General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Discussions

Join Us for a Tech Deep Dive Miniseries!

 

Stop Zero-Day Threats in Zero Time with Nebula PAN-OS 10.2.

 

Join us live for an in-depth look at the latest advancements in cybersecurity, best practices, tips and tricks, demos and
more to protect your business and defend against threats in real

...

nebula-on-demand-tech-deep-dive-miniseries-live-community-banner-2600x600.jpg
jforsythe by Community Team Member
  • 381 Views
  • 3 replies
  • 1 Likes

Accounting in PaloALto over TACACS

I have the TACACS+ configured in PaloALto with Cisco ISE, Is it possible to do the accounting for Palo Alto and i can see the changes in Cisco ISE.

 

CISCO ISE version 2.4

PAN OS : - 8.0

Dual ISP with VPN

I'm working on configuring a branch office firewall with two ISPs and Site-to-Site VPN to our data center.  The data center side has only 1 ISP connection

 

I'm reviewing this article again, as I've used it in the past.

https://live.paloaltonetworks.com

...

MikeC by L3 Networker
  • 1215 Views
  • 3 replies
  • 0 Likes

DoS policy notify

Hi,

 

We have configured a DoS policy in order to limit the connections to several internal services.

So when we launch a test in order to check that the connections are being limit we dont see any logs or event reporting it.

But looking in policy statis

...

BigPalo by L4 Transporter
  • 5316 Views
  • 13 replies
  • 0 Likes

Comcast internet VPN disconnects

My company has not transitioned to GPCS yet and currently still uses Cisco AnyConnect. We have 10K+ remote users and 5weeks ago about 100+ users started getting random disconnects and they are all Comcast users with XB3 type modem. I wanted to ask th

...

SSL Decrypt Opt Out Page applied selectively

Hi all,

 

Currently we use the SSL Decrypt Opt Out response page for the SSL Forward Proxy which works great warning staff of inspection.

 

However I would apply SSL-Inbound-Inspection to our public web servers for Threat Prevention. Unfortunately it app

...

BGP Advertising prefix to same AS it was learned from.

I'm working on a VRF-centric DC model that utilizes a PA as the firewall platform between VRFs. One of the snags I'm hitting is that if a route is learned from R1 on an AS (say 65001), and is advertised via eBGP to the PA (AS 65002), the PA won't eve

...

Tyler_C by L1 Bithead
  • 4850 Views
  • 14 replies
  • 0 Likes

BGP config same AS different locations

Hello,

 

We found some BGP routes with same AS we are using at our PA3020.

PA3020 AS 65400

 

 

BGP route (from Cisco Router)

 *   172.27.0.0/20    193.242.39.6                           0 65394 65390 8035 21302 65400 65316 64540 4755 4755 i

 

Usually with Cis

...

user-id agent

Hi

 

So I have 

850 - single pa 

5220 - 2 in a Active active setup

panorama

 

For Windows i have

3 x MS AD - my AD trilogy 

2 x Exchange boxes - they curently are AD's as well

2 more AD - old boxes with FS and PS 

2 FS ... not AD's

 

 

I have userid setup for all

...

block all video streaming with palo alto PA-850??

Hello all,

 

I want to block all video treaming with palo alto. do do following this:

    1, go to Objects--> URL fitering--> add new URL fitering with name block_video.

    2, in categories, I check in streaming-media and choose block.

    3, I create th

...

Chivas by L2 Linker
  • 3222 Views
  • 7 replies
  • 0 Likes

Global Protect Client Bundles not installing. VM100

I am trying to install a client bundle for GP on out test VM-100

 

The VM has no internet connection so I downloaed the bundle from PA

 

PanGP-4.0.6

 

On "device > Global Protect Client " I upload the file, which works but nothign is displayed.

 

If i go to

...

Resolved! ICMP reply from the firewall instead of endpoint destination

Hello everybody,


What could cause ping to respond from a different IP?
When tested from source, the response message of the ping command is successful and it's coming from the PaloAlto firewall, not from the destination IP.
Where and how can I verify on

...

000000 by L1 Bithead
  • 1214 Views
  • 2 replies
  • 0 Likes

New Feature request or ?

Hi

 

I would like to have apolicy that just logs and does nothing else - ie the packet keeps getting evaluated.

 

some times I want to know there is packet there but not process it with that line.

 

Can this be done already ?

Top Solution Authors
Top Liked Authors