Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
jforsythe by Community Team Member
  • 27 Views
  • 0 replies
  • 0 Likes

Resolved! Palo Alto keep client IP

Hi,

 

Is possible to keep in Palo Alto the client IP although PA is doing a source NAT to reach internet?. A service in the cloud needs to know the client IP. Something like XFF. 

BigPalo by L4 Transporter
  • 2274 Views
  • 1 replies
  • 0 Likes

Resolved! Traffic log shows decrypted for blocked traffic

 

We have not enabled ssl decryption for specific subnets.

When I see the traffic logs I see ssl decrypted is checked and traffic is denied.

 

I verify that I see decrypted flag for all traffic that is blocked in url category.

 

Need to know reason for thi

...

MP18 by Cyber Elite
  • 2646 Views
  • 3 replies
  • 0 Likes

Resolved! PanOS version number

Am I correct that the naming scheme is considered Major Version . Feature Release . Maintenance Release - hotfix?

8.1.6-h3

BoDollis by L1 Bithead
  • 5212 Views
  • 2 replies
  • 0 Likes

Packet Descriptors spike

Hi All,

I've been collecting and plotting CPU, Session, Packets Descriptors, Packets Per Second, as well as some other metrics. Once in a while I see a spike on the Packet Descriptor graph.

According to KB article How to Interpret: show running resourc

...

abraun by L1 Bithead
  • 14688 Views
  • 7 replies
  • 0 Likes

Resolved! PA-220 Issues with Routing between LANs (Layer 3)

Hello everyone!

 

I am brand new to Palo Altos and firewalls in general, so I'm sure I have made a couple obvious mistakes, but hope to learn.  I have inherited a PA-220 that is now needed to be put in place between us and other connections (no interne

...

PlanFirewall.PNG
Druke by L1 Bithead
  • 11289 Views
  • 6 replies
  • 0 Likes

GlobalProtect - How Are you Using?

We have had our Palo 3020 along with GlobalProtect for about a year now, and we continue to struggle with all sorts of GP issues. I'm curious to know how are you all using GlobalProtect?

 

One Issue - Our strategy was to use GlobalProtect as an Always-

...

Resolved! new panorama vesion 8 legacy adding disk

Hi,

 

newly deployed ESXi vm panorama 8.0.2

By default free space is 11gb this is ok.

Then trying to add a new disk for exmpla 150gb.

This is working with version 7.1 new panorama.

 

Can we also make this work with new deployed 8.0.x panorama (legacy mode)

 

...

PanIst by L3 Networker
  • 8722 Views
  • 8 replies
  • 0 Likes

Safe Search Issue

Transparent safe search is not enforced for networks which are using the PA box for DNS proxy.

 

I have enabled Safe Search tick in URL filtering. Still no go.

 

We have enforced with local DNS servers and that is working. However the interfaces using PA

...

Proxy.jpg

PA-850 - how to protect

Hi

 

If I wanted to protect a PA850 from unknown devices connecting.

 

so 1 port to the local ISP.

6 ports for laptops to directly connect.

How / what is the best way to make sure only pre defined laptops can connect.

Mac filtering ??? Think that is easily

...

Resolved! IS it possible to delete the crashinfo file

 

 

when i run command 

 

show system files

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


/var/cores/:
total 4.0K
drwxr-xr-x 2 root root 4.0K Jan 10 00:15 crashinfo

/var/cores/crashinfo:
total 0

/opt/var.dp2/cores/:
total 4.0K
drwxrwxrwx 2 root root 4.0K Jan 10 00:15 crashinfo

/opt/v

...

MP18 by Cyber Elite
  • 4110 Views
  • 4 replies
  • 0 Likes

Resolved! Blocking punycode URLs

We have PA-820's and I have been looking for a way to leverage them to block punycode attacks.  In fact, we'd be pretty OK with blocking punycode URLs altogether.  I just haven't been able to puzzle out a way to do it.  If I add xn--* to the URL filt

...

  • 23584 Posts
  • 107 Subscriptions
Labels