General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Globalprotect and SAML

Hi all, After enabling SAML authentication on the globalprotect vpn I can no longer assign vpn attributes to different users such as the IP pool and include routes. Mapping users is out of questions since my organisations has 5000+ users. I am in a situation where the only solution would be to configure one vpn per firewall. A scenario that I am...

Panorama Ethernet interfaces IP settings greyed out

Hello All, We have 2xM600 appliances in HA pair. We want to separate SSH/HTTPS management and device management/loggin collector communication on different interfaces, e.g.: 1. SSH/HTTPS access to Panorama will still be on Management interface as well as Log Collector communication;2. Device management will move to Ethernet 1/1. I was able to ...

PCNSA exam booking

Hello,I have voucher for PCNSA exam.When I try to book the exam in PearsonVue, I see availability only until 8 february (so only for the next 3 days, after that is not possible). Even if choose the option for home test is the same.I contacted PearsonVue yesterday, after 1 hour at phone they were not able to provide me a reason. According to them...

Conditional Default route advertisement

All - I have 2 systems at two different locations connecting to the same BGP AS and I am accepting an advertised default route. On the LAN side, I have a basic OSPF area0 which has a fiber-optic connection between the two locations configured as a P2P OSPF link. I need access to the internet to fail over dynamically between these sites. To that...

BGP.png

Performance Degradation for SSL Decryption

Hello, The issues we are experiencing are with SSL decrypt. When this setting is enabled we are experiencing significantly degraded internet performance.We understand that this would have an overhead but the current overhead makes it almost unusable. The symptoms are worse on pages such as youtube.com due to the ads.We have tested with SSL decry...

Farzana by L4 Transporter
  • 32337 Views
  • 14 replies
  • 0 Likes

Dataplane spiking to 100% at the same time each morning

Yesterday at 8:37am and today my noticed the dateplane hit 100% for about 15 seconds(an eternity in network time) and dropped back to normal. Today I ran show running resource-monitoring that basically just show me it hit 100% yesterday and today but not why. I checked the session count 36813/524286I checked the monitoring the only thing that st...

jdprovine by L4 Transporter
  • 3445 Views
  • 3 replies
  • 0 Likes

SSL Decryption with iOS 13 Devices

We began testing of the iOS 13 beta last week on several test devices that are connected to our internal mobile device network. This network passes traffic through the Palo with SSL decryption. We are finding that iOS 13, even with our cert installed on the device via MDM, does NOT accept the decrypt cert. We are still testing, but so far we ...

davisjj by L0 Member
  • 24852 Views
  • 23 replies
  • 1 Likes

auto-tagging registration on remote user-id agent

Hello colleagues, did someone manage to use dynamic tag registration on the remote user-id agent? I cannot find any explanation in documentation or community discussions. It is written in the manual that need to create a http profilehttps://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/forward-logs-to-an-https-destination.htmlSo, ...

ppk_vs by L1 Bithead
  • 3467 Views
  • 2 replies
  • 0 Likes

PA-3050 detected dns queries to malicious URL but all other anti-malware detected none

The Palo Alto device is saying that a workstation on the network is querying the DNS server for some malicious URLs for some of the dates and some of the time.Full scan using McAfee VSE, Microsoft Safety Scanner, Malwarebytes, Spybot, said no malware detected.Using McAfee Getsusp I upload 40 suspicious and unknown files, analysed in McAfee lab –...

SingChung by L1 Bithead
  • 10115 Views
  • 13 replies
  • 0 Likes

Advanced URL Filtering with PAN OS 8.1

Hello, I recently noticed that URL Filtering licenses have been replaced by Advanced URL Filtering licenses.The version of the box is PAN-OS 8.1.My question is: Is it possible to use these new licenses with version 8.1, or do I need to upgrade to PAN-OS 9.x? If so, how do I activate these licenses? Thanks in advance.

ColinSFR by L0 Member
  • 5382 Views
  • 6 replies
  • 2 Likes

Allow Only Google-Chrome Update and Block all other google related pages

Hi Team, The Google and Google related products/pages are completely restricted at our environment.We only allow a specific destinations from our internal Application servers.To remediate the vulnerability risks, we are in need of updating the google-chrome periodically. Could we get an inputs in allowing the google-chrome updates alone, and blo...

can not able to download file after enable ssl decryption

Hi Team ..We have enable ssl decryption then we could not able to download big file. Downloading starts and after some time it automatically in reach to pause state.We disable SSL decryption then we could able to download file. Firewall side we did not receive any drop packet but global counter we have received the below the counter. admin@PA-E...

bit_byte by L2 Linker
  • 3939 Views
  • 3 replies
  • 0 Likes

Password History

I am wondering if there is a way to clear password history. Due to audit requirements we need to have "Minimum Password Complexity" requirements including changing on first login and preventing Password Reuse. I am having issues keeping an account synched through templates and the password the same across all fws. If there is a way to clear the ...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels