General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! URL for Bulletproof ISP's EDL ?

I was at the Boston Fuel event, and one of the sessions the presenter said they could give us a URL for the new Bulletproof EDL listing (built-into PAN-OS 9.x). I'm not brave enough the deploy 9.x in Prod, so I was hoping maybe someone had the URL so I can create my own rule blocking these hosting providers that seem to harbor lots of malicious...

Palo alto FW for home/lab

Hello, I would like to ask you regarding PA firewall for Home/Lab. I worked like Network engineer, mostly with Cisco devices in ISP (MPLS, BGP, IPSEC, QinQ), and now I desided to learn new things. Which things I can learn, study with PA200 PAN OS 8.0 without license ? I am trying to find any cheeper devices with licence but it is impossible for...

ZEENMC by L1 Bithead
  • 51873 Views
  • 11 replies
  • 0 Likes

Minemeld Ageout Policys and Withdraw

Hello, Im having several issues and questions about what the best practices would be for surronding ageout policys. Is it better to add an ageout policy to the Miners, Aggregators, or Outputs?If I use the following Ageout policy, if a feed sends an IP right after the age-out occurs, will the first_seen time start over? age_out: default: firs...

DSHDAlex by L0 Member
  • 5517 Views
  • 3 replies
  • 1 Likes

VmWare ESX Firewall License

Hi community, i have a problem with licensing firewall which is on VmWare. When i tried to "deactivate vm" under licensing tab(on firewall), firewall has no longer license but on the website support.paloaltonetworks.com there is still active authcode. And can not add manually a new authcode on firewall. What causes this problem? Can you help me ...

How to store output

Hello Team, I have one txt file in my window machine in which there are 1000 urls example.test.abc.comtest.ftp1.com so if i type this cmd in putty "test.url test.abc.com" i got some output. Please let me know is there any way to save the output of all these 1000 urls like in linux we can use > root/Desktop/test.txt to save the output

dmodi by L2 Linker
  • 6209 Views
  • 7 replies
  • 0 Likes

Cannot connect to GlobalProtect

Hi, Just need bit of a direction on what to check for this issue. Two users can't connect to the globalprotect vpn. One user: Windows 8.1 - can't connect (shows connecting forever) and another one: Windows 10, seems to connect and disconnect straight away. Logs from PANGP shows: 362): InitConnection ...(T8796) 09/06/17 05:49:46:934 Error( 366): ...

Farzana by L4 Transporter
  • 18446 Views
  • 11 replies
  • 0 Likes

proxy_arp_pvlan_feature request

Dear Palo Alto support teamAs I have post my question in the community, I come to conclusion that the Palo Alto firewall does not support the feature explained in the post--https://live.paloaltonetworks.com/t5/General-Topics/proxy-arp-pvlan/m-p/302528#M78834.The design case is used the the private vlan scenario where the upstream router/firewall...

seek_2 by L1 Bithead
  • 3546 Views
  • 1 replies
  • 1 Likes

Resolved! PAN-OS 9 Browser Issues

Hi community, after upgrading Panorama M-200 to PAN-OS 9.0.5 (due to bug fixes) we only can access panorama via Firefox.Opera, Chrome and IE see the login page, the login is successful, but after redirecting to the dashboard, the url is stuck with <ip>/? and the load-page is ready. Clearing the browser caches, navigating to <ip>/debu...

Chacko42 by L4 Transporter
  • 6700 Views
  • 2 replies
  • 0 Likes

Resolved! Engine error after reboot

My Minemeld system is failing to start, giving an engine error. The last it,e in the log is 2017-11-18T17:38:06 (2843)launcher._run_chassis ERROR: Exception in chassis main procedureTraceback (most recent call last): File "/opt/minemeld/engine/0.9.44/local/lib/python2.7/site-packages/minemeld/run/launcher.py", line 53, in _run_chassis c.config...

deanm by L2 Linker
  • 6865 Views
  • 3 replies
  • 0 Likes

Recommended User-ID settings

I need some help understanding the recommended settings for Pan-OS agentless User-ID. First, here are my current enabled settings.Server Monitor tab: I have "Enable Security Log" checked. Server log monitor frequency is 20, server session read frequency is 10 Client Probing; enabled and set to 20 min Cache: User ID timeout is enabled and set ...

ce1028 by L4 Transporter
  • 13130 Views
  • 5 replies
  • 0 Likes

Resolved! HA suspend state warning message

We were testing our HA fail over,we suspended primary and failover happened,we then suspended secondary thinking it would fall back to primary,however primary was still suspended,so it caused an outage. We understand it was a human error but We were just wondering palo does not give any sort of warning message (like you are about to suspend both...

Global protect-DNS

Good afternoon/morning/evening everyone, I have an interesting one:I have a group of offshore developers and I thought about setting up a few access routes, doing split tunneling, however the problem is that my DNS being pushed for the agent is my DNS, so they can reach my DNS records, but when they want to reach sub-domains or domains configure...

TS Agent not working for Windows File Explorer

Hi! We found out, that it is not possible to track the user when he starts a Windows-File-Explorer via Citrix. Source-Port is used from the System-Context and not from the User-Context.This behaivour is confirmed by Palo Alto, and it seems to be similar tohttps://live.paloaltonetworks.com/t5/General-Topics/TS-Agent-no-port-mapping-when-using-win...

EDL list used in policy has no valid entries

Hi Community.I have configured PA to fetch EDL of type IP addresses from EDL link "https://panwdbl.appspot.com/lists/ettor.txt" for blocking tor. I am able to see that the list is getting populated. But occasionally I am getting below warning while committing other configurations,EDL <name> used in policy has no valid entries I am running ...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels