General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Understanding Panorama & Firewall Configurations

Our Panorama server has 3 firewalls connected to it, all 3 are the same model. All 3 firewalls are linked to there own seperate template, template stack & device group. Each template, template stack & device group is linked to only one firewall. N

...

Resolved! RSA, DH,ECDHE - is encryption done in hardware or software

need to know if Key Exchange Algorithms

RSA

DH

ECDHE

of them which take more cpu cycles ?

are they platform specific?

is all of them done in hardware?

Exporting full applipedia list

I was wondering if there was some way to export the full applipedia list to include the standard ports and implicit use/depends on applications also. Or if this information is somewhere else that is easier to pull from than selecting on each individu

...

Disabling NetBIOS with DHCP Option 43

All,

I am in the process of migrating DHCP services from a Cisco IOS-XE switch to Palo Alto 220 firewalls. DHCP is working flawlessly however I am curious about the implementation of Option 43 for disabling NetBIOS.

In the Cisco world it is implemen

...

Cant' access after apply Password Profiles in Panorama

after we applied password profiles the users can't access to panorama, cause they didn't change the password in the time that we define, is any solution to roll back this change or trying to access?

Thanks in advance

Passing Cisco heartbeat traffic through the passive device's data plane

In a HA configuration is it correct to assume that the dataplane won't pass traffic? Network has a need to pass a heartbeat of sorts through the passive firewall for network path health. Is it still possible to pass this traffic through ingress/egr

...

Resolved! Hangout/meet configuration

Hello everybody,

In my company, we are implmenting g-suite and I would like to know if some of you already did it.

I'm facing some problem mainly on google-hangout/google-meet. When I try to do a hangout video and audio, I see my traffic going to stu

...

Resolved! Data filtering blocking when it should not

We were testing File Blocking and found that it was blocking too much.

The configuration consisted of 2 rules:

- Applications = ms-ds-smbv1, File-types=any, Action=continue

- Applications = any, File-types=any, Action=alert

The test was to download

...

Threat in "ZIP", how do you determine what request it was in??

I keep getting a specific threat logged for a "dll" which I suspect may be in a ZIP that has been inspected.

I can't seem to find any information on what ZIP it was in so I can corrolate the event with our web filtering system.

The threat log does no

...

Resolved! Diasble 7.1 Administrative session cipher suites

Hello,

A recent PEN Test has advised we disbale the Arcfour when connecting via SSH to manage the Palo Alto via CLI.

We are on release 7.1.6 (pending upgrade).

https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/supported-ciph

...

Captive Portal Auth Successful Page

Hi

I have a captive portal login page. After the users authenticate, how to display a customized "Login Successful" page ?

BR,

RJ

Resolved! IPSec S2S VPN between Palo Alto and 3rd party Security FW Vendor -> ISAKMP Negotiation

Hi,

I am trying to setup a Site to Site VPN between a Palo Alto FW and a 3rd Party Security FW Vendor;

I would like to undestand under which condition the Palo Alto FW would attempt to start an ISAKMP negotiation (for Phase 1) with the IPSec peer cou

...

User-ID Statistics

We have a cenario where the Firewall control the Internet access from users in the local network and we control these access with URL profiles and security policies.
We identify the user session with USER-ID Agent installed on Windows AD Servers.
I'd l

...

Setting "log at session start" on multiple rules

I found a KB but it's from 2016 and is no longer applicable.

I want to enable 'log at session start' on thousands of existing Security Pre-Rules across several Device Groups. I remember a multi-edit function but something's changed and I can't figur

...

Resolved! app not show on application field on policy based forwarding

Hi community,

what is the reason one app not show applications field/

We need create one policy with one app that show on applications, but when I check in PBF the app is not show.

The app name "supremo" use default port tcp/443 and Implicitly Uses:

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Understanding Panorama & Firewall Configurations

Resolved! RSA, DH,ECDHE - is encryption done in hardware or software

Exporting full applipedia list

Disabling NetBIOS with DHCP Option 43

Cant' access after apply Password Profiles in Panorama

Passing Cisco heartbeat traffic through the passive device's data plane

Resolved! Hangout/meet configuration

Resolved! Data filtering blocking when it should not

Threat in "ZIP", how do you determine what request it was in??

Resolved! Diasble 7.1 Administrative session cipher suites

Captive Portal Auth Successful Page

Resolved! IPSec S2S VPN between Palo Alto and 3rd party Security FW Vendor -> ISAKMP Negotiation

User-ID Statistics

Setting "log at session start" on multiple rules

Resolved! app not show on application field on policy based forwarding

IKEV2 w Cert - Wildcard peer for DN does not work.

Transferring assets from one CSP Tenant account to another

Proper "outside" interface configuration

Configuring Palo Firewall into an IDS

A question about ECMP

Re: MFA external provider question

Re: GlobalProtect 6.3.3

Re: SPARE device usage

Re: Upgrade path to 11.2.5 from 11.0.0 on a PA-410

Re: Global Protect application blank screen

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! RSA, DH,ECDHE - is encryption done in hardware or software

Resolved! Hangout/meet configuration

Resolved! Data filtering blocking when it should not

Resolved! Diasble 7.1 Administrative session cipher suites

Resolved! IPSec S2S VPN between Palo Alto and 3rd party Security FW Vendor -> ISAKMP Negotiation

Resolved! app not show on application field on policy based forwarding