General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Polling JSON Format for Okta

I am trying to create a prototype for a Miner that pulls IP's from a JSON formatted file. I have looked at the documentation for setting up a JSON miner (https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-extract-indicators-from

...

doliver1 by L0 Member
  • 11014 Views
  • 7 replies
  • 0 Likes

Diffie-Hellman-Groups: Why no brainpool curves?

While setting up a VPN with a Cisco ASA, I stumbled accross the quite small list of DH Groups implemented in PA firewalls.

So I wonder what the rationale was for choosing the implemented groups. As a German engineer working for goverment and other pub

...

mringel by L0 Member
  • 1692 Views
  • 0 replies
  • 1 Likes

Dynamically extract Autofocus tags

I would like to dynamically extract Autofocus tags with all of it's definitions(HTTP Activity, File Activity, Mutex Activity, Registry Activity, Digital Signer,...) to a csv file, or as a feed using Minemeld.

Nonsense configuration changes from "preview changes"

Hello everybody,

 

  from time to time, whenever I commit small changes to my PAN firewalls, if I click on the "Preview changes" button I see (beside my changes) a list of items and configuration partials that are moved around, ie custom report configu

...

grenzi by L3 Networker
  • 2398 Views
  • 2 replies
  • 0 Likes

Global Protect user id and machines

Hi ,

 

Is there anywhere that I can restrict that client vpn user "BOB "using the global protect that can connect only once and not many times the same time from different systems like I have users connecting from the mobiles , tablet and computer the

...

App-id Matching Process

I'm running PA-VM and created with one active rule:

 

From: Inside

To: Outside

Application: Web Basic Application group (ssl,dns,web-browsing,ping)

Service: application-default

Action: Allow

SSL Decryption is disabled

 

 

 

I'm facing issues browsing to website

...

PA-Rules.png
linkedin-server-certificate.png
zizo94 by L0 Member
  • 3402 Views
  • 2 replies
  • 0 Likes

SLL Forward Decryption and Spotify

Hi All,

 

Today I decided to implement SLL Forward decryption. Everything is working great except for one thing, Spotify.  I know what you'll say, "You allow spotify?. Yes, but just for me. With decryption disabled spotify works fine, with it enabled i

...

Adding sub interface to existing interface

We are currently using our 3260 firewall to handle BGP to our MPLS router.
the connection is trunked through our core switch, Native 200, allowed 200 & 255 (mgt & bgp respectively)

Router 1:

G0/1 10.200.254.3 (mgt)

G0/1.255 10.255.255.129/30
Firewall:

E4 1

...

Resolved! Disable Server Response Inspection for our SMTP server?

We are having horrible delays with email taking up to 30 minutes to be delivered. Our email servers send mail to a 3rd party email security provider. So, I disabled DSRI from our SMTP server to their SMTP server. Email speed was back to being deliver

...

abrrymn by L0 Member
  • 5353 Views
  • 4 replies
  • 0 Likes

How to update the BGP Imports in a Panorama template

I am trying to update the Import values in the BGP parameters in the Virtual Router in a template on a Panorama. My command looks like this:

 

set template Test-Template config network virtual-router default protocol bgp policy import rules Route-IN-MP

...

Panorama 8.0.2 - Buggy???

We have multiple models of FW hardware running primarliy 7.1.9 and it seems like since upgrading to Panorama 8.0.2 from Panorama 7.1.9 that it is almost painful to make changes. It seems everytime we push to devices something fails. Today specificall

...

Wald by L2 Linker
  • 1649 Views
  • 1 replies
  • 0 Likes

Shared Objects in Panorama

Is there a concept of shared objects at multiple levels in Panorama ?  For example, I can have a top level setting at the shared level which says password length is 15 characters and I want that to go to all firewalls.  What I need, is a second share

...