General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1202 Views
  • 0 replies
  • 0 Likes

Resolved! Outbound RDP access

I just heard one of my coworkers saying we need to block outbound access to RDP, I didn't have chance to follow up with him what him because of COVID-19.  I am trying to to understand what would be the reason, is that a best practice possibly?

 

 

Amin2 by L2 Linker
  • 6629 Views
  • 4 replies
  • 0 Likes

FIPS 140 and CC enabling?

Couple of questions on FIPS.

 

  1. When you enable FIPS140 on a Palo it wipes the device. Can you just reload your last saved?
  2. Can a FIPS140 enabled device talk to a non-FIPS device over an ipsec tunnel provided the cyphers are compatible?
  3. FIPS disables PAP.
...

Rdp windows

Hi,

is it a good idea giving access to public windowd  rdp ?.

Folks says do not publish outside 

Any good reason for this ?

Thanks

 

simsim by L4 Transporter
  • 7695 Views
  • 11 replies
  • 0 Likes

Resolved! Cleanup Rule

Do you recommend creating a cleanup rule (last rule to deny any any) in PA? As far as I know, PA firewalls only allow traffic explicitly defined, and the last DENY is a built in "known rule"…correct?

 

or will the interzone policy take care of this?

 

 

Anees10 by L0 Member
  • 8029 Views
  • 3 replies
  • 0 Likes

Resolved! Virus/win32.wgeneric.ajgdai id 341892366

Hi Team,

 

I have issue. One user connect to SSL VPN, and cannot ping one IP  192.168.1.11. Only one IP. after i checking at firewall, I found this users got blocking activity Threat Name virus/win32.wgeneric.ajgdai   id 341892366. But when this users

...

Resolved! VmFirewall on Xen?

Hello, good morning.

 

I have purchased the vm300 virtual firewall.

I have seen that no downloads are available for the XEN hypervisor at this time.

There are for vmware, kvm, citrix netscaler, etc.

I finally got the vmware virtual machine running on Xens

...

Resolved! Certification profile in global protect

Hello All,

 

I have configured the GP with authentication of credentials(Username and password) as well as the certificate profile.

When I connect the GP agent it is connected successfully.

My question is how we make sure GP is using a certificate profil

...

Resolved! DNS Proxy feature

Hey guys, I've read about DNS proxy and how it works. My question is, what are the benefits of using DNS proxy on the firewall?

 

This obviously gives the Palo insight into the DNS responses, but if the DNS traffic traverses the firewall it can snoop i

...

Global Protect // Multible post-vpn-connect scripts

After connecting with Global Protect I execute an post-vpn-connect script to mount the users network shares. I execute them in the context of the user.

Unfortunately, I need to execute another post-vpn-connect script in the context of an admin. 

 

Does

...

BHaaf by L0 Member
  • 4043 Views
  • 2 replies
  • 0 Likes

Mac computer GlobalProtect with Computer Cert How To

Below are the instructions that I have cobbled together to install GlobalProtect on a Mac and not have the system ask for authentication of an administrator at each connection.  Full document with pictures is available on my GitHub.

https://github.com

...

SFP Virtualwire on PA-820

Hi,

I configure my device to virtualwire mode with sfp baseT transceiver but it wan't to work (they are red in GUI).

When I change to Layer3 mode everything work corectly (change to green).

In CLI I can see transceiver.

Have you got similar problem or an

...

KamWes by L1 Bithead
  • 3380 Views
  • 4 replies
  • 0 Likes
  • 24173 Posts
  • 117 Subscriptions
Top Solution Authors
Top Liked Authors
Labels