General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

LAB'ing PaloAlto

Hi, I have installed a couple of PA-vm firewalls but i am not able to test upgrading PAN-OS or enable multi Vsys support.Am I using the wrong model in the lab? Is there a way I can do the above? Are there any trial licenses without limitations? I look forward to hearing from you. Kind regards,

qasim02 by L2 Linker
  • 3065 Views
  • 2 replies
  • 0 Likes

scheduled policies to affect existing sessions

Dear community, I configured schedule on policies and it seems that as per design the existing sessions are not affected by the schedule:https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-schedules.html Meaning that if a session was created before the schedule, the traffic will not hit the scheduled policy un...

Carracido by L4 Transporter
  • 2342 Views
  • 1 replies
  • 0 Likes

LIMIT SERVICES (2000) IN PA 5020 ios 8.1.10

HELLO EVERYB, i there any way to increase de limit of servies? in our case er arrive to 2000 service (ports) in PA 5020 WITH IOS 8.1.10? have i to increase at the hardware level? or sfoftware? thank u so much

JESELITO by L1 Bithead
  • 4564 Views
  • 5 replies
  • 0 Likes

Need a way to move big number of selected policies to the desired location

Dears,As a cleanup to our policies in the firewall, I added a tag "Zero hit" to the policies that never trigger a hit. I have a huge number and I would like to move them all to the bottom.I tried to find a way to move them to the location I want and found it not available.My question:1- Is there a way to (not manually) select a big number of pol...

Resolved! Service Route Source interface not show with VM-300 on AWS

Hello, There is no interface show when i try to change the source interface for specific service (as show as in image).The VM-300 box is on AWS, and both Internal and External interface are set to use DHCP, Layer 3 routing. Anyone has idea how to correct it?Thank you.

Screen Shot 2020-11-16 at 9.45.53 AM.png
Screen Shot 2020-11-16 at 9.46.22 AM.png

Request a Signature for CVE be Mitigated

Is there a proper way to request a CVE be mitigated by the Palo firewall and added to the Threat Vault? I have read the conditions for a signature being added, but it doesn't tell you where to request one. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAOnCAO If it matters, I'm trying to mitigate Oracle WebLogic Ser...

RMaine by L0 Member
  • 3567 Views
  • 3 replies
  • 1 Likes

Error in CEF format for Threat logs

The following guide provides the parsing for CEF-style Log Formats for PAN-OS 9.1:https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cef/pan-os-91-cef-configuration-guide.pdf We have been using this for a while, but because now we have a 2nd source of logs (PRISMA) aside from Panorama, we just found out the parsing suggested for "T...

MarcelST by L3 Networker
  • 4266 Views
  • 1 replies
  • 0 Likes

List all deny rules from cli

I have to list all deny rules (from cli)The following command "show running security-policy | match index " list all security rules by nameFor example:"AllowBrach1IN; index: 1" {....etcWhat I want is:- deny INBOUND traffic rules only but regarding entire subnets (those having CIDR as their destination ...like 192.168.1.0/24..etc)Is there any way...

jls3j999 by L1 Bithead
  • 9742 Views
  • 14 replies
  • 0 Likes

Resolved! PaloAlto 5260 upgrade

Hi, I am upgrading so PA firewalls from 8.1.7 and 8.1.9 to 8.1.13, normally I wouldnt ask these questions but since these firewalls are extremely critical I need to be extra cautious. been looking at the upgrade Matrix and couldnt see a clear answer but based on my experience I believe its a straight upgrade to 8.1.13 without any path, is that c...

qasim02 by L2 Linker
  • 4820 Views
  • 4 replies
  • 0 Likes

User group Mapping

Wndows logon user name is ABC\xyz, and the user id fetched from AD group is ABC.local\xyz, and because of that the traffic is not hitting the configured rule. Any workaround to fix this?

zamiedu by L0 Member
  • 2837 Views
  • 3 replies
  • 0 Likes

getting DDNS working with DYN.COM service

I have to deploy some PAN firewalls at locations where ISPs only support DHCP. This seems to be increasing in some countries. I subscribed to DYN.COM but I am stuck on the certificate profile. I need the DYN.COM public cert and CA for dnsalias.com domain, but am not successful in getting it. I have a support case open with DYN, but taking a long...

namijo by L0 Member
  • 3303 Views
  • 2 replies
  • 0 Likes

Resolved! How to reach the Palo Alto management interface form my internal network

Hi,I'm fairly new to Palo Alto firewalls and just set up a home lab, but I have a problem accessing the management interface from my local network. I have 4 network devices in my network: - Modem/Router- Palo Alto PA-500 (PAN-OS 7.1)- Cisco 2960 switch- Cisco 1602 AP I'll try to explain how everything is connected, but I also added a picture of ...

Topology.jpg

Resolved! Root cause of Syslog alert message

Hello, On 14th November at 4:53PM AEDT, we were receiving the following syslog message:"Request made to PublicCloud server returned with HTTP response code : 502"We kept on receiving this message every 5 minutes approximately till 21:46 on the same day. No change was made at our end, we were still able to browse the Internet, Licenses are valid,...

System Log.jpg

Blocking external Skype client authentication

Hello, We are looking to block our skype clients from authenticating to our on prem servers. We nee the ability to have external parties join our web skype conferences. Anyone know what ports to block to prevent the Skype client from authenticating? I've been looking and looks like my client connects over 443/ssl but that needs to stay open for ...

User-ID mapping limitation using RDP

Dear community, We have a desired scenario where user_1 connects from machine_1 to machine_2 using rdp and login with user_2.We´d like that the mapping of machine_1 associates with user_1 and machine_2 associates with user_2. We are aware of the limitiation of User-ID in this scenario:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?i...

Carracido by L4 Transporter
  • 2773 Views
  • 1 replies
  • 0 Likes
  • 24392 Posts
  • 123 Subscriptions
Top Solution Authors
Labels