Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
jforsythe by Community Team Member
  • 27 Views
  • 0 replies
  • 0 Likes

Resolved! Minemeld SSL Certificates

Hi - 2 questions:-

 

> How do we change the default SSL certificate on Minemeld?  Standard Apache cert replacement?

> If we have a custom source running SSL with a self-signed cert, can we force a HTTPS miner to ignore the cert error?

 

Thanks!

apackard by L4 Transporter
  • 23904 Views
  • 11 replies
  • 0 Likes

Resolved! Load Partial Config: merge vs append

When loading a partial config you have 3 options:  replace, merge, append.  I can't find a description anywhere as to what exactly each of these does!  Especially between merge and append.  I did see this KB article but it really doesn't explain the

...

Packet Flow Sequence and Application Override

Hello everyone,

I have a question regarding the "AppID override" ,

In this article "https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0" we can read the following:

"
Special Note about Content and Threat inspection
Applicatio

...

Resolved! TLS 1.3 is Coming - How to deal with it????

My security counter parts came to me letting me know that in Chrome version 70.X+ TLS 1.3 will be turned on by default.  This appears to be causing problems in our current firewall deployment:

 

A/P HA-par 5220s running 8.0.10 (soon to be 8.0.12).

 

It l

...

TLS_Error.png
TLS_1.3.PNG

Problems with ping due to SSL decryption

Hello

we have PA 220 model

and when we implement SSL decryption we can observe the ping delay in our trust interface.THE cpu load is 50 %

when we turn off the SSL decryption everything is normal

Radmin_85 by L4 Transporter
  • 2406 Views
  • 2 replies
  • 0 Likes

Resolved! Cannot access PAN Webgui

Hello,

 

Recently we performed a decrypt change to allow website to bypass decryption.

Now no user can access the PAN Webgui https.

Tried in different browsers and from different machine but no change.

Connection to FW via putty session is fine. 

We have r

...

Webpage.jpg

Issues with the MineMeld Microsoft EDL's

For the last couple of weeks we are running into an interesting issue with our Office365 EDL's.  We pull the Office365 API based IP/URL list into Panorama using MineMeld.  This process is working perfectly.  We have compared the output within MineMel

...

Need information on DHCP Relay

Hello. To start I had a DHCP server configured on one of the interfaces on our Palo 810 PanOS 8.1.2. The DHCP addresses being handed out were not being registered with our DNS server so I was tasked to make that happen. I figured I would just set up

...

IPsec tunnels, VPN features & licensing

I have a few PA 200's all with base license ready to install for a multisite company that needs a full mesh all over broadband internet. I am willing to manually configure each IPsec tunnel one by one if that is a free option that does not require ad...

Full mesh for multi site over broadband

I have a few PA 200's all with base license ready to install for a multisite company that needs a full mesh all over broadband internet. I am willing to manually configure each IPsec tunnel one by one if that is a good free option that does not requi...

Resolved! Atlassian custom Miner and Feed

I am trying to create a miner/feed for Atlassian IP-Ranges which they publish in a JSON file. I have configured the below and it all looks good and I have Indicators, but when I go to the feed URL it returns a blank page.

 

I created the prototype by

...

JDomNY by L1 Bithead
  • 14928 Views
  • 5 replies
  • 1 Likes
  • 23584 Posts
  • 107 Subscriptions
Labels