General Topics

Multiple TAXII outputs within a single minemeld instance?

Hi,

If I have a configuration of 2 taxii outputs within a node, the output feed discovery service url for both taxii output nodes are the same, in this case, how do we differentiate them? Would authentication with Tags helps? Thanks!

IPSec tunnel between PA-220 and VM300 in Azure

Trying to build a IPSec tunnel between a lab PA220 and a VM300 we have in operation in an Azure environment.  I think I've got all the necessary ingredients covered, and I've checked all the "How To" docs I can find, but still no luck.

Are there any

GlobalProtect 2FA

Hi,

PaloAlto VM-100 8.0.13

I've been trying to add 2FA to our GlobalProtect Gateway. I've followed the instructions described here: https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/authentication/set-up-two-fa

Static IP for GP User

hey,

i have a requirement from a customer for some users to always have the same ip when they connect to the VPN for example if the IP Pool for the GP clients is: 192.168.x.110 where x will be 10-15 depends on which GP GW you are connected to.

i have

Slow SMB Transfer (and everything else slow) over Global Protect VPN

Hi community

Do you also have issues with low transferrates over globalprotect VPN? And maybe already have a solution for this?

I tested the following setup

1. Client connected with GBit LAN to the internal network without VPN
2. Client connected with Gbit L

Multiple global protect portals and gateway

Hello, 

we have 2 palo 850 with 2 isp:

primary 1.1.1.1/28 

backup  2.2.2.2/28

most of the zones navigate with the primary and few with the backup

We have a failover to the backup in case the primary isp goes down.

We have globalprotect portal and gateway w

Impact to active sessions when we change a firewall NAT policy

We are going to change a source and destination NAT policy.  Assuming the related security policies are in place for both the before and after change connections, are we going to see impacts to those sessions that have been active before the NAT chan

Why traffic log shows that traffic match allow policy but the result was reset by default deny policy?

Does anyone have following experience and could give me some idea to fix this issue?

Thanks a lot ~

I found sometimes the traffic log shows that traffic match allow policy but the result was reset by default deny policy.

For example:

I have a policy

Unable to access the https://panwdbl.appspot.com

Hi All,

Today we have a PA Firewall and MineMeld unable to access the https://panwdbl.appspot.com is this down or decommissioned. Tried going to this URL and I get a 404 error? Has this page moved and I missed a notification, down for good or just

http://panwdbl.appspot.com - Not Working

Do you make use of the EDLs available here?

If you do you may have noticed they've disappeared, Google says the page doesn't exist.

You may want to look for alternatives if you're using these lists.

Jason

PBF for Guest Network

Hello, I'm trying to route all GUEST traffic on a PA firewall to ISP-2. I understand you can use PBF on the PA firewall to route based on source address. I don't have a lot of experience with PBF and have encountered a few issues when trying to imple

BGP show Local RIB before Import filters

Hello,

After applying Import filters in BGP the Local RIB is reduced to a filtered set of routes advertised by peers.

However it seems to be impossible to see what the original set of advertised routes is. The peers are still advertising these routes

Palo alto top application are DNS and Ping (total 70%)

We have two 3260 FW in HA pair and using DNS proxy for the GP VPN user's (average 500 users/daily).

Palo alto's top applications are DNS and Ping (total 70% in terms of session count), Is anything wrong ?