General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Traffic issue on the Palo Alto(zone-to-zone)

Team,

On our Palo's we have a vsys defined and on this vsys we have 2 zones configured. ...... (say Trust zone and untrust zone.)

 

We have a server in the trust zone which need to monitor the interface allocated to the untrust zone.

This does not happen

...

nson2139 by L3 Networker
  • 3058 Views
  • 3 replies
  • 0 Likes

Office 365 Dynamic List

Is there any way to use the Office365 dynamic URL?

https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7

which contains IPv4, IPv6 and domain and having update every day. 

URL and Threat Licenses

I have recently ordered URL, Threat and 3 yr support for 7 PA-220's. The main S/N we are using for a test application did not get a license ordered, (oversight on my part). Can I use one of the new licenses from another S/N PA-220 to upgrade and test

...

Allow listing Dynamic IP sites

Hi All,

 

We have an issue where we allow list a domain using a dynamic IP, but the host calling the domain and the firewall resolve to different addresses and the connection is drops (in most cases).

 

We have looked at URL categories but seem to face t

...

AWaring by L0 Member
  • 1699 Views
  • 2 replies
  • 0 Likes

Help with using URL Category as part of a rule.

I'm trying to change my rules for allowing outgoing SFTP connections from using IP's to using URL's as more and more vendors are going to AWS and such and locking into an IP address doesn't work.  I cloned my current working rule which says server x.

...

Walt by L1 Bithead
  • 2482 Views
  • 2 replies
  • 0 Likes

Captive Portal Error Android - Iphone

Good afternoon, please your support, I have the following problem:

I configured the captive portal function.

 

Pan OS: 9.1.9

 

All the corresponding configurations were made, certificate, ssl decrypt, authentication rules, decrypt rules

If I connect to a W

...

Metgatz by L4 Transporter
  • 2220 Views
  • 1 replies
  • 0 Likes

eBGP between remote Palo Alto devices.

Folks,

Similar to Cisco routers we are checking if we can form remote eBGP neighbors between Palo Altos located in different DC's.

One PA is located in DC-01 and the second is located in DC-02

 

We are looking at this design to as both these Palo's form

...

nson2139 by L3 Networker
  • 3019 Views
  • 4 replies
  • 0 Likes

Resolved! PA and icap?

Hello world,

is there a chance/way of talking icap between my squid and the PA?

Thanks a lot

Marcus

Resolved! Test Mail getting failed

Dear Team,

 

We have tried to create a email scheduler, We don't have a local SMTP server. We getting the below error,

 

 

Please find the packet flow below.

 

c2s flow:
                source:      10.1.1.5 [LAN]
                dst:         172.217.194.109
 

...

VishnuPS_0-1630582731903.jpeg
VishnuPS by L3 Networker
  • 6255 Views
  • 2 replies
  • 0 Likes

Disable Weak cipher suite

Has anyone had success getting past a B on ssllabs for the globalprotect web portal

 

# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   WEAK256

TLS_DHE_RSA_WITH_AES_256_CB

...

Joshan_Lakhani_2-1597424067542.png

GlobalProtect Portal SSL in PANOS 8

Hello all,

 

I have noticed an important difference in PANOS v8.0 in comparison with PANOS 7.x.x concerning the SSL settings for the GlobalProtect portal.

 

More specific, the famous site for SSL Server tests, Qualys SSL Labs presents PANOS 7.0.x with Gr

...

ggoudr by L2 Linker
  • 4875 Views
  • 4 replies
  • 1 Likes

GlobalProtect Split tunneling support on Chrome OS

We have implemented split tunneling in GP configuration for operating systems including Windows, iOS, and ChromeOS. It is working on all devices except Chromebooks. Doing further research, we are not very clear whether split tunneling is supported on

...

JatinSingh_1-1630476320899.png
JatinSingh_0-1630476280089.png
  • 24295 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels