General Topics

Disable TCP 1323 Timestamp response through Palo Alto Firewall?

Hi,

I'm wondering whether is there a way to set the PAN Firewall to detect and drop TCP 1323 Timestamp queries to servers?

According to some web vulnerabilities scanning reports, it is reccomended to disable the TCP Timestamp as it discloses server upt

...

TCP timestamp response During the vulnerability assessment

In my case, the team is performing a vulnerability assessment on PA820

Vulnerability Title: TCP timestamp response.

Description: The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's upt

...

COMMIT FAILED: Unknown node class

Hi All,

I have old instance of Minemeld (0.9.52) running on Ubuntu 14.04. I am planning to migrate it to new server and upgrade it, but it will take some time. Meanwhile I need to mine the Azure Cloud IPs for specific service. But my instance is st

...

Resolved! Migrating config from PA -500 to pa 220

I

Hi,

Planning for upgrading PA-500 to PA-220, Just wanted to be sure that if we download the current running config from PA-500 and import it to new PA-220 device, will that work?
I am not sure if Importing configurations between non-matching hardware

...

Prelogon - PanCredGet

PAN-OS - 9.0.3

Global Protect 5.0.3

We are having problems with GPPrelogon.

Logs:

(T7612) 07/22/19 15:20:16:670 Debug(5727): REGION-PRIO, region code is GB
(T7612) 07/22/19 15:20:16:670 Debug(10868): REGION-PRIO, save region code GB
(T7612) 07/22/19 15

...

Resolved! Use Windows DHCP Server for GlobalProtect Clients

Is it possible to use an Active Directory integrated DHCP server to assign IP address to GlobalProtect clients? If not, how can I reliably manage DNS records for VPN users?

Best siem

Hello all its been a long time, since they took away my sentinel role I haven't been on here much. Does anyone have a recommendation for a siem?

Resolved! CEF PANOS 10

Morning!

I can see that PANOS 9.1 has a CEF will this work on PANOS 10 as I have not been able to find the CEF for PANOS 10

Thanks

BizBo

Resolved! blocking machines from AD-group

Is it possible to block outgoing traffic, from an active-directory group containing machines?

blocking traffic by username works fine, but i want to use the machine ad group rather than entering all machines by fqdn or ip in an address group of object

...

Resolved! Creating static routes in CLI versus GUI

I have noticed that if a create a static route via the cli the xml configuration is less than if you create the static route via the GUI.

In the cli I can simply set the destination and next hop. In the GUI there are many other options (most I never

...

Resolved! Azure HA same resource group ?

This doc says both VM's have to be in same resource group, but portal doesn't allow me to deploy another VM in same resource group, where i have already deployed a VM.

https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm

...

Blocking certain Facebook features while allow others with PAN version 8.1.17

I am trying to block certain Facebook features while allowing others. For example:

Facebook – block - chat, file-share, post, video, voice

However, after implementing it on the PAN, I can still do this with Facebook: I could post, like and upload p

...

Resolved! GlobalProtect iPad VPN App

We have many users getting a pop up reading

The Network connection is unreliable and GlobalProtect reconnected using an alternate method. You may experience slowness when accessing the internet or business applications.

Anyone seen this and what maybe

...

Renew firewall CA certificate and distribute with GPO

We have created on the firewall a Root CA which also signs the SSL Forward Trust certificate.

The firewall Root CA certificate has been deployed with GPO to all our devices there Trusted Root Certificate Authorities.

The root ca certificate on the fire

...

TAXII feed for SIEM

Hi,

I have tried minemeld with few miners and output to the inbounfeedhc i.e. PAN EBL/DBL. It is worked as expected. I would like to push the data to SIEM so that i can perform log analysis based on the indicators. How can i use taxii? I have confi

...