General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 269 Views
  • 0 replies
  • 1 Likes

Security Policy Rule application and service configuration

 Hi All,

 

I have an issue where, Panorama had some security policy rules that had the below configuration on them:

 

  1. “Any” is listed in combination with specific ports under services in a given rule
  2. “application-default” is listed in combination with spe
...

Ben-Price by L4 Transporter
  • 1895 Views
  • 2 replies
  • 0 Likes

MS Update application being recognized as ssl

Hi Experts

I'm looking for an assistance where ms-update is being recognized as ssl and getting denied. We've allowed the web-browsing and ssl to allow the dependency applications as well on the same rule. Port is being identified as TCP/8531 but the

...

Palo Alto SSH Vulnerabilities

Hi Team,

 

We are finding the below vulnerabilities being detected on Palo Alto Management SSH service :

 

 

CVE-2007-2768

CVE-2004-1653

CVE-2007-2243

CVE-2016-2183

 

Kindly help us in resolving the above said vulnerabilities.  Devices are running with the OS

...

Resolved! Slow o365 downloads

Just deployed HA 3020s in APAC and users are complaining that downloading office 2016 is painful, slow and eventually times out. Having a hard time figuring out why though, logs in PA don't show anything dropping or getting denied and data filtering

...

drewdown by L4 Transporter
  • 12354 Views
  • 9 replies
  • 0 Likes

OSPF passive interfaces question

What is best practice to advertise connected networks on a single VR where you have OSPF running and neighboring on an Internal Firewall  interface to router, and want to advertise multiple segmented/firewalled networks directly attached the same fir

...

Sec101 by L4 Transporter
  • 3479 Views
  • 3 replies
  • 0 Likes

SSL Decryption: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY

Hi paloalto community,

 

we're currently still testing ssl decryption and discovered a new error, which I can't google to find a solution.

 

If we're visiting the following site, we get an "ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY" error. Site: https://ww

...

2020-01-13 11_42_30-pa-1.png
2020-01-13 11_42_39-pa-1.png
2020-01-13 11_42_56-Anhängerkupplung M240i _ M140i.png
2020-01-13 11_46_30-www.1erforum.de.png
mrkskhn by L1 Bithead
  • 51536 Views
  • 36 replies
  • 0 Likes

Doubt about multiple SAs in IPSEC tunnel

Hi,  

 

We have a tunnel working but looking in the logs we see many installed SAs. So we think it should be a SA for line in proxy ID.

 

So why all these logs about "installed SA"?  Any idea?

 

vpnjs.JPG
BigPalo by L4 Transporter
  • 1861 Views
  • 1 replies
  • 0 Likes

PA-500 fan too noisy

Hi,

 

I think one of our PA-500's fan is always running at 100% speed,

Because it's too noisy than others,  

 

Following is output of environmental, it says RPM is just 1, 

 

Does anyone know solution for this problem?\

 

Thanks,

pa-500 output.png

Resolved! Apps & Threats version 8434-6840 fails to install

Hi 

 

I've had 2 separate NGFW's fail to install Apps & Threats DB version 8434-6840 with this message:

  • Error: Application group 'Wifi_Allowed_Apps' member 'visual-studio-live-share-direct' does not exist
  • Error: This content install has failed because ap
...

ShaiW by L1 Bithead
  • 3882 Views
  • 5 replies
  • 0 Likes

Resolved! Getting GPG error updating

We installed minemeld a year or two ago and have been running apt-get monthly with no issue. Today running apt-get had CRC errors shown below. I looked through this forum but didn't find anything that looked related. Any help would be appreciated.

T

...

CharlesSFG_0-1627405622967.png

TCP Reset being dropped at firewall

 

 

I have a client accessing a Citrix CAG via a firewall at one site on HTTP that I see traversing the FW, exist out towards the internal PA firewall reaches its destination.  The destination server is sending a TCP RST, we are told to redirect the br

...

  • 23633 Posts
  • 107 Subscriptions
Top Liked Authors
Labels