General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

FIPS 140 and CC enabling

Couple of questions on FIPS. When you enable FIPS140 on a Palo it wipes the device. Can you just reload your last saved?Can a FIPS140 enabled device talk to a non-FIPS device over an ipsec tunnel provided the cyphers are compatible?FIPS disables PAP. System wide? or Just for authentication to the FW? Our Radius doesn't support CHAP.Anything else...

Decryption Certificate.

Hi Team, I have created certificate which is used for Decryption purpose. I have installed in Windows and Mac and its working.How do i install that in linux (Ubuntu or Kali ) ??Please share your insights .

Policy rules organization

hello Everyone hope everything is doing well. questions for the experts on paloi have 260 rules on my palo alto environment and they are subdivided in zones and i would like to make things more organized on my rules .question is the rules more high used on the palo should be always first ? like more verbose rules or it doesn't matter where they...

publishing a site website service with ssl decryption

I have an internal server which i want to publish its service to public and need to do ssl decryption, does that means i need to do "inbound ssl decryption"?and if so, as the website is natted from outside to inside, in the decryption rule in the destination, do i put the public ip or the natted ip?

chuckles by L2 Linker
  • 5035 Views
  • 3 replies
  • 0 Likes

Release Notes in GUI

Anyone know what's up with the release notes links in PAN-OS or Panorama GUI? Some of them are taking me to an XML response page and there is apparently an email circulating on REN-ISAC that the GlobalProtect links for 5.1.2 download a *.solitairetheme8 file (I can confirm that I'm seeing this behavior in the release notes link in Panorama this...

jsalmans by L4 Transporter
  • 2851 Views
  • 1 replies
  • 0 Likes

Minemeld configuration via TAXII output to Qradar

Hi All, i've been trying to configure the taxiii output in minemeld following the tutorial of Qradar posted here but with no success.I am running docker minemeld version, everything is fine until i try to add the url: https://hostname/taxii-discovery-service from Qradar TI module and get the following error: There is a problem connecting to the ...

macintos by L1 Bithead
  • 3277 Views
  • 1 replies
  • 0 Likes

Resolved! Limits in Old Palo Alto models

Hi, I am trying to find out the number of objects and groups of objects of the old models PA-3020, PA-3050, PA-3060 and PA-5050. In the new models, these data appear in the product comparison of the Palo Alto website, so I understand that these limits are static and do not vary depending on their capacity. However for the old models I only find ...

PA220 Update - Cannot use management interface

Hello,First question and first foray into Palo world from Cisco ASA and I'm stuck.I am trying to update a couple of PA220's, we cannot use the management interface and therefore can only use an interface connected via DHCP to our ISP.I have got the interface getting a DHCP address (have set Ethernet 1/1 as Layer 3 interface), I created a zone (...

Scott64 by L1 Bithead
  • 4244 Views
  • 2 replies
  • 0 Likes

How to enroll in Cyber Security Foundation, Cybersecurity Network Security Essentials, Gateway

I am trying to get PCCSA certified. On the PCCSA FAQs document under Q5 there are three courses listed other than the Cyber Security Survival Guide, the EDU-010 course, and the Practice test: Cybersecurity Foundation Course, Cybersecurity Network Security Essentials Course, Cybersecurity Gateway (Networking Fundamentals) Course. They are links t...

tcrump38 by L0 Member
  • 4199 Views
  • 3 replies
  • 0 Likes

Global protect multifactor authentication with RADIUS

Dear All, I have configured GP with multifactor authentication.Example:- If I want to connect VPN, so I click to connect on agent it will prompt me to credential then I will enter username and password once it is succeded one OTP received my mobile. after entering the OTP. I can connect the VPN Randomly I am facing issues some users not able to ...

not able to login in firewall by authentication profile

Hello team, I have created a local and AD authentication profile.Then I have created an administrator and the same profile allow there. but when i try to login in Firewall getting the incorrect user name and password error.please suggest how can i login in firewall by AD user.

Windows radius with certificate config

Hi there, I am testing Radius configuration for our admin accounts using windows NPS over PEAP-MSCHAPv2. I have our local CA cert in the cert profile and configured all the required params like vendor specifi attributes,etc. When I run a test authentication profile and add my domain creds I get the message ''Response for user: "<user name>...

Jamesy by L2 Linker
  • 5739 Views
  • 2 replies
  • 0 Likes

Maze Ransomeware Coverage

Hi Team, Please let us know the coverage against for Ransomware-Maze under threat in our Palo Alto IPS. Best Regards,Sahul Hameed

SahulH by L3 Networker
  • 7785 Views
  • 7 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels