General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

New LIVE AMA event, LIVEcommunity Team Roundtable!

If you are curious to know more about how the LIVEcommunity works, have a chance to chat with community team members, or ask a non-technical question? Now’s your chance! The floor is open for all you burning questions now through June 24. The LIVEcom...

ama-graphic.png
jdelio by Community Team Member
  • 301 Views
  • 1 replies
  • 4 Likes

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 18531 Views
  • 41 replies
  • 32 Likes

Resolved! 802.1x wired authenicaton with MS CA and paloalto

Dear Sir,I am beginner in 802.1x authenication and paloalto.So please help explained and guide.I want to use 802.1x with MS CA.Can i use paloalto firewall as a policy enforcer for 802.1x authenication ?can use PA as a radius server for user log and m...

crypto by L2 Linker
  • 1652 Views
  • 1 replies
  • 0 Likes

CRL revocation traffic identified as ms-update

Is this an expected behaviour? We where somewhat surprised that the application included this traffic. It includes all SSL CRL traffic (like establishing remote desktop or visiting websites), independent if its related to Windows Update.

Resolved! Security Policy - with Service\URL category configuration

I have a Security policy rule configured as below1.source and destination any2. User - any3. Application - Any4. Service ports open for http5. Url category allowing access to custom created URL category in which only search engines google and bing's ...

krdeepu by L0 Member
  • 1544 Views
  • 1 replies
  • 0 Likes

Resolved! PA220 as a router?

Hi,We are planning to have paloalto PA220 firewall in our new sites and instead of purchasing new cisco routers (ISR 4000 series), we will just use the PA220 as a router.Our link is via ipvpn (not IPSec) with GRE tunneling. And we will be using EIGRP...

bentot by L0 Member
  • 822 Views
  • 2 replies
  • 0 Likes

Resolved! How I can stop PSIPHONE?

Dear Experts, Please can someone help me with how i can denay PSIPHONE? Its, so defcult to do that. I have enable SSH-Proxy and enable SSL-Forward. and create a rule to block SSH APPs and Proxy APPs and finlly add High Risk APPs. After all that PSIPH...

Resolved! PA drop the connection for IPTV- no sound and video

I have IPTV at home.Rule is any app and any service bit i see that video has no pic and sound. PA logs traffic,url and threat does not show packet drop. then i removed all the security profiles and video and sound was working. is there any way we can...

MP18 by Cyber Elite
  • 1223 Views
  • 6 replies
  • 0 Likes

show counter interface management multicast packets dropped

show counter interface managementInterface: Management Interface--------------------------------------------------------------------------------------------------------------------------------------------------------------Logical interface counters:-...

MP18 by Cyber Elite
  • 1560 Views
  • 7 replies
  • 0 Likes

Resolved! migrating config from 7.0.12 to 8.x.x

hello.we have a replacement of a palo alto coming up. the actual migration is I believe from a 3050 model running pan-os 7.0.12 and the config needs to be migrated to a pa 5220 (whic I believe can't run pan-os 7.x but comes with 8.0.0 minimum.due to ...

brute force rdp 40021 signature

Hi, anyone knows why this is not working ? ( vulnerability signature - 40021)tried many rdp attemps but cannot trigger 40021 although selected very low number. https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/Brute-Force-Signature-a...

PanIst by L3 Networker
  • 479 Views
  • 0 replies
  • 0 Likes

Resolved! When to use ZoneProfile and DoS Profile

Hello All - Can i understand that Zone Protection Profile is to Protect Firewall itself and DoS Protection Profile is to protect the servers and hosts behind the firewall from Internet?Can i achieve a DoS protection (For example SYN Flood attack) onl...

Monitor multiple IPs in a PBF rule?

Running 8.0.x on our PA-3020 and PA-220 systems. In our virtual routers, we can path monitor with multiple IP addresses and take action on AND or OR conditions, but PBF still seems to be limited to a single IP. I'd love to be able to monitor multiple...

uvdes by L2 Linker
  • 582 Views
  • 2 replies
  • 0 Likes

Resolved! TLS 1.3 is Coming - How to deal with it????

My security counter parts came to me letting me know that in Chrome version 70.X+ TLS 1.3 will be turned on by default. This appears to be causing problems in our current firewall deployment: A/P HA-par 5220s running 8.0.10 (soon to be 8.0.12). It lo...

TLS_Error.png
TLS_1.3.PNG