General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Migration of HA Pair to Panorama!

Hello Folks, I'm planning to Migration of HA Pair (active-passive) to Panorama, can someone help to understand whether ther will be a service interruption during this phase? HA Pair -> 8.1Panorama -> 8.1 Best Regards,Pradeepkumar

Resolved! Ports Used for Paloalto

Dear Team, First of all, I checked the 'port number usage' provided by paloalto. URL : https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/reference-port-number-usage However, port information related to 28777, 20077, 47631, and 20177 cannot be checked. It seems to be the port used by dp0 and mgmt when executi...

CHOEKyungJun_0-1669786527691.png

Question About Categorizing Domains to Suppress Correlated Events

Hi all, We are using Palo Alto firewalls in our network, running PAN-OS 10.2.12-h6. When navigating to Monitor > Automated Correlation Engine > Correlated Events, we often see entries like the following: “Host repeatedly visited uncategorized domain (20 times), and performed EXE downloads from these domains.” I would like to flag these dom...

cli error messages during boot

Dear community, after factory resetting one of our pa220s i am seeing multiple error messages during boot up Starting ntpd: [ OK ] FATAL: Module nfsd not found. FATAL: Error running install command for nfsd Starting NFS services: [ OK ] Starting NFS mountd: [ OK ] Starting NFS daemon: [ OK ] Starting RPC idmapd: [FAILED] Starting P...

Resolved! "SMB: User Password Brute Force Attempt detected" on share that is not being accessed

Recently I accessed a SMB share on a corporate Synology device (through the PA firewall). Accessing this share is hardly ever used. Now...days later, after several reboots of the client computer, the Firewall keeps on detecting the "vulnerability" SMB: User Password Brute Force Attempt(40004) This is something I cannot explain. There are no acti...

Resolved! Where did the critical issues page move?

Hi, The below URL was Critical issues page. ---- https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm68CAC ---- Currently, this page shows "Data Not Available".Where did the critical issues page move?

MasaW by L2 Linker
  • 1207 Views
  • 2 replies
  • 0 Likes

CVE-2023-48795 Vulnerability

Hi Community, I have my firewall been exposed to CVE-2023-48795 Impact of Terrapin SSH Attack. Currently, based on the Palo Alto Security Advisories, I could see that PAN-OS version that are above than 10.1.15 are unaffected to this CVE. Upon checking my firewall model which is PA-820, I couldn't see any version listed for 10.1.15 in the softw...

File Integrity Monitoring using Cortex via Corelation Rule

Dear all, I'm looking for FIM on Linux (like etc/shadow), I try with previous conversation use this query: dataset = xdr_data |filter event_type = FILE and (event_sub_type = FILE_CREATE_NEW or event_sub_type = FILE_WRITE or event_sub_type = FILE_REMOVE or event_sub_type = FILE_RENAME ) |filter lowercase(action_file_path) in ("/etc/*","/usr/loc...

Resolved! helps generate an XQL to notify when a USB is connected

I am trying to use Cortex XDR so that when a user connects a USB storage device I receive a notification by email. so far I have used this XQL: preset = device_control| filter event_sub_type = ENUM.DEVICE_PLUG which tells me when any USB device is connected to the endpoints, I added this as a BIOC rule so that when the condition is met it ...

Resolved! Zero-Trust Strategy for Prisma

Hi all I have been tasked with providing a Zero-Trust strategy document to management, related to how to implemenet this on our Prisma Access solution. I am looking for some examples that I can pull from that anyone has done this already for. I have gone thru so many Palo documents, discussing all the Pillars etc, there is so much information o...

D.Maas by L1 Bithead
  • 6248 Views
  • 11 replies
  • 0 Likes

Resolved! Retention period for traffic logs on Panorama

Hello Experts What is the rention period for traffic logs on Panorama, I mean how many days it will keep the traffic logs from firewall. Actually I need to do the harden the security rules by looking the traffic logs.

ghostrider by L4 Transporter
  • 32975 Views
  • 12 replies
  • 0 Likes

Anti-Spyware Behaviour and Inline Cloud Analysis

Hello All, I have run into some curious behaviour with Anti-Spyware. High severity threats tagged as threat type 'spyware' are coming through the firewall with an action of alert, despite all configurations pointing to an action that should either be reset-both, or sinkhole. I have confirmed the following: The security policy rule that m...

nohash4u by L3 Networker
  • 3414 Views
  • 6 replies
  • 0 Likes

Redundancy for Global protect VPN

Dear Friends, We have a customer who is Currently configured with GP- Global Protect for VPN is connecting with ISP-1, one Public IP / One ISP-Internet Service Provider. Requirement is, can we configure as backup or as redundant with another ISP-2 ? Purpose : Once One ISP is down, then GP- Global Protect users will not disconnect from remote...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels