General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 469 Views
  • 0 replies
  • 2 Likes

IP Spoofing understanding

I'm planning to implement IP drop - under Zone protection on a production system.  I'm really only interested in the ' IP Spoofing ' aspect & I'd like to understand a little more on how it works so that I can addresses any issues, should they arise.

...

smk391 by L0 Member
  • 9102 Views
  • 1 replies
  • 0 Likes

I can't open Support Cases.

I can't open Support Cases. 

 

Becauase single sign on error.

 

I cleared the browser cache and tried with other browsers too.

 

Other options work fine, but only the Support Cases is not open.

 

What should I do?

Not opening login page to login

I'm using GlobalProtect to connect to a customer.

Earlier a "web" page opened to type in my user name, now it's not happening anymore. It's trying to use my company login which is wrong, I have a account at the customer. 

My IT helpdesk, is telling me

...

mosekjar_0-1606290028954.png
mosekjar by L0 Member
  • 1491 Views
  • 1 replies
  • 0 Likes

Testing "Security-Focused URL Categories"

Is there a way to test the "Security-Focused URL Categories" with some example of URLs that would match the category?

I went looking for them in my log after setting them to Alert and found none. 

 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-ad

...

BoDollis by L1 Bithead
  • 1669 Views
  • 1 replies
  • 0 Likes

https://etm.ru website haven't open

Hi All,

 

 We have tried to access one Russia URL (https://etm.ru) from our INT-trust and VPN zone while the result is ERR_HTTP2_PROTOCOL_ERROR and have tried with different browser but result is same . We could access through VPN external US gateway (

...

Geo Blocking problem

 
 

Hi, I am using Palo Alto (PA) firewalls hosting Software Version: 8.1.17 in AWS and need to configure Geo-Blocking so that only GB (United Kingdom) requests are permitted and all other requests denied. 

 

The infrastructure setup is as follows:

FQDN =

...

security policy source 1.PNG
security policy source 2.PNG
PA_1.PNG

Interzone Static Routing

Hi all, I'll preface this as I'm the sole networking guy at my job and I'm still green. Apologies for any dumb questions, I've tried to read the manual for relevant info and used my google-fu to no avail.

 

I'm using a PA-3020 on firmware 8.0.6.

 

I've b

...

error user in group mapping

Hello, 

 

After upgrading to 8.1.X > 9.0.X > 9.1.x. we found that some ldap users do not check per user policies, only for ip politicies.  

 
The firewall has no user-id configured, only tree server ldap.
 
we check that the firewall recognizes the Ldap tr
...

BigPalo by L4 Transporter
  • 3816 Views
  • 6 replies
  • 0 Likes

Resolved! Error when creating PBF Policy - IP does not match subnet

I want to create a PBF Policy in order to route traffic from one zone/interface destined for the Internet to a transparent intercepting squid proxy in another zone/behind another interface. Using a destination nat policy seems to work, but some other

...

daubsi by L1 Bithead
  • 5877 Views
  • 4 replies
  • 0 Likes

Resolved! Device Certificates Intermediate Cert

Hello,

On Device>Certificate Management>Certificates - I have a IntermediateCert, under the RootCert, that is expiring. I can easily renew it, (It's self signed), but I'm trying to understand what its being used for. I haven't found any information th

...

roma by L2 Linker
  • 2764 Views
  • 1 replies
  • 0 Likes

Resolved! HA2 link down

The 20G link for HA2 between the two PA-5220 firewalls (Active-Passive cluster) does not work correctly. It is a direct link using single-mode fiber and 10G-LR optics with a length of approximately 550 meters.

After restarting any of the two firewalls

...

BigPalo by L4 Transporter
  • 17727 Views
  • 7 replies
  • 0 Likes
  • 23706 Posts
  • 110 Subscriptions
Top Liked Authors
Labels