General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Query on IKEv2 Phase2 parameters

Hello, We are thinking of peering Cisco ISR G2 Router with PA-VM (deployed in Azure).In Cisco, ESP-AES-256 is used for Encryption and ESP-SHA-256 is used for Authentication.I can see that these two options are not available in PA-VM.In that case, what should we select in PA-VM so that we can create a site-to-site tunnel with the Cisco peer? Than...

Is your organization using a DevOps or DevSecOps model?

We could like to know if your organization using a DevOps or DevSecOps model, or are you trying to move to one? What has your experience been so far? Do you like it? Do you hate it? Things we can improve on? Please let us know your thoughts.

How to reimport a csr via api

Anyone ever tried to import a csr back into config? I generated a csr on panorama the other day and then went to generate a certificate. (I did not commit at this time) when I came back with the csr response someone had reverted the config so my csr was goneI now have a config audit entry with some rest API information about the cert car, but ca...

What does these vaules in dp brdagent logs mean

2021-08-04 03:08:26.800 +0000 PORT4: board_port_autoneg_enabled -> board_port_autoneg, link: 0, mode: 12021-08-04 03:08:26.856 +0000 Port 1: DISABLE command received2021-08-04 03:08:26.856 +0000 PORT1: board_port_autoneg_enabled -> board_port_reset, link: 1, mode: 12021-08-04 03:08:26.858 +0000 Port 1: Down 1Gb/s-full duplex2021-08-04 03:0...

Palo Alto 10.0.6 5220 and 'show session all filter min-age'

Hello All, Just wondering if 'show session all filter min-age 4000000' displays relevant information. We have around 3200 sessions in session table at average, but when I am trying to look for long-lived or even stuck(?) connections number using command above, it shows me around 200 connections. But if I take one of those 'old' ones number and v...

VPN Site-2-Site both sides with dynamic IP

VPN Site-2-Site both sides with dynamic IP Good afternoon, first of all, thank you very much for your support and help.Is it possible to configure the following: Site 1: Palo Alto with Dynamic output to the Internet.( already have NAT configured on the modem/router/ADSL pointing to the Private WAN IP.Site 2: Palo Alto with Dynamic output to the ...

Resolved! Pulling in users directly from ADDS?

I have a requirement to pull in our users from Azure AD (or AADDS depending on the solution) into Prisma Cloud in order to create policy rules based on the source user/group but I'm unsure as to which method I would need to set this up? (Device\LDAP, Panorama\LDAP or Cloud Identity Engine - perhaps there's more than one way?!) We do not have a W...

Directing SMTP Traffic to VPN Tunnel

Hello Team, I am new to this kind of issue and need suggestions as I need to execute the same in my Organisation. I would like to know if we can direct the SMTP Traffic (Outlook Mails) to our IPsec VPN Tunnel without disturbing any other application traffic for users. If possible I need to establish this only for mails.

CIS Control 13.5 - Unauthorized use of encryption

Looking for input on this one. From a Palo Alto perspective, what would be the best way to monitor for encrypted traffic in general? Need a way to make sure we're specifically able to point to traffic that was encrypted and provide a report or show that in a dashboard perhaps in our SIEM. Taking a first look from the ground up and looking for op...

HTTP Server Profile > Payload Format

Hi Everyone, Device > Server Profiles > HTTPI created a server profile, however, My curl request is not working, Can you kindly provide any information about how can I fill those fields (Headers, Parameter information and Payload)? How can I translate the curl request on those fields? Fields that I need to fit on it: curl --request POST \ ...

Windows Remote Assistance

Hello, I'm fairly new to PAN after years with other vendors.We're using Windows Remote Assistance in the network. This requires allowing the ms-rdp application between the network from which we want to assist and the target network. When I try to make the offer (which works fine in the same network) I get drops based on ms-rdp on high ports. ...

I found message from scan secutity on Palo alto 850 "Insecure Transport: Weak SSL Cipher ( 11285 )"

Hi All I found message from scan secutity on Palo alto 850 "Insecure Transport: Weak SSL Cipher ( 11285 )" I did configuration command like in document. but the message it still show after scan again. anyone have idea for SSL/TLS to disable weak Algorithm- set shared ssl-tls-service-profile web-gui protocol-settings auth-algo-sha1 noset shared...

VPN S2S Site with Dynamic IP and site with FQDN ( DynDNS )

VPN S2S Site with Dynamic IP and site with FQDN ( DynDNS ) Good afternoon, is it possible to set up a Site-to-Site VPN between a site with a dynamic Public IP and a site with a DynDNS FQDN.PaloAlto----IP-Dynamic Public----Internet-VPNIPSEC-----PaloAlto with FQDN ( myvpns2s.dyndns.net ) This configuration is supported ? Thank you for your support...

Looking for Palo Alto Networks Certified Network Security Administrator Exam Study Material & Tips For Preparation

Hello, I'm planning to get Palo Alto Networks Certified Network Security Administrator certification. How long will take to prepare for the PCNSA exam as I have little experience of working with the Palo Alto firewall. Where I can get the learning material and a complete study guide? Thanks.

Decryption Log Forwarding

I upgraded to PanOS 10.0.6, and am trying to forward decryption logs via email. If I go to monitor -> decryption, then I see a bunch of rows where zone.src eq untrust and zone.dst eq untrust and ( proxy_type eq GlobalProtect ), application is incomplete, and Policy Name is blank. This is exclusively or almost exclusively from bot or malicio...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Query on IKEv2 Phase2 parameters

Is your organization using a DevOps or DevSecOps model?

How to reimport a csr via api

What does these vaules in dp brdagent logs mean

Palo Alto 10.0.6 5220 and 'show session all filter min-age'

VPN Site-2-Site both sides with dynamic IP

Resolved! Pulling in users directly from ADDS?

Directing SMTP Traffic to VPN Tunnel

CIS Control 13.5 - Unauthorized use of encryption

HTTP Server Profile > Payload Format

Windows Remote Assistance

I found message from scan secutity on Palo alto 850 "Insecure Transport: Weak SSL Cipher ( 11285 )"

VPN S2S Site with Dynamic IP and site with FQDN ( DynDNS )

Looking for Palo Alto Networks Certified Network Security Administrator Exam Study Material & Tips For Preparation

Decryption Log Forwarding

Support Down??? Unable to Open tickets.

Foward Trust Cert and MacBook Pro

Where can I find learning resources for PA net sec pro cert.

Change to Applipedia

SSL Connection Error During Panorama-Orchestrated HA Upgrade

Re: Beginner Question Best Way to Structure Policy Design in Palo Alto Firewalls

Re: First-time poster exploring best practices for security design in PAN-OS environments

Re: Beginner Question Understanding Basic NAT and Traffic Flow in Palo Alto Firewall

Re: Beginner Question Best Way to Structure Policy Design in Palo Alto Firewalls

Re: First-time poster exploring best practices for security design in PAN-OS environments

Unlock your full community experience!

Resolved! Pulling in users directly from ADDS?