This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Issue in HA link monitoring

Hi, ISP Primary>>Fortigate Active >> Paloalt ActiveISP Standby >>Fortigate Passive >> Paloalto Passive we have ISP is connected with FortiGate Active Firewall and FortiGate which is directly connected with Paloalto Active Firewall same as ISP standby is connected with Fortigate Passive Firewall which directly conne...

Joshan_Lakhani_1-1617727170024.png

Resolved! Need to disable port 443 in WF-500

We are observing https port 443 open in private wildfire WF-500. Please, share the command to disable the same. Also in Wildfire services, we have found only SNMP, ICMP and SSH.Https service is not available, so as to disable it. 

image (2).png
image (1).png

Github-allow access to specific repository

How do I block all Github but allow access to a specific repository? For eg. I want to allow https://github.com/cisagov and block all github using a single URL filtering policy. How can I do that? I added github.com/* to custom URL list and set it to block.Created another security policy with a custom URL list containing the specific github pag...

Miner for Google IP Address

Just in case anyone is looking for a miner to mine for Google IP address, here is a sample miner Google Services Miner age_out default: nullinterval: 257sudden_death: trueattributes confidence: 100share_level: greentype: IPv4extractor prefixes[]indicator ipv4Prefixprefix googlesource_name google.rangeurl https://www.gstatic.com/ipranges/goo...

FabianB by L0 Member
  • 4903 Views
  • 2 replies
  • 1 Likes

Prompt to change password as it will expire soon doesn't let you change the password

I've had a number of users reach out to me to reset their password for the GlobalProtect because they become locked out. They have all said they get a message that their password will be expiring in so many days, but are never prompted to reset the password. Each user has said there is nowhere to click to change the password so it goes past the ...

vulpine by L0 Member
  • 4160 Views
  • 1 replies
  • 0 Likes

EDU-330 and EDU-214 (looking for study material)

Hello everyone! I have been looking (without success) the study material of EDU-214 and EDU-330, I can not find anywhere, I checked the beacon portal and nothing.If anyone had this material or knows where to get it, I would greatly appreciate it. Thanks!

Resolved! Global Protect: Split DNS - NSLOOKUP & DIG expected behaviour

What is the expected NSLOOKUP / DIG behaviour when using Split DNS and attempting to resolve an excluded domain? We are seeing the following:nslookup excludeddomain.comServer: dc.domain.localAddress: 10.0.0.10*** dc.domain.local can't find excludeddomain.com: Non-existent domain Is this expected (obviously it resolves if I tell it to use an exte...

cg7201 by L0 Member
  • 6740 Views
  • 2 replies
  • 0 Likes

GlobalProtect not connecting on Mac

I'm trying to use GlobalProtect on a Mac, but it won't connect. I don't know much about Mac in general which definitely won't help me, I'm doing this for someone else and this is my first time using GlobalProtect on one. When I start the app and type the username, password and portal it just says connecting in the status tab. So far I've tried r...

K.Arne by L1 Bithead
  • 37874 Views
  • 14 replies
  • 1 Likes

Resolved! Policy, using App ID ssl, is bypassed in favor of service based policy

Hi All, I'm new to Palo so hope you guys can help me understand something. We have two almost identical security policies that allow traffic via ports tcp/443 and 80. The first policy uses App IDs, ssl and web-browsing. The second policy uses services tcp/443, 80. My expectation is that the second policy should never be hit since ports 443 and 8...

Inelse by L1 Bithead
  • 7120 Views
  • 5 replies
  • 0 Likes

Resolved! Panorama Management Server Upgrade Suggested Path

Greetings,We are looking for suggestions/thoughts for our next upgrade to our PAN management server - we are running PAN 8.1.13 on a Model M-600. We are looking to go to 9.x - not sure whether 9.0 or 9.1 at this point. Probably will be decided based on the feedback we get from this post. So bottom line: - Which version would you recommend? Sho...

terryc by L1 Bithead
  • 3610 Views
  • 2 replies
  • 0 Likes

Panorama Report Date Picker

Hi All, Is there a setting that I am missing in Panorama for the retention of the reports created in the reports tab under monitor ?On Panorama for any default or scheduled report I only have the ability to go back 7 days:This goes for any scheduled custom report or the pre-defined reports.Panorama:However on the firewall its self I have months ...

Marc_T_0-1617781192581.png
Marc_T_1-1617781268651.png
Marc_T by L2 Linker
  • 3507 Views
  • 3 replies
  • 0 Likes

PA-820 Time Reverts to 2000

I have PA 820s deployed at remote sites with IPSec tunnels configured on them. When a power outage happens, either through a requested shutdown or not, the time resets back to Jan 1, 2000 on some of them and the initial commit fails. This causes the device to only be accessible via the mgmt interface. When looking at the logs, the reason the com...

Security Policies in Firewall

How to troubleshoot when we get sessions end reasons: Tcp-rst-ServerTcp-rst- client Tcp-fin n/aAged out I know what all these but I don't know how to troubleshoot the issue and don't know where to start troubleshoot Can someone help on this.

Using Rest API to delete an AWS Monitoring Definition in Panorama

I am trying to automate the addition/deletion of AWS Monitoring Definitions for the AWS Plug in for Panorama. I am able to add Monitoring Definitions using the following in Postman: https://{{panorama}}/api?key={{key}}&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/plugins/aws/monitoring-definiti...

SSL Decryption - Forward Trust Certificate option not available

Hello I try to configure the ssl decryption on my cluster of PA-220. I have an internal PKI based on Microsoft solution. On the first node, I'm able to generate the request, the csr has been validated by the PKI server and I'm able to export from the PKI the certificate (base-64 encoded). I'm able to import the certificat in my PA-220 device wi...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks