General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2883 Views
  • 2 replies
  • 14 Likes

Different Actions for Security Rules

Hi Guys,

I would like to know what are the difference between the following actions in the security rules for PA.

1. Deny

2. Drop

3. Reset-client

4. Reset-server

5. Reset-both

Which of these are the most preferred to use? Is deny or drop action also resets

...

Nikko by L1 Bithead
  • 2664 Views
  • 4 replies
  • 0 Likes

Resolved! GlobalProtect with Active/Active HA

I'm having a hard time finding much, if any, documentation on this scenario.  I've tried a couple ways of doing it and they work, but I'm trying to figure out what the best way to do it while being as redundant as possible.

 

What I like the best so fa

...

SMB URL File Logging acheivable or not?

Hi Palo Alto Experts,

 

I want to know if we want to log SMB URL Blocked events then can we do in Palo Alto or not? Basically, the requirement is as below:

 

Example URL if typed by compromise system is: smb://www.example.com/fileshare/malware.exe

 

Right

...

Add network to address group via CLI?

I am trying to add a network to an address group via CLI on PAN OS 9.1.X

 

# set vsys vsys2 address-group XXXXXXXX static 108.61.41.0/24

 

Server error :  static '108.61.41.0/24' is not a valid reference

 

What is the valid syntax?

jsogla by L0 Member
  • 1580 Views
  • 1 replies
  • 0 Likes

Outside interface listening on HTTPS "502 Bad Gateway"

I have this odd issue whereas one of HA Pairs seems to be listening on 443 on its outside interface for GP but I don't use GP and never had.  I have a interface profile that allows HTTPS but not from any IP and when I disable that it still shows that

...

drewdown_0-1612816320888.png
drewdown by L4 Transporter
  • 2107 Views
  • 2 replies
  • 0 Likes

Issue with proofpoint emerging threats

Hi All,

I am testing minemeld with proofpoint emerging threats service.

I am having issues with the miner because the categories are not set correctly.

I think that the miner reaches for a csv file available to proofpoint subscribers that contains ip,ca

...

Resolved! Is JSON Based URL is configurable in Security Policy as EDL.

Hi Team,

 

Please confirm us can we configure JSON based URL as a EDL in Security policy on Palo Alto Firewall.

 

Herewith, I have provided you with the sample JSON Website for your reference. Please refer and share us with your valuable inputs.

 

https://

...

SahulH_0-1613372205367.png
SahulH by L3 Networker
  • 5158 Views
  • 3 replies
  • 0 Likes

URL wildcard Pattern

Hello everyone, I need to block URLs that have a word pattern/string, It is possible to restrict certain strings inside the name of a URL?? for example the word "good" inside the website "www.goodwill.com" to be blocked ? I already try with Wildcards

...

Destination NAT for Route base VPN

We have an requirement to set up a route base VPN, but remote proxy IP subnet clash with an existing remote subnet.

 

We are planning to use destination NAT, but not sure, how the routing will be controlled.

 

Please help to solve this problem.

Gurupada by L0 Member
  • 1420 Views
  • 1 replies
  • 0 Likes

Resolved! 5260 Z MGMT PROCESS AND APP/THREAT MISMATCH

Hi,

 

I am upgrading os for some 5260 this weekend however, just realised its showing app and threat mismatch. Upon t-ahooting I realised the management process on active firewall is showing Z defunct.

 

My understanding is that it is a Zombie process an

...

qasim02 by L2 Linker
  • 2196 Views
  • 2 replies
  • 0 Likes

Incompatibility Acrobat-GlobalProtect

Hi,

 

Customer upgrade Adobe to versión 21.001.20135 and Global Protect stopped working. Issue is th esame like this:

https://community.adobe.com/t5/acrobat/adobe-acrobat-reader-21-001-20135-preventing-users-to-connect-to-global-protect/td-p/11823885?pr

...

BigPalo by L4 Transporter
  • 2151 Views
  • 1 replies
  • 1 Likes
  • 24014 Posts
  • 99 Subscriptions
Top Solution Authors