General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

SSH connection drops randomly

An SSH connection to a particular server drops randomly (usually 20-60 seconds after login). Between the client and the server is a Palo Alto firewall with SSH decryption disabled.

What I tried so far

 - regenerated ssh keys on the server
 - added to se

...

PA-5220 Decryption Performance Degradation

We have a cluster of PA-5220 firewalls with SSL decryption activated. When initiating a communication across the firewall using a decrypted protocol (scp, HTTPs, etc.) we get 5x slower connections compared to the unencrypted versions of the procotol.

...

Resolved! IP Sec VPN Paloalto - Mikrotik

Hi!

 

I have a situation that is doing my head in, and I need some help.

 

I have an installation which looks like this

 

"A" end - Palo Alto Active/Passive cluster, public IP for IPSec VPN termination

"B" end - Mikrotik public IP for IPSec VPN termination

 

...

remote vpn on iphone and android config?

i successfully configured remote vpn client for windows to function but the customer is asking for vpn using mobile phones? would it work with the exist configuration? or does it need other kind of configuration? does the mobile phone pull the client

...

chuckles by L2 Linker
  • 4405 Views
  • 4 replies
  • 0 Likes

SSL Expired Cert and SSL decryption

 

We have vendor site which we access.

Recently their SSL cert expired and when I try to access that website chrome shows cert is invalid and still in brower it shows

it is decrypting the website and i can see the PA cert there.

 

Traffic log shows isessi

...

MP18 by Cyber Elite
  • 11210 Views
  • 11 replies
  • 0 Likes

Dynamic External Lists for Hostnames

Trying to figure out the best way to accomplish a task. 

  1. We have a "Suspicious" rule on our firewall that should be where we place hostnames for users that are observed to have questionable traffic.
  2. This will be a dynamic list that will be updated by a
...

Resolved! Creation of new Session and 6 Tuples

 

Need to confirm below -  

 

If PA has the  active session and need create a same session but the old session is active?

What action will take depending on 6 tuples?

 

 

MP18 by Cyber Elite
  • 6783 Views
  • 4 replies
  • 0 Likes

Resolved! Reading firewall palo A20 logs

Hello Paloalto community,

 

I ask for help please, I collect the logs of a Firewall palo lato A20  with graylog, I find a difficulty in reading Firewall logs. Can anyone help me to explain this logs, I want a clear interpretation of this logs.

On the we

...

F LOGS.PNG
Ayoub2 by L1 Bithead
  • 2557 Views
  • 1 replies
  • 0 Likes

Lost communications via HTTPS

Hello all,

I had a problem with a PA-220, version 8.0.9.
Suddenly I lost HTTPS service for the management interface, It was still working but I only had access via SSH.
When I entered #show deviceconfig system service I couldn't see the services HTTPS &...

upatino by L1 Bithead
  • 2838 Views
  • 1 replies
  • 0 Likes

disable automic start globalportect and create a shortcut

Hello,

 

My customer need a "GlobalProtect msi" to ditribute by GPO that complies with the following.

- Customize Portal URL. That is Ok, we edit the with orca software https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkwCAC.
-

...

MPoffal by L2 Linker
  • 3029 Views
  • 1 replies
  • 0 Likes

Why is "set address BLAH tag BLAH not working?!

admin@PA-5250-LOANER# show address TULLY
set address TULLY ip-netmask 192.168.15.245
set address TULLY tag Safenet_Listener_Service
[edit]
admin@PA-5250-LOANER# set address POPLICOLA tag Portal_Services

Server error : tag 'Portal_Services' is not a valid

...

Resolved! UDP 443 becoming more prevelant

Today I have discovered that the latest Facebook App for Apple IOS is using udp/443 for communication. This behavior seems similar to the Google Quic protocol. I also caught a glimpse of an article referencing the move to a http2/api WWW.

 

If this is

...

Syslog Fields Mismatch the documentation PanOSV9.0

I have syslogs coming to my SIEM from the device with PanOS V9.0. The number of fields i am receiving and the number of fields specified in the documentation doesnot match.

For example, in TRAFFIC logs,

 

1,2019/05/09 15:09:20,xxxxxxxxxxxx,TRAFFIC,end,2

...

gnikesh by L1 Bithead
  • 2750 Views
  • 2 replies
  • 0 Likes
  • 23579 Posts
  • 103 Subscriptions
Top Liked Authors
Labels