General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

GlobalProtect dns dynamic updates

We deny DNS outbound except for domain controllers.  I noticed a lot of denied DNS entries on the firewalls for users coming through globalprotect.  Looking at the packet captures, the traffic is destined to the domain name's public name server ip ad

...

MikeC by L3 Networker
  • 6013 Views
  • 7 replies
  • 0 Likes

Email Scheduler Not Working Consistantly

Hey Everyone,

 

I am running into an issue where custom reports that I have built that are sent on a daily basis aren't being sent consistently.

 

I have 3 different Email Server profiles being used in four different Email Schedulers sending two differen

...

Palo Also email.jpg
Palo Also email 2.jpg

Superuser cannot access Edge FW

Our PAs were recently setup by a now former contractor and all templates appear to be the same.  However, while our new contractor is able to access all of the internal FWs, he is not able to access our edge FW.  Any ideas?

DAG and Panorama

When looking at Dynamic Address Groups along with Panorama, it almost looks like this can't be done unless you are using NSX.  I setup the VM Source on one of my firewalls and I can do a DAG, but it doesn't transfer back to Panorama inorder to use it

...

gzygadlo by L1 Bithead
  • 2616 Views
  • 1 replies
  • 0 Likes

Block Brute Force RDP attempts

I have a Palo Alto 820 up and running, and one of its roles is to publish an terminal server (on its default port3389, the Terminal Server have an 2 factor authentication mechanism.)

 

I see lots of connections, and i would like to block this brute for

...

Sjoerd by L2 Linker
  • 9038 Views
  • 7 replies
  • 0 Likes

Zone Protection - Reconnaissance

Hi,

 

Are there any best practice settings for the reconnaissance portion of the zone protection profile.

 

I see the default has the below.  Is it recommended to leave as defaults or does someone have a better recommendation?

 

TCP Port scan 100 events wi

...

MikeC by L3 Networker
  • 3328 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect Gateway is not licensed

Hi,

 

I'm working on home lab and tried to configure clienetless global protect eveything went well expect when i authentate the user i got this message " GlobalProtect Gateway is not licensed. Contact system administrator. ", however during my reading

...

aymenata by L0 Member
  • 6735 Views
  • 3 replies
  • 0 Likes
  • 23554 Posts
  • 106 Subscriptions
Labels