General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Blacklisting Workstations?

Sorry if this is a dumb question, I'm still a bit new to PA. I've recently had a case where a few workstations cannot access anything beyond the local network. A trace shows that they can reach their default GW, but not the next hop, which is the PA. As a workaround, I found that changing their IP address resolved the issue. I then found that if...

Luke_R by L2 Linker
  • 4173 Views
  • 4 replies
  • 0 Likes

ntlm exited 4 times must be manually recovered

In our system log of the PAN5250 with PAN OS 8.0.15 i see the following critical message : ntlm exited 4 times must be manually recovered. Does anyone has the same issue or knows how to handle this. I can't find how to manually recover this and where this is coming from. Thx for the help in advance 🙂GreetzManu

ManuDC by L0 Member
  • 5236 Views
  • 1 replies
  • 1 Likes

TLS syslog to a cloud based SIEM

Running software version 8.1.10 on this PA firewall.I have the TLS syslog server profile setup in Configuration type logs and that works (getting config logs).Then I setup this log forwarder profile that has both TLS syslog and UDP syslog server profiles.When using adding logging for each line of policy to log on session close with the aforemen...

ryupapa by L1 Bithead
  • 3972 Views
  • 3 replies
  • 0 Likes

Resolved! Antivirus Profile and Default Actions

I've been looking at our PA, and I've found that it's detecting viruses being delivered in SMTP traffic. The PA is alerting, but taking no further action. Looking at this guide here, I understand that Palo Alto have this set based on the best recommendation at the time.https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/best-practic...

Luke_R by L2 Linker
  • 3484 Views
  • 2 replies
  • 0 Likes

Question regarding Customer Advisory "Content Delivery Network Infrastructure Update"

There is a new Customer Advisory "Content Delivery Network Infrastructure Update".https://live.paloaltonetworks.com/t5/Customer-Advisories/Content-Delivery-Network-Infrastructure-update/ta-p/307121 We use AppID "paloalto-updates" to allow download of updates. Does this need to be adapted? The firewall devices are configured to use update server ...

Anon1 by L4 Transporter
  • 5324 Views
  • 4 replies
  • 0 Likes

GP: "Matching Client Config Not Found" when trying to connect

Heya Gurus!I'm running into an issue that I can't seem to figure out. I helped a client migrate a firewall over from Checkpoint to PAN. A few false starts and we got it going. Now we are working through the 'b' list of items that needed to be figured out and tested.We have the GP portal/gateway configured for LDAP/AD authentication, and the a...

Resolved! Cannot apply advanced filters for O365 API feeds

I'm trying to filter out unneeded/unnecessary indicators from our O365 feed, but no matter where I apply the filters I am still receiving all of the indicators. For example, I would like to filter on only indicators available over Express Route, and in the JSON you can see that 'expressRoute' is an available field with a boolean value of eithe...

benime by L1 Bithead
  • 13776 Views
  • 6 replies
  • 0 Likes

Resolved! Email alerts for utilised interfaces and HA status (active/passive)

Hi Gang, I have a server profile configured but completely unsure, even after some searching around. I'd like to generate email alerts for:Interface - in that their status changes e.g. data-link down, hard down, flappingAre the dedicated HA ports possible to be alerted tooFirewall goes into HA where the passive firewall takes overI know the answ...

Panorama HA Config question

Hi All, Quick question on my new deployment for Panorama. I have a HA pair with unique hostnames and IP addresses with firewall as an active passive pair. The migration steps state the following:Do not combine the HA firewall pair in to a single template if a unique Hostname, management IP address, or HA configuration is configured for each HA p...

a.jones by L3 Networker
  • 2898 Views
  • 1 replies
  • 0 Likes

Google Play Store Broken When SSL Decrypted

As part of our setup, at an independent school, we decrypt the majority of traffic and set rules to bypass where needed. As part of this, we've struggled to get the Google Play Store to work with decryption turned on. I've used a test phone without decryption and reviewed the URL logs to determine which URL(s) may need adding to a bypass rule. A...

Resolved! URL from URL filtering and SSL Decryption

Hi folks!I have an andriod device that has a news app installed and also included into the SSL decrypted devices zone. The traffic from this app is apparently has a certificate pinning because it doesn't show anything once started. Obviously, the Palo signed CA cert is installed into this android. The trick is that the app starts working if I re...

ovel by L2 Linker
  • 8267 Views
  • 4 replies
  • 0 Likes

Resolved! Configuring QoS

Hi, I'm still a little new to Palo Alto (but familiar with QoS concepts), and right now I'm trying to understand how QoS is configured on a PA3020 in production (configured by someone else before I was with the company). I can see a QoS profile called 'default', which is applied to two interfaces. However, there is no QoS policy at all.If I unde...

Luke_R by L2 Linker
  • 4987 Views
  • 4 replies
  • 0 Likes

Resolved! Multi-domain/child domain group mappings

We are in the process of moving two old domains into a new domain with child domains and have been having some issues with UserID and group mapping applying the wrong domain to users, which in turn makes it so the correct security policies don't apply. The general setup is this: Old1 and Old2 are the old domains (neither has child domains); Roo...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels