General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

how to create a log forwarding profile using gmail or office 365

Hi I am trying to create a log forwarding profile in the firewall and parallel we created the server profile for the Gmail and office 365 while scheduling the report and used the Gmail or office 365 email id and we try to test the email we are getting the below error we have added the mail server profile. we schedule the reports and getting er...

HemanthV by L2 Linker
  • 5195 Views
  • 3 replies
  • 0 Likes

Resolved! Cleanup Rule

Do you recommend creating a cleanup rule (last rule to deny any any) in PA? As far as I know, PA firewalls only allow traffic explicitly defined, and the last DENY is a built in "known rule"…correct? or will the interzone policy take care of this?

Resolved! Virus/win32.wgeneric.ajgdai id 341892366

Hi Team, I have issue. One user connect to SSL VPN, and cannot ping one IP 192.168.1.11. Only one IP. after i checking at firewall, I found this users got blocking activity Threat Name virus/win32.wgeneric.ajgdai id 341892366. But when this users using mobile hotspot. him can ping this IP address 192.168.1.11. Palo Alto PA-220 Thanks

Resolved! VmFirewall on Xen?

Hello, good morning. I have purchased the vm300 virtual firewall.I have seen that no downloads are available for the XEN hypervisor at this time.There are for vmware, kvm, citrix netscaler, etc.I finally got the vmware virtual machine running on Xenserver after adding some xen libraries so that the parts could communicate correctly.But I wonder ...

Resolved! Certification profile in global protect

Hello All, I have configured the GP with authentication of credentials(Username and password) as well as the certificate profile.When I connect the GP agent it is connected successfully.My question is how we make sure GP is using a certificate profile for authentication. because when I see the authd.logI am not able to see any specific authentic...

Resolved! DNS Proxy feature

Hey guys, I've read about DNS proxy and how it works. My question is, what are the benefits of using DNS proxy on the firewall? This obviously gives the Palo insight into the DNS responses, but if the DNS traffic traverses the firewall it can snoop in on the DNS anyway. I don't see anything specific to DNS under logs to even show the DNS interac...

Global Protect // Multible post-vpn-connect scripts

After connecting with Global Protect I execute an post-vpn-connect script to mount the users network shares. I execute them in the context of the user.Unfortunately, I need to execute another post-vpn-connect script in the context of an admin. Does anybody know how to execute two different post-vpn-connect scripts with differet user contexts? R...

BHaaf by L0 Member
  • 4575 Views
  • 2 replies
  • 0 Likes

Mac computer GlobalProtect with Computer Cert How To

Below are the instructions that I have cobbled together to install GlobalProtect on a Mac and not have the system ask for authentication of an administrator at each connection. Full document with pictures is available on my GitHub.https://github.com/scriptingcaveman/PaloAlto-Documents The use case that led me to these directions is a non-admini...

Office 365 JSON-to-flatfile converter as EDL feeder

Hi PAN Community,How's everything going? I hope everyone is well and safe. I know there are plenty of MineMeld fans out there but just in case MineMeld deployment is an overkill for your organization and Office 365 security is a burning item in your task list, I thought I'd share a simple and elegant solution that has been running in my setup fo...

SFP Virtualwire on PA-820

Hi,I configure my device to virtualwire mode with sfp baseT transceiver but it wan't to work (they are red in GUI).When I change to Layer3 mode everything work corectly (change to green).In CLI I can see transceiver.Have you got similar problem or any advice what should I do?

KamWes by L1 Bithead
  • 3796 Views
  • 4 replies
  • 0 Likes

Global Protect Access routes

Hi,I have question for access routes. We have configured global protect and advertised only one access route however after connecting to global protect VPN, we can see multiple access routes in client machine. Is there any other criteria for access routes to be advertised?

gpandya by L1 Bithead
  • 8338 Views
  • 5 replies
  • 0 Likes

IPSEC VPN Phase 2 issue-Peer Checkpoint

I have 15 proxy-ids in the vpn tunnel whose peer is checkpoint firewall. Just one out of 15 usually remains really busy and lot of traffic get encap/decap on it. Remote users accessing resources within other 14 proxy-ids have absolutely no issues but they occasionally loose connectivity to those that are in the busiest proxy id and it recovers ...

Resolved! dedicated log collector setup and licensing

hi,I am preparing a new environment (my plan is for 2x management only + 2x log collector only) and have no experience with dedicated lot collectors yet. Please help me to clarify few things:- log collector for sure needs licenses, are they the same like for management only ?- can i stack log collectors to get more storage? If so, logs are load ...

  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels