General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 93 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3334 Views
  • 2 replies
  • 14 Likes

BUG -106914

BUG -106914.

this is mentioned in 8.1.9 PAN OS as addressed issue.

  Please find the detail:

Fixed an issue on a firewall in a high availability (HA) active/passive configuration where HA1 and HA2 links stopped passing packets, which caused a split-brai

...

arun_sh by L1 Bithead
  • 3217 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect client config fail

We have GP license for a smaller 220. Idea is to have 220 in DMZ and allow users to connect internall or externally to connect to GP. 

The issue i am having is that when trying to connect internally i am getting not authorized message from the client.

...

image.png
image.png
raji_toor by L4 Transporter
  • 8182 Views
  • 1 replies
  • 1 Likes

Unable to run minemeld over HTTP

I'm unable to run minemeld over HTTP. This is in a test environment and I do not have a cert at this time.I tried the suggestions on other forums with no success.

 

 

Prototype for FS-ISAC

I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/

 

Understand from FS-ISAC, they uses Soltra as part of their in

...

c_cong by L1 Bithead
  • 20219 Views
  • 27 replies
  • 0 Likes

Resolved! GlobalProtect VPN prelogon 2FA/MFA

Hello everyone,

 

I have a question for which I can't find any documentation to solve it.

Our security manager wants to increase security at the VPN prelogon.

Since version 9.0 PANOS, its possible to make a VPN prelogon with 2FA or SAML authentication. 

-

...

jk0neil by L0 Member
  • 5917 Views
  • 1 replies
  • 0 Likes

# of rules vs simplicity

Hi all,

 

I'm currently reviewing our PA5250 security policy ruleset and I'm doubting the best way to handle it. We have about 800 rules and lots of those rules combine functions. For example a server is allowed to FTP to ip a.b.c.d and should be allow

...

tomdevos by L0 Member
  • 3805 Views
  • 5 replies
  • 1 Likes

Resolved! Decryption certificate validation issue

Hi Guys,

 

I'm experiencing issue where one of the site is not accessible when the decryption profile is enable with no decryption for SSL forward proxy. After disabling the block untrusted issue I'm able to access the  site. 

 

I'm facing this issue in

...

BlueKeep HIP policy

I've created a HIP policy to filter GP users if they are missing the security patches for BlueKeep. However, with monthly roll-ups I have to go in and generate a new HIP object each month. 

 

We currently patch our Windows machines 30 days behind Micro

...

SPI Value in phase 2

I wanted to know that I could see the SPI value in the wireshark in site to site policy based VPN.

 

So basically in base two there are two SPI value inbound and outbound, so if the attacker is capturing my traffic then he'd able to see my SPI value. t

...

  • 24126 Posts
  • 100 Subscriptions
Top Solution Authors
Labels