General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 330 Views
  • 0 replies
  • 2 Likes

Resolved! VmFirewall on Xen?

Hello, good morning.

 

I have purchased the vm300 virtual firewall.

I have seen that no downloads are available for the XEN hypervisor at this time.

There are for vmware, kvm, citrix netscaler, etc.

I finally got the vmware virtual machine running on Xens

...

Resolved! Certification profile in global protect

Hello All,

 

I have configured the GP with authentication of credentials(Username and password) as well as the certificate profile.

When I connect the GP agent it is connected successfully.

My question is how we make sure GP is using a certificate profil

...

Resolved! DNS Proxy feature

Hey guys, I've read about DNS proxy and how it works. My question is, what are the benefits of using DNS proxy on the firewall?

 

This obviously gives the Palo insight into the DNS responses, but if the DNS traffic traverses the firewall it can snoop i

...

Global Protect // Multible post-vpn-connect scripts

After connecting with Global Protect I execute an post-vpn-connect script to mount the users network shares. I execute them in the context of the user.

Unfortunately, I need to execute another post-vpn-connect script in the context of an admin. 

 

Does

...

BHaaf by L0 Member
  • 3606 Views
  • 2 replies
  • 0 Likes

Mac computer GlobalProtect with Computer Cert How To

Below are the instructions that I have cobbled together to install GlobalProtect on a Mac and not have the system ask for authentication of an administrator at each connection.  Full document with pictures is available on my GitHub.

https://github.com

...

SFP Virtualwire on PA-820

Hi,

I configure my device to virtualwire mode with sfp baseT transceiver but it wan't to work (they are red in GUI).

When I change to Layer3 mode everything work corectly (change to green).

In CLI I can see transceiver.

Have you got similar problem or an

...

KamWes by L1 Bithead
  • 3024 Views
  • 4 replies
  • 0 Likes

Global Protect Access routes

Hi,

I have question for access routes. We have configured global protect and advertised only one access route however after connecting to global protect VPN, we can see multiple access routes in client machine. Is there any other criteria for access r

...

gpandya by L1 Bithead
  • 6273 Views
  • 5 replies
  • 0 Likes

IPSEC VPN Phase 2 issue-Peer Checkpoint

I have 15 proxy-ids in the  vpn tunnel whose peer is checkpoint firewall. Just one out of 15 usually remains really busy and lot of traffic get encap/decap on it. Remote users accessing resources within other 14 proxy-ids have absolutely no issues bu

...

Resolved! dedicated log collector setup and licensing

hi,

I am preparing a new environment (my plan is for 2x management only + 2x log collector only) and have no experience with dedicated lot collectors yet. Please help me to clarify few things:
- log collector for sure needs licenses, are they the same

...

PANW-NGFW

Hello,

Does PANW-NGFW support invalid link notification for SFP?

 

 

 

 

 

 

 

 

 

bealefay by L0 Member
  • 1846 Views
  • 1 replies
  • 0 Likes

PANORAMA COMMIT AND PUSH TO FIREWALL FAILS WITH ERROR

For the last few days, we have been trying to import firewalls into Panorama and have not been successful at it.

 

Panorama firmware is 9.0.7

Palo Alto firmware: 8.1.13

 

Description of issue: During the importing process, I was able to extract the config

...

Captive Portal SSO w/ Okta - "User Authenticated"

We've implemented Okta SAML SSO with our layer-3 Captive Portal redirect page for IP-User mapping. The solution works, but users are landing on a "User Authenticated" web page, rather than the website they originally browsed to. Users now have to re-

...

2020-02-19 11_54_24-Program Manager.png

Firewall active sessions age

Does PAN OS has a feature to calculate session age for any active session  ? In particular looking from SOC point of view if they want to monitor long time period active sessions used by attackers to compromise security. 

I am not looking for session

...

PS007 by L2 Linker
  • 4926 Views
  • 6 replies
  • 0 Likes
  • 23670 Posts
  • 108 Subscriptions
Top Liked Authors
Labels