General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Threat log forwarding from unlicensed PA device?

Hi folks,I believe I know the answer, but wanting to make sure I understand. I am configuring log forwarding to a Varonis server for testing. I've been sending the traffic log, but Varonis will only process the Threat log. I've configured the Threat in the Log forwarding profile, Vulnerability profie, etc and assigned it to my security rule,...

pasyslog.jpg
OMatlock by L4 Transporter
  • 4505 Views
  • 3 replies
  • 0 Likes

I have question with SSL decryption.

Hi there.Few days ago, I 'd changed one of my client's F/W .Everything was okay but decryption wasn't working.After few times, I found out what problem was causing that issues.(added decryption profile and changed policies (service: application-default -> any)But I don't know why do I have to add profile and changed service. So Please let me ...

Resolved! Is it possible to disable FQDN refresh?

According to these articles: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHJCA0https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKbCAK it is possible to change the timing of how often PA does a refresh for FQDN objects, but is there a way to disable the refresh, either globally or for spec...

User-ID

Hello all,currently, we are facing with a strange issue related to user agent. Scenario is that, once the user login to his/her laptop then tries to surf, e/she will get dropped by the firewall. After further investigation, we found that the time the firewall takes to identify the user agent causing the issue.in other words, user logs in to the ...

Shadow by L2 Linker
  • 13301 Views
  • 11 replies
  • 0 Likes

Global protect AD strange issue

I have a strange and critical issue. I have Always-on type global protect with cert based username and OTP authentication method on handful of user machines. I have set the captive portal timeout for 0 and enforce network access under portal app settings.these users each have 2 machines.whenever the user changes his AD password on a different ma...

Error when using stdlib.syslogMiner

Hi together, I am trying to import PANOS-Threat Logs into MineMeld using the syslogMiner. I have configured the Miner and the LogForwarding via Panorama and can see the incoming logs at the Minemeld instance using tcpdump. Still I see no indicators in my Miner-Node. The Engine Logs show following error that I think is relevant to the problem...

Resolved! Panorama External Dynamic Lists

I had to RMA our m-100 and when I did that I lost the external dynamic lists on the PANORAMA itself. They are still locally on the managed FWs but I cannot referrence them on the Panorama. Of course that broke all outbound traffic because the top rule to block all traffic to those lists wasn't matching anything on the destination side (thanks ...

drewdown by L4 Transporter
  • 4193 Views
  • 2 replies
  • 0 Likes

Question About Multicast Not Receiving, IP Flood (URGENT ACTION REQUIRED)

Hi Team, we have done multicast configuration and we are unable to receive multicast through firewall PA-3060. Also whenever we did add our LAN interface into multicast configuration “ other IP flood” critical threat gets started into that particular LAN as shown below. Kindly help me to resolved the same. Scenario as below,Requirement as per di...

1st network diagram.png
2nd.png
3rd.png
4th.png

Moving Panorama M100 function to M500

Seems M100 does not support PAN OS 9.0We have Physical M100 running as Panorama mode.Also we have M500 running as Log collector mode. Can we move config of M100 to M500 so they can manage all the firewalls?

MP18 by Cyber Elite
  • 3317 Views
  • 1 replies
  • 0 Likes

Panorama 8+: Can you override EDLs in child Device Groups?

Currently running Panorama 7.1. We'll be upgrading to 8.1 in October-ish. According to the documentation for 7.1 and 8.1, you can create an EDL in Device Group A, and it will be inherited by all child device groups below it. This is working. According to the documentation for 7.1 and 8.1, you can check the box "Disable override" to prevent chi...

fjwcash by L4 Transporter
  • 3609 Views
  • 1 replies
  • 0 Likes

High utilization caused by decryption

I dunno if anybody else has run across this or not but I just felt compared to share. I have been having fairly continious performance problems with a 5050 cluster and last night I isolated at least one culprit that's been adding to that problem. We are in the process of rolling out Windows 10 and a bunch of new Microsoft apps AND our firewall...

bwsaloum by L2 Linker
  • 5500 Views
  • 2 replies
  • 1 Likes

Resolved! Question About PA SSL vulnerability

Hello Team, Can anyone provide a solution resolve below vulnerability in PA. Port no.: 443 Summary: Weak cipher suites supported Analysis :The remote host running SSL using a weak cipher suite which can be exploited by an attacker to perform man in the middle attacks. All the updated and secured services will be transmitting data over the unencr...

Dynamic Block List - Limit on number of entries?

I've been experimenting with MineMeld and love it - brilliant product 🙂 That said, I'm struggling to get a clear idea what the size limit is of each blocklist. https://live.paloaltonetworks.com/t5/Learning-Articles/How-are-Dynamic-Block-List-Entries-Counted-on-the-Firewall/ta-p/62068 suggests even a PA200 can handle a list with 50k entries but ...

move from 4 internet lines to one single internet line

Configuration changes in case we move from 4 internet lines to one single internet line ?in Our Current scenario, We have 4 interfaces configured with 4 different Public IP address and each interface is linked to the different router( Internet),each interface has different services (Internet Email1, Email2, VPN) We are planning to get one new in...

MFayez by L2 Linker
  • 3424 Views
  • 3 replies
  • 0 Likes

Palo Alto Core Firewall HA Active/Active

I have found some issues in running HA Actvice/Active as it relates to config sync. It appears when a red dot on the firewall and an Admin connects their default reaction is sync config. So I noticed that something that replicated to the active-secondary was BGP peer groups which caused my BGP peering to become broken on my secondary PA. So I de...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels