General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 422 Views
  • 0 replies
  • 2 Likes

Always-UP IPsec

 

The ipsec-tunnel comes up only when there is interesting traffic destined to the tunnel or when the tunnel manually initiated.


That leads to problems in our monitoring. I'd like to ask if there is a workaround to make the VPN always-up without need t

...

aabozaid by L1 Bithead
  • 5374 Views
  • 3 replies
  • 0 Likes

Global Protect not working with Big Sur on PA 820

Hi all,

 

I Use Global Protect  version 4.13 on a PA 820 Os 10.0, after updating my Mac to Big Sur i vant connect to the Palo anymore.

The strange thing: when i use the same Mac to connect to another Palo in our domein it works.

The error: failed to get

...

Resolved! Registration now open - Interactive Event!

Hi everyone,


If you haven’t already seen, registration is now open for our first interactive event all about the Best Practice Assessment (BPA) tool! 

 

You will be able to connect with subject matter experts, share best practices, and learn how this

...

jdelio by L7 Applicator
  • 3302 Views
  • 3 replies
  • 1 Likes

Resolved! EDL in vsys environment

Hello,

 

We have a pair of 5250 running PANOS 8.1 with 125 vsys.  We want to deploy EDL to block well known attackers.  My understand is the EDL has a limit of 150000 entries for IP list.

 

If I create a shared EDL (type IP list) with 10 entieres and cre

...

VPN socket closed

Hi All,

 

I have a user who connects via a thin client with GP to our network. Actually we have around 50 users, but this one user has many problems. She gets disconnected multiple times a day. She tried multiple connections: her current residence with

...

olloczky by L1 Bithead
  • 4312 Views
  • 5 replies
  • 0 Likes

Palo Alto VM No Internet in Browser

Hello,

I have PaloAlto on GNS3 i set a policy from inside to outside and i also do the NAT policy Plus the virtual router configuration.
from inside i can ping to internet but i cannot browse, is that related to licence or i miss something?

Thanks.

Resolved! Decryption Breaks Palo Alto Dynamic Updates

I'm having an issue where my Decryption policy is breaking my Palo Alto Dynamic Updates.  When I turn on decryption, and then attempt to download an Antivirus, Applications and Threats, or Wildfire update, I'm given the message "Invalid content image

...

Resolved! Action on a vulnerabilty found in a SMTP flow

Hello,

 

How to configure the PA firewall to return a SMTP 541 when vulnerability is seen in a SMTP flow ? I have managed to do it with the AV protection but not with the vulnerability protection.

 

Cedric

Cedricd by L1 Bithead
  • 6563 Views
  • 8 replies
  • 0 Likes

Spli tunneling for ms-update files

Hi,

 

We have GP configured with 0.0.0.0/0 inside tunnel. We would like to split-tunneling for microsoft updates. In the split tunneling profile we add several microsoft URLs in order to avoid but its not working.

We added this URLS:

*.update.microsoft.c

...

BigPalo by L4 Transporter
  • 2506 Views
  • 3 replies
  • 0 Likes

random-drop vs drop - zone protection

For TCP flood logs should only show "random-drop" with RED configured.

"drop" for TCP flood is this coming from options set under "TCP Drop" options under Packet Based Attack Protection. 

 

 

 

image.png
raji_toor by L4 Transporter
  • 7380 Views
  • 9 replies
  • 0 Likes
  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
Labels