General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Palo alto decryption issue

We have an issue with a thick client application (AWS Workspaces client) connecting successfully to the AWS workspace over the internet. The palo alto firewall logs shows the traffic is allowed but the type is 'deny' instead of 'end'. Also session en

...

Revoked Machine Certificate still able to Connect Global Protect Gateway

It appears possible to configure the firewall to be an OCSP responder to itself/clients from the posts below? Is that correct? (Specifically referring to self-signed certificates generated on the firewall) If so, is there any risk to having this se

...

Resolved! DNS Proxy - invalid EDNS response

Hi all,

I'm having a issue with the DNS Proxy feature. I'm running a Palo Alto VM (9.1.8) in Azure and want to use the VM as DNS Proxy. As default DNS Server, I want to use AZURE DNS 168.63.129.16. Additionally I have some Proxy Rules for internal Do

...

Test URL -> Operation Failed: URL access error

Ive been reading this forum for similar problems, but seems I have different problem.

I must say I had difficulties building this, but now this seems to be the last obstacle.

So I got minemeld up and running and its able to get feed and I can access th

...

Resolved! DNS proxy sharepoint domain issue when cache enabled

Hi there, i have some issues with my firewall when using dns-proxy with enabled cache. I cannot resolve sharepoint domains e.g. bitmix.sharepoint.com, but when I disable the cacheoption everything works fine.
Does someone have any suggestion how I cou

...

Pallo Alto Version 10 show transceiver command for SFP check/troubleshooting

Before only the "show system state filter xxx" ( https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaMCAS ) was used to check issues with SFP but in version 10 the show transceiver is here and this is great 

https://docs.pal

...

URL Filtering Clarification - Wildcards behavior (implicit match on the rear of the URL)

Figured I'd share this here as I already have on another platform. Been using PanOS for ~8 years and came across something with URL filtering and wildcards. URL filters with wildcards will match on the front, and back of the URL(implicit), if you

...

W10 Slow Logon when WWAN Card Installed

Has anyone else seen this?

Global Protect Split Tunnel exclude video traffic issue

Hi All,

I have an issue I am not sure how to address. I have "Exclude video traffic from the tunnel" enabled on the GP gateway. When a user connects and tries to watch a video on our wordpress intranet site, http:/myintranetsite/somevideo embedded in

...

FQDN address object maximum length limit...

Hi Team,

What is the maximum length limit for fqdn address object, Is it possible to increase this default length?

Thanking You!!!

Resolved! Due to Open SSH Denial of Service vulnerability firewall dropping random connections

Hi Guys,

Large number of connection attempts made which is normal as per the server team but firewall is considering it vulnerability and dropping the random connection to the server. After getting 3 to 4 successful execution in the same session it g

...

Failover in NAT

We have a configuration to balance two NAT destinations, in the Translated Address we have a group with the two IP destination

We need to performing a failover if NAT # 1 192.168.251.21 stops working, passing to NAT # 2 192.168.251.22.

When the IP # 1

...

Resolved! Does Paloalto Firewall support autoconfig for IPv6 interface

In my environment, I have 1 ADSL router supply IPv6 prefix, It working well with my IPv6 laptop and can go through internet using prefix from router + generated interface id.

Does Paloalto support autoconfig for IPv6 interface? I need it because my r

...

Resolved! Panorama > Policies > Security > Post Rules > Zone field has a red background

Hi there

Why does the zone in the screenshot appear with a red background?

It is the same when browsing direct to the FW itself.

There is an interface in the zone with a subinterface.

Both main and subint are up.

IP address configured on the subint

The int

...

2021-03-24 15h15m53 Zone Red backgroud.png

2021-03-24 15h20m21-StdF Interface setup.png

Resolved! March Madness 2021

Have any new application signatures been released for March Madness 2021? I'm able to find the historical ones but have not seen any for 2021 yet.

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free