General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

PANORAMA COMMIT AND PUSH TO FIREWALL FAILS WITH ERROR

For the last few days, we have been trying to import firewalls into Panorama and have not been successful at it. Panorama firmware is 9.0.7Palo Alto firmware: 8.1.13 Description of issue: During the importing process, I was able to extract the configs from PA firewall onto the Panorama. However, when I tried to commit the configs back to PA fire...

Captive Portal SSO w/ Okta - "User Authenticated"

We've implemented Okta SAML SSO with our layer-3 Captive Portal redirect page for IP-User mapping. The solution works, but users are landing on a "User Authenticated" web page, rather than the website they originally browsed to. Users now have to re-browse to the website first landed on, or browsed to to access the site. I figured SAML SSO would...

2020-02-19 11_54_24-Program Manager.png

Firewall active sessions age

Does PAN OS has a feature to calculate session age for any active session ? In particular looking from SOC point of view if they want to monitor long time period active sessions used by attackers to compromise security. I am not looking for session timeout or reasons for that, but a life span of active session running.

PS007 by L2 Linker
  • 6367 Views
  • 6 replies
  • 0 Likes

Resolved! Paloalto NGFW file system integrity check??

hithis is jo. from S.Korea case(PA-3060 / PAN-OS 8.0.7)customer want to check'file system integrity check' when it occur.(monitor->system log)when the integrity log occur want to send to Syslogserver. test.I`d reboot Pa-220 and checked system log however I cant find any integrity log. Qustions1, how can I find integrity log?2. Integrity check...

HTTP response code logging

So PAN doesn't log HTTP response code, at least I do not seem to find one under URL Filtering logs, and if it doesn't, then how Palo could claim that it is the replacement of proxy?

rKarki by L1 Bithead
  • 6429 Views
  • 3 replies
  • 0 Likes

Resolved! query on shared object and shared group #######panorama######

Hi, >We are creating a shared obj and shared group in panorama and committing to only one specific device group at the end.>will it cause any trouble later in future while doing commit all ?>Is it okay to do like that or will we face any difficulties in future?

anil_y by L0 Member
  • 5068 Views
  • 3 replies
  • 0 Likes

How to Setup Response Pages in using javascript and ajax for Service-Now

I'm trying to setup PaloAlto response pages to submit content using "button" to Service-Now. It seems that in order for content of response page to be 'sent' to Service-Now, javascript and ajax must both be used in the html response page. My questions are: 1) does PaloAlto response pages support ajax?2) does anyone have an example of submittin...

tlarue by L0 Member
  • 4969 Views
  • 2 replies
  • 0 Likes

Office365 and Exhange Online

We are going to have a hybrid environment and need to allow some O365/Exchange traffic inbound from their cloud. They have a JSON list they publish. Can I use that as an EDL to allow the traffic inbound? Or do I need to filter that through something else?

ts-agent port allocation problem

hi i installed ts-agent on terminal server with the user Administrator (domain) and check the agent status from cli it is connected,also ip-port-user-mapping is seems fine but when i checked the traffic logs i can not see the user names.there are some strange situations i saw,in the traffic logs i saw usernames only for port 443(ssl - applicati...

PA VM-100 trail license

Hi Everybody, I am having PA-100 VM on my EVE-NG enviroment, eveythin is workin fine but not logging anything.I have read somewhere that getting a trail license will do the magic, yet i tried to search for on how to get a trail license, i am not getting any result. Can anyone help me on hoe to get the trail license or if there is any alternat...

Resolved! SSH SSL Issues Reported From Vulnerability Assessment

The results of a vulnerability assessment is reporting the following issues with PAN firewall with version 7.1.6. Is this due to the settings in the decryption profile? Any direction would be helpful. Thank you. CVENAMEDESCRIPTIONSOLUTION SSL Medium Strength Cipher Suites SupportedThe remote host supports the use of SSL ciphers that offer med...

almay by L2 Linker
  • 14194 Views
  • 2 replies
  • 0 Likes

DHS AIS Miner

Has anyone gotted the DHS AIS Miner working in MineMeld? We have an account with DHS and I configured the Miner with our subscription id as well as our certs. The miner shows all green (see attached screen-shtot), but I am not getting any indicators. Not sure what I am doing wrong, and DHS doesn't support MineMeld. I noticed that Unit 42 wrote t...

Jon_Irish by L1 Bithead
  • 21212 Views
  • 14 replies
  • 0 Likes
  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels