General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! GlobalProtect portal data collection available in logs?

Starting with PAN-OS 9.0 there is the ability to assign specific agent configurations based on software and app settings on GlobalProtect portal configuration.It's possible to collect registry data from Windows endpoints under the new tab "Portal Data Collection". Now my question. Is it possible to see somewhere in the logs what data was collect...

portal-data-collection-custom-checks-windows
Tobi by L2 Linker
  • 7853 Views
  • 6 replies
  • 0 Likes

Encryption mode between 6.0 and 9.1

My company are going to migrate upgrade one firewall from 6.0 to 10.1.And I found below KB points out the supported payload options above and below PANOS 7.0.Several IKE/IPSec profiles are using aes128 for ESP encryption, is it aes128 equal to aes-128-cbc?https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYtCAK PAN-OS 5....

TonyTam by L1 Bithead
  • 2761 Views
  • 3 replies
  • 0 Likes

Spare-Device / OSS appears as normal Device with expired licence in CSP

Dear all, I tried to register a device as spare via "Assets -> Spare" in the CSP, but instead of appering as Spare it is now listed under "Assets -> Devices" with an expired licence. I tried to open a support case via "Get Help", but because the device-licence is expired, i can't select the asset and im never able to finish the support for...

x0NeLo by L0 Member
  • 2247 Views
  • 1 replies
  • 0 Likes

CTD usage and commit and update errors

VM-300, 10.0.8-h4 on KVM.At one point issue with commit showed up:Error: Error reading signature DFA datafailed to handle CONFIG_UPDATE_STARTAlso updates for Wildfire & Apps/Threats were not being installed. HA sync started to fail.It was concluded that CTD resource usage is high - show system setting ctd state, Content Allocator Usage was 1...

nikoo by L3 Networker
  • 4017 Views
  • 1 replies
  • 0 Likes

Does Palo Alto support URL rewrite option ?

I have a query is When any user (OUTSIDE/INSIDE) accessing the URL or application like JIRA and CONFLUENCE which is hosted on the AWS server on the internet. that user's traffic hit into the ON- Premises data center instead of the internet and should be inspected by the ON-Premises DLP server. Also, to make this possible on the basis URL rewrite...

sagjoshi by L0 Member
  • 3320 Views
  • 1 replies
  • 0 Likes

Resolved! Allow streaming media of news category.

Hi everyone, One of our customer Has a requirement to block all streaming media but wants to allow streaming from news category,eg suppose any news channel is redirecting to youtube or any streaming sites it should be allowed but if user is trying to reach directly to youtube or any other streaming it should be blocked. streaming sites redirect...

KashifSh by L1 Bithead
  • 3871 Views
  • 2 replies
  • 0 Likes

ESXi deployment question for Palo -VM series (L3 Mode)

I'm having trouble interpreting this link for deployment scenarios of the vm series Palo Firewalls. Looking for clarification...https://docs.paloaltonetworks.com/vm-series/10-1/vm-series-deployment/set-up-a-vm-series-firewall-on-an-esxi-server/supported-deployments-on-vmware-vsphere-hypervisor-esxi.html We have an ESXi cluster with 3 hosts runn...

geewiss by L2 Linker
  • 6027 Views
  • 10 replies
  • 0 Likes

Security Advice on SSH & SSL/TLS week ciphers

Hi Team, I have few queries to be addressed. We have changed the SSL/TLS version using CLI to TLS 1.2 but when we run the scan we can see TLS 1.1 is also running at the back-end. We need to check which SSL/TLS version is running using CLI of the Firewall.What command needs to be used to check the current TLS version of the firewall? in CLI Secon...

Restoring Configuration Between Platforms?

Is it possible to restore a backup configuration from say a PA5000 series to a PA3000 series? I know there are obviously interface differences between the platforms, and I couldn't find any recent documentation explaining if this is possible. Thank you.

Policy audit comment in cli

Do you know how can we configure and view Panorama security policy audit comments in the cli or another way for bulk applying comments to policies. I will modify policies in bulk using the cli set commands, but also want to add audit comment to all the policies with the change description, but I can't find the cli option for it.

batd2 by L4 Transporter
  • 5727 Views
  • 3 replies
  • 0 Likes

Active cluster

Hello , We have a customer having Active /active cluster . The Panorama lies in another country : The nodes of cluster use the traffic interface ( and not management interface)to reach Panorama , and at firewall we do the NAT , so that on Panorama natted IP is visible But for some reason , we only see 1 node connected and 2nd one disconnected ...

  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels