General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

GlobalProtect issue with Enforcer Network Access

Hello, We enabled a week ago the feature enforce network access on our environment.We are using internal host resolution to detect if user is inside or outside corporate network.In a random way, we're experiencing issue with users worldwide. We have a dns server at each location This issue seems to be present only when the user is connected from...

Block Psiphon App

Hi, Is there any way to block this psiphon app? is it needed ssldecrypt?This app uses many apps (ike,ssh,ssl) so we can not block them. How do you block this app psiphon?

BigPalo by L4 Transporter
  • 3256 Views
  • 2 replies
  • 0 Likes

Find disabled administrator accounts

Across a large environment, what would be the best way to audit Palo administrator accounts? That is accounts found at Device > Administrators. For various reasons we all end up with lots of AD accounts, service accounts and so on there, what I'd like to do is find a way to periodically check those accounts against AD to see if they are stil...

Ping log with 0 bytes sent

Hi Guys, I noticed some strange logs on one of our 5200 firewalls.There is device behind the firewall that is running constant ping to google dns, traffic is allowed and working normally.I noticed a some logs that bytes sent is zero... I can explain bytes received with no reply, but I don't have any explanation why log entry will have bytes sent...

AlexanderAstardzhiev_0-1623937334598.png
AlexanderAstardzhiev_1-1623937505092.png

Deny PSiphon

Black PsiphonDear All, Psiphon was blocked for a long time but this week, we detect it has been working again. i have tried to block it again but without any result, it was blocked for 2 hours and working again after that. I have been checking the traffic monitor and found Psiphon used (any category), and used telnet, SSL, https, https, etc to g...

Resolved! Custom app-id with regex for alphanumeric that limits to 10 characters

Am trying to create an app id that identifies a particular pattern that only be 10 characters long and must be alphanumeric, had tried various syntax but seems not to be accepted as a correct pattern with the message that the expression is not at least 7 bytes. Anyone whom have such experiences can share the the correct expression syntax? Thank...

chtoh82 by L2 Linker
  • 8021 Views
  • 6 replies
  • 0 Likes

Multicast, who accessed??

I have tested multicast to be working and is configured as in this diagram. In the logs I see traffic from SERVER zone to Multicast zone. But there is no log on INTERNAL client that accessed the multicast stream.

image.png
raji_toor by L4 Transporter
  • 3558 Views
  • 5 replies
  • 0 Likes

Resolved! New install of Minemeld: Timeout errors

I've been beating my head against the wall over the past week trying to get an instance of Minemeld to work on both Ubuntu Server 16.04 as well as within a Docker container running on Ubuntu Server 20.04 LTS. I've followed the below guides verbatim, and get the same problems with both:16.04 Guide: https://live.paloaltonetworks.com/t5/minemeld-...

Cisco CAPWAP AP stuck in Discovery

Hi All, Has anyone had problems with CAPWAP AP's separated from the WLC by a PA-220 firewall get stuck in a DISCOVERY OperationState? >show capwap client rcbAdminState : ADMIN_ENABLEDOperationState : DISCOVERYName : ***SwVer : 8.5.151.0HwVer : 1.0.0.0MwarApMgrIp : 10.1.1.2MwarName : CISCO-LWAPP-CONTROLLERMwarHwVer : 0.0.0.0Location : ***ApMod...

KevinJB by L1 Bithead
  • 16926 Views
  • 6 replies
  • 0 Likes

NPTv6 seems bugged (PAN-OS 9.1.9)

Hi,we're running into an issue with IPv6 NPTv6 which we use to route traffic through IPS on PA.The address isn't translated as expected.We tried NPTv6 in 2 configurations, both translate the same. We either used:xxxx:xxxx:xxxx:ffe0::/60 -> xxxx:xxxx:xxxx:fff0::/60orxxxx:xxxx:xxxx:ffe3::/64 -> xxxx:xxxx:xxxx:fff3::/64In both cases we sent t...

Freaky by L0 Member
  • 2974 Views
  • 3 replies
  • 0 Likes

Knowledge sharing: Palo Alto checking for drops (rejects ,discards), slowness (latency) and counters using captures, global counters, flow basic etc.

Hello To All, I will create a short summary about how to do basic checks if the palo alto drops or slows down the traffic. 1. First the pcap capture on the drop stage will show if the firewall drops the traffic and after that we check why the firewall drops the traffic. If the issue is slowness doing a pcap capture in transmit and receive stat...

NikolayDimitrov_0-1619596411072.png

User-ID not populating after Microsoft patching - Warning

Hello All, Just wanted to post this in case anyone else ran into it. Microsoft release patches as they normally do, however there is one that might break user-id, June 8, 2021—KB5003671 (Monthly Rollup). There is a warning in the notes: After installing this or later updates, apps accessing event logs on remote devices might be unable to conn...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels