General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Interface issue - see traffic but no arp entry for gateway

We have an issue with an interface that is talking weirdly. We have changed ports to rule out hardware, and I can work ok with a laptop in the same switchport. The line comes from Verizon's media converter to a switch that is connected to the pair of HA firewalls and an HA pair of load balancers that use different addresses in the subnet. The ...

Document on VM information sources for Windows User-ID Agent?

Anyone have a good document or link on the windows user-id agent for monitoring VM information sources? Looks easy enough to setup on the windows agent, but how does it monitor/parse logs and what exactly does it do when making the connection/permissions for the account?

Sec101 by L4 Transporter
  • 3894 Views
  • 2 replies
  • 0 Likes

Resolved! PC connected to Management Port

Need to know this--- when we plug the Laptop on Management port and assign it ip 192.168.1.3 we can then access web gui 192.168.1.1 how?normally management port is up when you connect that it to switch that make sense to me.but here it is connected to PC with IP 192.168.1.3Here both ends of the cable are connected to PC and PA management port.Ho...

MP18 by Cyber Elite
  • 8343 Views
  • 8 replies
  • 0 Likes

Resolved! Is there any way I can make an "Easy Button" for help desk to enable/disable PBF rules?

I'd like to create a script or some kind of quick method to disable a PBF rule. We have a dual-ISP setup, and sometimes one ISP will get extremely slow. But it doesn't actually go down, so it doesn't trigger the PBF rule, and we're left with nearly unusable internet.As the only "firewall guy", they basically have to wait on me to disable a PBF r...

Maxstr by L3 Networker
  • 6580 Views
  • 5 replies
  • 0 Likes

Resolved! Security policy using wildcard destinations and NON http/https protocols

Dear community We are dealing with a request for a firewall rule which is supposed to allow SMB traffic (TCP 445) to a wildcard destination like *.subdomain.example.com out on the internet. So this made me think about how we should implement such a rule and I am not even sure it can be done or at least I don't know how. If this would be HTTP/HT...

TiborNad by L1 Bithead
  • 9144 Views
  • 3 replies
  • 0 Likes

App-ID - ms-rdp not allowed, traffic being blocked as cotp

Hi All, Were running 7.1.14. Ive created a rule to allowed ms-rdp to the rule. Ive checked first if ms-rdp has any dependencies, there is none. It implicitly uses cotp and t.120. So from what i understand from the meaning of Implicitly uses, i only need to allow the main application which is ms-rdp and in turn it will allow implicitly cotp and t...

Usage Difference between SSL Forward Proxy and Inbound Inspection Decryption mode

Hello i have read the articles regarding the types of ssl decryption: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV8CAKhttps://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/decryption/decryption-concepts/ssl-forward-proxyhttps://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/decryption/decryption-concepts/s...

Template Stacks for HA (Active\Passive)

Looking to deploy template stacks to all of our managed firewalls from our Panorama 8.1.x. I am wondering how to deploy STACKs with values unique to each individual in a HA (active\passive) pair. Some settings would include: Hostname,HA configurationsOther device unique settings When we create seperate stacks for each firewall we get an error (a...

Palo Alto 8.0.7 basic ospf configuration not working with aruba switches

Folks, We have 2 Palo Alto FW and 4 aruba switches in the same area (area 0), we are noticing that the aruba fw is loosing neighbor relationship with the routers every couple of seconds 30-60 seconds. The configuration is very simple, any ideas? guys i have palo alto and aruba switch in the same area and there neighbor relationshio ...

tpahuja by L0 Member
  • 3133 Views
  • 1 replies
  • 0 Likes

Adding filter "?v=panosurl" broken access to all websites

Custom URL category is configured to block phishing URLs collected from Linux MineMeld server through EDL. For some reason adding filter "?v=panosurl" (https://10.9.0.60/feeds/phishing-url?v=panosurl) to retrieve URLs in PAN-OS supported format (malware.com) is creating issue as all the websites are categorized as phishing and blocked. Using wit...

Resolved! PAN-OS Software Release naming?

Just upgraded to PAN-OS 8.1.9 on our PA-500 a few weeks ago. Just saw that 8.1.9-h4 is available now. Wondering what the significance is of the "h" in the name of the release version.

9.0.3 -h3 - Possible bug?

Hi, anyone had issues after updating to this version? We had strange behaviour accessing some websites stating that 'File Transfer Blocked' there was nothing showing in the logs. We rolled back to 9.0.3 and problem went away. Possible bug ? D.

BizBo by L2 Linker
  • 3375 Views
  • 2 replies
  • 0 Likes

Global Protect external IP address - Best practice?

Hello, We are a moderately-sized customer without an assigned sales or engineering resource due to account transitions. We are in the process of moving to a new ISP and it has been suggested by internal resources, for other reasons, to utilize the same IP for the Global Protect Gateway as is already assigned as the outside IP on the public inte...

Resolved! False positive threat

Hello, PA-3020 is falsely identifying some adobe-creative-cloud-base traffic as being a threat. I can't add an exception for this as the log view does not contain a threat ID as it normally would for a threat. All of my dynamic updates are up to date.The URL filtering profile is set to ‘alert’ for computer-and-internet-info (I have most of the...

1.jpg
2.jpg
  • 24392 Posts
  • 123 Subscriptions
Top Solution Authors
Labels