This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4115 Views
  • 0 replies
  • 0 Likes

Configuring stdlib.localDB with an "age_out" breaks the miner, allowing only 1 IOC at a time.

Below is a link of a test implementation as I learn Minemeld. I have read the following documentation. Use Case Using Desmito, we would like to submit IOCs to the stdlib.localDB miner. Based off of investigations, the analyst will determine the TTL (age_out) policy for the IOC. The default policy should be configured for a 24 hour TTL.The test c...

Connection_Graph.PNG
TEST-stdlib_localDB.PNG
TEST-stdlib_localDB-true.PNG
TEST-stdlib_localDB-false.PNG

Resolved! NTP SYNCHED - Wrong Time system

Hello I have a PA 7050 Pan OS 8.0.16I have configured ntp server correctly and it show synched status and i configured correct time zone AMERICA/SAO PAULO tooBut the system show wrong time with +1 hour , similar to summer time or day lightNow a days the summer time was canceled in Brazil by president I dont undestand why ntp is synched and it...

Resolved! DNS Server Cache Snooping Remote Information Disclosure

We require our network to be PCI DSS compliant, and our most recent vulnerability scan showed a "DNS Server Cache Snooping Remote Information Disclosure" vulnerability on our PA-820 data interface (10.32.0.17) (report below)We are using model 820 in PANOS 8.1.15. All Dynamic contents are up to date.Threat log showing:1 15/12/2020 14:21 000232437...

dnsserversnooping.jpg

GlobalProtect Data File could not able to download

The GlobalProtect data file, located on the Device tab > Dynamic Updates contains the OPSWAT file. We could not able to download it. We have scheduled download but still it is not working and other content update is working fine. Please find below logs:> less mp-log avdata.logMon Dec 13 07:30:03 +02 2020 : query string serialNumber=1604760...

bit_byte by L2 Linker
  • 3804 Views
  • 2 replies
  • 0 Likes

Application Aged out

Hey guys can anyone provide a little insight I set up action to allow an outbound rule for a group but I am getting an error of an "aged-out" and its coming from port 443. Any suggestions would be greatly appreciated

Which drivers are used in terminal service agent.

Hi, What are the drivers are used in terminal service agent? Following are the debug log and found error for drivers. 06/23/20 17:07:37[Info 331]: ------------Service is being started------------06/23/20 17:07:37[Info 406]: Load debug log level Info .06/23/20 17:07:37[Info 410]: Os version is 6.2.0.06/23/20 17:07:37[Info 342]: Query system port ...

Resolved! WAN interface Multiple IP addresses or sub interfaces?

Hi - Looking for best practices advice on WAN interface. Currently the WAN interface has a /26 with multiple IP addresses for incoming web servers translated to different subnets behind the PAN. Is there a default proxy arp working and is this the best practice or should the firewall have sub-interfaces? Thanks

stoff by L0 Member
  • 8636 Views
  • 3 replies
  • 0 Likes

Resolved! policy is clear yet traffic is still DENIED

hi all, we have a policy that clearly states FROM and TO objects and SMB_override (custom app, I presume, created earlier) as the application. The service is configured as Application-default. As per Monitor, it goes straight through to the deny rule ignoring our Allow rule. The application is correctly identified, the port is right. all looks g...

igs1917 by L1 Bithead
  • 7958 Views
  • 5 replies
  • 0 Likes

Resolved! PA sending TCP RST for a NAT rule

Hi everybody,Adding a bidirectionnal NAT rule for an ssl web server and the according security rule, connections from outside are dropped as "Incomplete". Traffic capture show that first SYN packet received is directly rejected by PA with a RST response. What does it mean ?Regards.

Want to Uninstall .bat file Terminal Server Agent.

Hi, While installing the VM the terminal server agent was installed through the .bat file.Now our requirement has changed, I don't know how to uninstall the terminal server through the .bat file.While Install the Terminal server agent this error is coming pan terminal services agent process id 22908. Actually, we want verbose debug logs troubles...

NAC VLAN Redirection failing

We are trying to implement a NAC solution. The basics are that the NAC is connected to the switch stack and upon sensing a device connecting, it checks it for authentication against the NAC and if it fail it quarantines it into a specific VLAN. That part is working. The next step WOULD be that when the device goes to make a connection somewhere ...

Nonaxium by L1 Bithead
  • 6088 Views
  • 6 replies
  • 0 Likes

Certificate chain not correctly formed

Hello, I am getting the warning below after importing a certificate. Is there a link/KB I can check to fix this? Warning: certificate chain not correctly formed in certificate dc1pa.abcd.com.au Thanks in advance!

Farzana by L4 Transporter
  • 10077 Views
  • 5 replies
  • 1 Likes
  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks