General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

QoS rule on schedule rematch

Hello, I'm afraid the answer is going to be no, but is anyone aware of an option to rematch the QoS class applied to a session, based on a schedule applied on a QoS policy? I'm trying to restrict bandwidth for a flow within certain hours, but that only works for new sessions and does not modify existing sessions.

Arne-VDH by L3 Networker
  • 2622 Views
  • 1 replies
  • 0 Likes

EDL Invalid urls but why?

I am generating this EDL from minemeld this list is for office 365 PAN is listing 14 Invalid URLs but why are they invalid? admin@PA-220> request system external-list list-capacities List Type Currently used in policy Total Capacity IP 958 50000 Domain 0...

Ping Packets dropped: forwarded to different zone

1. All the units in above diagram are AWS EC2s. Pinging from Ubuntu10_20_61_16 to Ubuntu10_60_0_100 failed due to echo reply dropped on PA-VM. admin@PA-VM> show counter global filter packet-filter yes delta yes severity dropGlobal counters:Elapsed time since last sampling: 1.16 secondsname value rate ...

Capture1.PNG
Susan_Avxt_0-1608187681970.png
Capture2.PNG

PA PLACEMENT

Hi, In internet edge ASA is running as Active /standby . I would like to place PA as Active /Active in vwire mode behind ASA What are the pros and cons Thanks

simsim by L4 Transporter
  • 2900 Views
  • 2 replies
  • 0 Likes

Captive portal for https traffic without SSL decryption

Dear community, I´m currently facing this challengue:Do you know whether it´s possible to have captive portal working for https traffic without using SSL decryption? This requirement is not clear in the admin guide but I understand it is according the the article below:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cle...

Carracido by L4 Transporter
  • 3427 Views
  • 1 replies
  • 0 Likes

User-ID and app discovery on IPSec tunnel for site-to-site VPN

Hello everyone, we're using a VM300. I've recently set up 2 VPN tunnels, ike1 and ikev2. Tunnels come up successfully, but no user-ID is being transmitted and apps are not being discovered properly.We also have another site connected via MPLS where everything works fine.User-ID has been enabled on the zone where the tunnels are connected to.Any...

Running script user cinnecting to GP

Hi, We would like to run a script for the users when GP VPN goes UP. This script is for mapping network drives in theclients. Is possible to do that? any link with info?

BigPalo by L4 Transporter
  • 3883 Views
  • 5 replies
  • 0 Likes

Configuring stdlib.localDB with an "age_out" breaks the miner, allowing only 1 IOC at a time.

Below is a link of a test implementation as I learn Minemeld. I have read the following documentation. Use Case Using Desmito, we would like to submit IOCs to the stdlib.localDB miner. Based off of investigations, the analyst will determine the TTL (age_out) policy for the IOC. The default policy should be configured for a 24 hour TTL.The test c...

Connection_Graph.PNG
TEST-stdlib_localDB.PNG
TEST-stdlib_localDB-true.PNG
TEST-stdlib_localDB-false.PNG

Resolved! NTP SYNCHED - Wrong Time system

Hello I have a PA 7050 Pan OS 8.0.16I have configured ntp server correctly and it show synched status and i configured correct time zone AMERICA/SAO PAULO tooBut the system show wrong time with +1 hour , similar to summer time or day lightNow a days the summer time was canceled in Brazil by president I dont undestand why ntp is synched and it...

Resolved! DNS Server Cache Snooping Remote Information Disclosure

We require our network to be PCI DSS compliant, and our most recent vulnerability scan showed a "DNS Server Cache Snooping Remote Information Disclosure" vulnerability on our PA-820 data interface (10.32.0.17) (report below)We are using model 820 in PANOS 8.1.15. All Dynamic contents are up to date.Threat log showing:1 15/12/2020 14:21 000232437...

dnsserversnooping.jpg

GlobalProtect Data File could not able to download

The GlobalProtect data file, located on the Device tab > Dynamic Updates contains the OPSWAT file. We could not able to download it. We have scheduled download but still it is not working and other content update is working fine. Please find below logs:> less mp-log avdata.logMon Dec 13 07:30:03 +02 2020 : query string serialNumber=1604760...

bit_byte by L2 Linker
  • 3915 Views
  • 2 replies
  • 0 Likes

Application Aged out

Hey guys can anyone provide a little insight I set up action to allow an outbound rule for a group but I am getting an error of an "aged-out" and its coming from port 443. Any suggestions would be greatly appreciated

Which drivers are used in terminal service agent.

Hi, What are the drivers are used in terminal service agent? Following are the debug log and found error for drivers. 06/23/20 17:07:37[Info 331]: ------------Service is being started------------06/23/20 17:07:37[Info 406]: Load debug log level Info .06/23/20 17:07:37[Info 410]: Os version is 6.2.0.06/23/20 17:07:37[Info 342]: Query system port ...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels