General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

HTTP Server Profile > Payload Format

Hi Everyone, Device > Server Profiles > HTTPI created a server profile, however, My curl request is not working, Can you kindly provide any information about how can I fill those fields (Headers, Parameter information and Payload)? How can I translate the curl request on those fields? Fields that I need to fit on it: curl --request POST \ ...

PayloadFormat.jpg
laelijr by L0 Member
  • 4421 Views
  • 1 replies
  • 0 Likes

Windows Remote Assistance

Hello, I'm fairly new to PAN after years with other vendors.We're using Windows Remote Assistance in the network. This requires allowing the ms-rdp application between the network from which we want to assist and the target network. When I try to make the offer (which works fine in the same network) I get drops based on ms-rdp on high ports. ...

I found message from scan secutity on Palo alto 850 "Insecure Transport: Weak SSL Cipher ( 11285 )"

Hi All I found message from scan secutity on Palo alto 850 "Insecure Transport: Weak SSL Cipher ( 11285 )" I did configuration command like in document. but the message it still show after scan again. anyone have idea for SSL/TLS to disable weak Algorithm- set shared ssl-tls-service-profile web-gui protocol-settings auth-algo-sha1 noset shared...

VPN S2S Site with Dynamic IP and site with FQDN ( DynDNS )

VPN S2S Site with Dynamic IP and site with FQDN ( DynDNS ) Good afternoon, is it possible to set up a Site-to-Site VPN between a site with a dynamic Public IP and a site with a DynDNS FQDN.PaloAlto----IP-Dynamic Public----Internet-VPNIPSEC-----PaloAlto with FQDN ( myvpns2s.dyndns.net ) This configuration is supported ? Thank you for your support...

Metgatz by L4 Transporter
  • 2764 Views
  • 1 replies
  • 0 Likes

Looking for Palo Alto Networks Certified Network Security Administrator Exam Study Material & Tips For Preparation

Hello, I'm planning to get Palo Alto Networks Certified Network Security Administrator certification. How long will take to prepare for the PCNSA exam as I have little experience of working with the Palo Alto firewall. Where I can get the learning material and a complete study guide? Thanks.

Steven09 by L0 Member
  • 6489 Views
  • 1 replies
  • 0 Likes

Decryption Log Forwarding

I upgraded to PanOS 10.0.6, and am trying to forward decryption logs via email. If I go to monitor -> decryption, then I see a bunch of rows where zone.src eq untrust and zone.dst eq untrust and ( proxy_type eq GlobalProtect ), application is incomplete, and Policy Name is blank. This is exclusively or almost exclusively from bot or malicio...

GP gateway getting ignored

I have one of the users getting the below error in the PanGPS log ignore gateway gateway.####.com , duration time is 0xFFFFFFFF, priority=1gateway.####.com -1ms This user is located near the mentioned gateway, How to make this work for GP Client not to ignore the gateway.

Sambhu21 by L1 Bithead
  • 2761 Views
  • 2 replies
  • 0 Likes

SSL Decryption and www.apple.com

We are testing SSL decryption and are finding that Macs are getting a certificate warning page when visiting https://www.apple.com. The warning says "This website may be impersonating "www.apple.com" to steal your personal or financial information". These Macs do trust our Root CA, so it's not that. I put "www.apple.com" in the SSL Decryption...

jambulo by L4 Transporter
  • 4458 Views
  • 1 replies
  • 0 Likes

Able to see other peoples traffic on Comcast

Is there anyone else that has Comcast Fiber circuits that is able to see other people's traffic on the public interface?We have been POC'ing the DNS Security License on several FW's once we turned it on we are seeing a large amount of DNS Tunneling alerts coming into XDR. When we investigate they are coming from the Untrust network on the defa...

PanOS 7.0.7 - Commit failed

Good day, I have an HA pair on PanOS 7.0.7 (it will be upgraded soon). Someone did a small oopsies and upgraded the apps and threats to the latest not realizing that PanOS 7.0.7 can't handle the 4 digit names I tried reverting back to the one that was previously installed. But when I press "commit", I get the following error Result: FailedDetail...

RayLim by L0 Member
  • 2658 Views
  • 2 replies
  • 0 Likes

Resolved! Palo Alto BGP with AWS Transit Gateway.

Team,We have a BGP neighbor on our Palo Alto with a Transit Gateway in the AWS. This BGP is formed from our Site A to the AWS TGW. Now, we want to form another BGP from our Site B to the AWS TGW. Site A should be preferred always and we know we can do that using the AS-path-prepends.However, one additional requirement is that both the sites sho...

nson2139 by L3 Networker
  • 4001 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels