General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Competitive Advantages

Hi, In a pitching session with a customer, we have explained all the advantages of Palo Alto over the competitive devices, below are the questions raised by the customer which I was not able to answer, What % Performance degrades with evidence-3rd Party in Inspection Technique (Single Pass Scanning vs Multipass Scanning)What % Performance degra...

Resolved! Advanced Filtering in ACC

Hello, I wonder why I cant use advanced Filtering in ACC. In the monitoring tab I can use quantifiers like eq, neq and contains. Is there a way to use this or similar ways of wildcards in ACC? kind regards

WildFire public cloud API key

According to this article, my API key should be visible under Account > My Wildfire API Keys. However, the Account tab of the portal linked to does not have a section titled that, and does not display any keys anywhere else either. Does anyone know how I can obtain an API key for one of the WildFire public cloud deployments?

komand by L0 Member
  • 5417 Views
  • 6 replies
  • 0 Likes

Resolved! What is the order for upgrading devices?

I have to upgrade Panorama, several associated PA firewalls, as well as antivirus, applications and threats, and Wildfire content updates. I am upgrading from 9.0.5 to 9.0.8 on all devices. I am confused as to the order I am supposed to go in when it comes to the different devices and the content updates. For example, I have updated Panorama t...

Resolved! VMs cannot ping gateway / subinterface on Palo firewall

Hello, I am kind a new with PaloAlto. I require some help with a scenario I try to put into practice in my lab. I have a strange situation in my setup.I have deployed a PaloAlto firewall virtual appliance on a ESXi host. And also created 2 Virtual machines.On PaloAlto, I have created a subinterface and assigned it to vlan 14 and an interface, as...

Palo cfg.PNG
vlan 14.PNG
Trunk.PNG
alexwi by L0 Member
  • 7706 Views
  • 2 replies
  • 0 Likes

Resolved! IPSEC tunnel with vendor and using Vendor Public IP for Source Natting

We need to build the new IPSEC tunnel with the vendor.Our sidePA Public IP say 200.23.23.x for IPEC tunnelOur Lan 1>>10.0.0.0/8 2>>172.16.0.0/16Vendor Juniper Public IP 104.156.166.x Users on our side need to access the vendor network IP1>>100.65.5.x 2>>100.66.25.0/24Vendor told us they do not want to allow our Private I...

MP18 by Cyber Elite
  • 8069 Views
  • 4 replies
  • 0 Likes

LDAP-SSL implementation

We want enable LDAP-SSL and i have checked the require SSL/TLS setting in the LDAP profile. I don't see any TCP/636/SSL traffic to the DC from firewall. I only see TCP/389/LDAP traffic, what i am missing.

image.png
raji_toor by L4 Transporter
  • 3005 Views
  • 2 replies
  • 0 Likes

Resolved! if ssl inbound decryption failed,the session will be block or ?

The custtomer want to config ssl inbound decrypaion for internal server。 They do not want this configuration to affect existing web services。 I checked the relevant information, i think the firewall in Inbound Inspection mode, PAN-OS will not act as a proxy with SSL traffic matching the policy. PAN-OS will try to decrypt this SSL traffic 'on-the...

Felixcao by L3 Networker
  • 4401 Views
  • 2 replies
  • 0 Likes

MAC Address Table learned by Palo Alto

Hi , Is there a way we can view the MAC addresses learned by Palo Alto, I am not talking about ARP. So in Juniper/Cisco Layer 2 Switches you can see what mac addresses are learned on the mac address table Can we do that same in Palo Alto? Thanks

uzaheer by L0 Member
  • 55145 Views
  • 3 replies
  • 0 Likes

Minemeld crash once in a while

HI,My Minemeld is running in a docker container. It consumes memory as much as possible. Now the server is configured with 32 GB memory, still 100% usage by Minemeld. It crashes every a couple of days. The requested url for feed gets internal error. I have to restart the container to fix it. We are processing lots of indicators. Total number is...

yguo29 by L0 Member
  • 4072 Views
  • 2 replies
  • 0 Likes

Resolved! File Blocking - allow images/videos block everything else

I'm trying to permit download of gif, jpeg, mpt4, png, svg, webp, and woff, and deny everything else in both directions. I tried 1) setting up a block rule for any file type in both direction and an allow rule for the file types above for download only2) setting up the allow rule, and then updating the block rules manually selecting every single...

font blocking

Hello, I'd like to block users from downloading any OpenType (.otf) and TrueType (.ttf) fonts. Is there any way to block them?

Password Profiles complexity

I would like to set up a Password Profile with all attributes at zero, can this generate an account lock or would I have no problems? regards

bmacedo by L0 Member
  • 2817 Views
  • 2 replies
  • 0 Likes

Dual ingress ISP setup vs Juniper SRX

Hi, there is a fundamental difference between Juniper SRX and Palo Alto Firewalls regarding how reverse route look up occursfor a session. With Juniper SRX, if I have two ingress traffic via two different ISPs, I can put each into its own routing instanceand Juniper forwards the reverse traffic back via ingress ISP. It is very simple and elega...

  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels