General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Meraki and Palo side by side with Palo using BGP

We currently have this setup in our datacenter. The Meraki HA pair is the VPN endpoint for our 120+ remote sites.

 

In a DR situation the datacenter has IP mobility, where our current static IPs will failover. This setup uses BGP through the Palo. With

...

setup.jpg
Screenshot 2021-03-02 132554.jpg

Resolved! *Urgent* SSH Protocol Version 1

Hi Peeps,

I got technical query regarding how to change SSH v1 to SSH v2 in PA firewall, Because one of our customer got an alert from VAPT tool like as follows,.

 

 

Description :- 

 

KPMG test team observed that the Secure Shell protocol version 1 suppor

...

Minemeld Corruption

We have a MM instance running.  Three days ago a domain output has a corrupted output:

 

xmagesecurity.com

youpayme.info

zonejs.com

zupertech.com

�0�0�0�p�4�e�n�.�w�c�o�m�h�o�s�t�.�c�o�m�

�0�0�0�p�6�v�l�.�w�c�o�m�h�o�s�t�.�c�o�m�

�0�1�d�b�3�2�0�5�0�5�3�7�5�

...

Resolved! Data Filtering not sending to syslog

I've configured a data filtering profile and have been testing sending the data filtering detections to syslog, then to Sumologic. From what I've read, these detections are Threat Type, Data subtype in the logs. I have a log forwarding profile create

...

DZhang by L1 Bithead
  • 3018 Views
  • 3 replies
  • 0 Likes

Can PA log a address of spoof attack?

Hi all.

I wonder PA can log a IP and mac address of spoof attack such as ip spoof, arp spoof, dns query spoofing attack.

Sometimes, customer want to know above information from PA.

I think PA only drop a wrong packets. isn't it?

Thanks.

Regards.

Roh.

ttongfly by L3 Networker
  • 4475 Views
  • 5 replies
  • 0 Likes

Resolved! Do websites get rescanned once flagged as Malicious?

We are starting to see valid websites showing up as malicious due to them being hacked or for some other reason. Once the site is cleaned up however, is it up to someone in the Palo Alto community to request a URL Category change manually, or is ther

...

Block YouTube/Instagram Mobile app

Hello There,

 

What is the best practice to block YouTube, Instagram for mobile apps? So far I tried to create an application base and custom URL policy  to deny YouTube, Instagram. It works (deny access)  if you access the site via HTTPS (Chrome, Fire

...

KurdTech by L1 Bithead
  • 4882 Views
  • 5 replies
  • 0 Likes

Resolved! NAT, Routing and license requirements

Hello Bros,

                I have an unlicensed and out of support single paloalto 3220 appliance, and this device is not licensed now as we have upgraded to paloalto ha.

my question is I wanted to re-use this appliance for some network services such

...

Resolved! Authentication issue with Global Protect

We are having difficulty with our Active/Passive pair of PA_820’s where they are setup to allow auth to GlobalProtect based on AD group membership.

If we create a new OU in AD and move a user to the newly created AD OU whilst still having the same gro

...

Group Mapping.jpg
Auth Profile.png

Resolved! Welcome Page - Iframe

Hello,

we want to include a (external or internal) website via iframe in the welcome page. My test HTML site:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> 
<HTML>
<HEAD>
<TITLE>Pal

...

Hithead by L4 Transporter
  • 5980 Views
  • 13 replies
  • 0 Likes

Resolved! Change speed/duplex on 10G SFP port for PA-5220

Hello,

 

Is it possible to hardcode speed/duplex for 10G SFP port on PA-5220 device? i am getting below error:

 

>set network interface ethernet ethernet1/5 link-speed 10000 link-duplex full 
Error: 
Server error : ethernet1/5 -> link-duplex 'full' is not

...

skanani by L2 Linker
  • 11357 Views
  • 4 replies
  • 0 Likes

Policy not matching actual traffic

Hi All,

 

I have a security rule to allow ip "A" to ssh to ip "B". I can see the traffic actually hitting the fw but it gets dropped with interzone-default. The test policy match also verifies that it matches the traffic.

 

IP "B" is actually the firewal

...

olloczky by L1 Bithead
  • 4064 Views
  • 3 replies
  • 0 Likes
  • 24308 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels