / Advanced methodical vulnerability analysis

#AVA_VAN.5 #CommonCriteria ##AdvancedMemethodicalVulnerabilityAnalysi I'd like to know if the newer firewalls with PAN-OS 10.X are AVA_VAN.5 certified regarding common criteria Advanced methodicalvulnerability analysis? Other vendors disclose e.g. EAL4+ with AVA_VAN.5. Found nothing at: https://www.paloaltonetworks.com/legal-notices/trust-cen...

I can't change password for Active Directory in VPN with Client Palo Alto (Global Protect 6.0.3), PAN-OS 10.2.2-h2 and RADUS Server Windows 2019.

Hello for all, I'm with problem in Palo Alto Firewall Model 3260 with PAN-OS 10.2.2-h2. One week ago, I had a Firewall with PAN-OS 10.0.8-h4 and in this version I change my password of Active Directory in VPN with Global Protect (Global Protect 6.0, 6.0.3, etc....), but now! I have a Firewall with PAN-OS 10.2.2-h2, and in this version a can´t ...

Resolved! Home use Licensing

I recently had a PA220-R's license expire and in the past PA was trying to charge 10k+ for getting a new support contract for a small home-use firewall. Has this changed at all? Would be nice to get a new support contract+licenses for a decent home-use price.

SubZ3r0 by L0 Member
  • 2918 Views
  • 2 replies
  • 0 Likes

USER ID Lateral Movement reported

We have USER-ID Agent installed on 2 Domain Controllers, using a Service account to authenticate to the Domain referencing the Workstations (Laptops) We use Rapid7 InsightIDR for our SEIM solution and USER-ID on a DC to authenticate/identify Workstation details. The SEIM is flagging USER-ID traffic from a Workstation to another Workstation as ...

Windows Update feed in minemeld

I'm trying to find out if there's already a miner that someone's created for windows update URLs/IPs. I am using the O365 one with reasonable success, so I'd like to incorporate the windows updates into minemeld and take advantage of the dynamic list functionality for some of my rules. Thanks!

Resolved! VM for the Palo alto firewall

Will take a backup from the VM (NVA) for the Paloalto firewall that exists in the Azure environment, The query, is whether taking a backup will *affect/not affect* the services or interrupt the network traffic managed by the Paloalto NVA during and after the backup of the NVA?

Resolved! PaloAlto failing communication for Kali Linux

Kali, Windows and RHEL installed in a lab behind Palos on a directly connected Vlan. Windows and RHEL have no issue communicating to internet or ping firewall interface. But for Kali, Palo captures show only receive and no transmit or even drop packets. All 3 are getting IP from DHCP on Palo interface, and share common NAT/security policies, ...

image.png
image.png
image.png
image.png
raji_toor by L4 Transporter
  • 4288 Views
  • 2 replies
  • 0 Likes

Resolved! Source NAT with Pool

For example we use 110.110.110.0/24 as internet facing interface What are difference between 110.110.110.30/24 and 110.110.110.30/32 Which one is the correct, When I configured /24 it's seem conflict logs displayed

nattapong_thi_0-1665113789364.png
nattapong_thi_1-1665113853182.png

Resolve wildcard FQDN by PA

Hello! I have a PA OS 10.2. PA act as DHCP server and DNS server for local clients. I have several ststic entries wich resolve my local domains name in IP. For instance, example.local is 10.10.10.10. What should I do that PA will resolve wildcard FQDN for DHCP and DNS clients. I want to resolve *.example.local in one IP address. Is it possible?

Mishin by L1 Bithead
  • 2702 Views
  • 1 replies
  • 0 Likes

Resolved! Using PANORAMA for an MSP

Would anyone know if its possible to use Panorama in an MSP environment to manage clients Palo Alto Firewalls? For example, setup an Azure Panorama and use that to Manage all of our clients Firewalls from that Panorama? Like clients part of different businesses/organizations. If yes, any ideas or documentation that can help?

Accessing Tags in XQL

I can see that tags are exposed on the endpoints dataset in XQL but when I inlcude them in a query they appear (vaguely) as key value pairs thus: "endpoint tags": [], "server_tags":["IAN"] The schema though reports tags as being of type string and not an array I would like to be able to extract just the server tag value(s) and present that...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels