General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Issue With DNS Suffix

Dear Team,

The challenge was that we need to do commit with wildcard in dns suffix ie. *.xyz.com but it failed ( PAN OS 9.1.7).

For workaround we have removed wildcard.

You seen in other firewall with panos 9.1.5 its having dns suffix with wildcard. F

...

Packet capture hitting specific security policies?

I would really like the capability to setup packet captures for traffic that hits specific security rules. For example, we have rules that block outbound connections to Palo's dynamic IP list for known malicious IP addresses and would like packet cap

...

how to configure multiple DNS suffix and confirm on global protect client

How to configure multiple DNS suffix and cross check on global protect if both DNS suffix entries exixt there.

Any help with documentation appreciated.

Thanks

Resolved! GlobalProtect Pre-Logon VPN WITHOUT using Machine Certificate for Authentication

Hi,

I currently have my lab PA-220 where its configured for prelogon and then on demand for the VPN, and it works just fine with saving cookies for the authentication and authenticates at the windows login screen without any issues.

Move to our produ

...

Azure CDN (Edge Nodes) list

Hi,

I have been asked to import a new IP list within Minemeld; the Azure CDN (edge nodes list).
To retreive the list, I have the API documentation here: https://docs.microsoft.com/en-ca/rest/api/cdn/edgenodes/list

I am only a beginner when it comes to

...

Resolved! Palo alto decryption issue

We have an issue with a thick client application (AWS Workspaces client) connecting successfully to the AWS workspace over the internet. The palo alto firewall logs shows the traffic is allowed but the type is 'deny' instead of 'end'. Also session en

...

Revoked Machine Certificate still able to Connect Global Protect Gateway

It appears possible to configure the firewall to be an OCSP responder to itself/clients from the posts below? Is that correct? (Specifically referring to self-signed certificates generated on the firewall) If so, is there any risk to having this se

...

Resolved! DNS Proxy - invalid EDNS response

Hi all,

I'm having a issue with the DNS Proxy feature. I'm running a Palo Alto VM (9.1.8) in Azure and want to use the VM as DNS Proxy. As default DNS Server, I want to use AZURE DNS 168.63.129.16. Additionally I have some Proxy Rules for internal Do

...

Test URL -> Operation Failed: URL access error

Ive been reading this forum for similar problems, but seems I have different problem.

I must say I had difficulties building this, but now this seems to be the last obstacle.

So I got minemeld up and running and its able to get feed and I can access th

...

Resolved! DNS proxy sharepoint domain issue when cache enabled

Hi there, i have some issues with my firewall when using dns-proxy with enabled cache. I cannot resolve sharepoint domains e.g. bitmix.sharepoint.com, but when I disable the cacheoption everything works fine.
Does someone have any suggestion how I cou

...

Pallo Alto Version 10 show transceiver command for SFP check/troubleshooting

Before only the "show system state filter xxx" ( https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaMCAS ) was used to check issues with SFP but in version 10 the show transceiver is here and this is great 

https://docs.pal

...

FQDN address object maximum length limit...

Hi Team,

What is the maximum length limit for fqdn address object, Is it possible to increase this default length?

Thanking You!!!

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Issue With DNS Suffix

Packet capture hitting specific security policies?

how to configure multiple DNS suffix and confirm on global protect client

Resolved! GlobalProtect Pre-Logon VPN WITHOUT using Machine Certificate for Authentication

Azure CDN (Edge Nodes) list

Resolved! Palo alto decryption issue

Revoked Machine Certificate still able to Connect Global Protect Gateway

Resolved! DNS Proxy - invalid EDNS response

Test URL -> Operation Failed: URL access error

Resolved! DNS proxy sharepoint domain issue when cache enabled

Pallo Alto Version 10 show transceiver command for SFP check/troubleshooting

URL Filtering Clarification - Wildcards behavior (implicit match on the rear of the URL)

W10 Slow Logon when WWAN Card Installed

Global Protect Split Tunnel exclude video traffic issue

FQDN address object maximum length limit...

FW Ha Cluster disconnected from Panorama

maximum number of bgp routes for VM-series

Flexible vCPU VM Firewall interfaces are down

Management and Dataplane on Vsys

Site flagged as GRAYWARE (PLEASE HELP!!!)

Re: Flexible vCPU VM Firewall interfaces are down

Re: Data center providing dual ports already in VRRP - my topology?

Re: PAN-OS Release Frequency

Re: Alerts for dynamic updates

Bug Search Tool (New Feature & UI)

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! GlobalProtect Pre-Logon VPN WITHOUT using Machine Certificate for Authentication

Resolved! Palo alto decryption issue

Resolved! DNS Proxy - invalid EDNS response

Resolved! DNS proxy sharepoint domain issue when cache enabled