General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Office 365 URL feeds include Dropbox and itunes?

Just started going through the new miners and looking over docs, we are not in production on our deployment for O365 yet. I understand there are app-Id's that would catch most of these, but I noticed that the URL Minemeld feed for the "any-any" version includes quite a few URLS....specifically including: www.dropbox.com www.youtube.com *.itun...

Sec101 by L4 Transporter
  • 10309 Views
  • 7 replies
  • 0 Likes

Resolved! Interface Management profile with public IPs?

Hi folks, We have a PA200 that is in a remote branch location. It's connected via IPSec tunnel for management purposes.After we had to switch it out last year because of a recall, I found it useful to create an interface management profile with our specific HQ public IPs access to it, in order to login to it when the IPSec tunnel was not availa...

OMatlock by L4 Transporter
  • 4864 Views
  • 3 replies
  • 0 Likes

Resolved! 2-Factor Authentication for Admin Login

HI all This is likely to have been asked before, but a search of the Live! forums didn't turn up anything relevantAs part of security best practices in my organisation, I'm looking to enable 2FA (via DUO) on the admin web interface I have the instructions for adding 2FA to user browsing via Captive Portal, and for adding 2FA to GlobalProtect con...

Block Hardcoded IP's containing files

Hello I am curious if there is a way to block hardcoded IP's containing applications? So I would allow downloads when there is a domain name but not allow the download when it is a IP. Example: http://x.x.x.x/filename.exe

Failing to apply VM license

Hi Guys, I am trying to apply CSSP license on one virtual firewall. When I try to attach the received license I receiving the following error: "Failed to install licenses, Model incompatible: feature model is VM100 while the device model is PRA” I got the same for two different firewalls, I am starting to suspect that the template has some issue...

Resolved! Skype files download issue.

Good day!After the recent update Skype stop to function normally, I can upload, but can't download any file.Temporary solution was not to decrypt this category - "internet-communications-and-telephony".But I don't think that this is a normal solution. I've added skype, stun and web-browsing rules to allow skype traffic, but I have 2 Block Proxy ...

policy.jpg

Resolved! How to make suspended device functional from other peer

Hello, We were attempting a firmware update to HA pair. After upgrading the passive peer, we confirmed it was up and the user-id was populated and then suspended the active peer in order to update that. Unfortunately it turns out that management was only enabled on the WAN interface of the originally active peer meaning we can no longer access t...

SNMP comunity string limitation

Is it true that PA firewalls (eg: PA220 or 500) can only support or allow a single SNMP v2 community string to be configured for polling? (ignoring traps) ThanksGab

gabcdt by L0 Member
  • 1956 Views
  • 1 replies
  • 0 Likes

Global Protect client install

Global Protect silent install - Can you specify mutable portals during a silent MSI install of Global Protect? msiexec.exe /i GlobalProtect64-4.1.9.msi/qn PORTAL=gpgateway-a.companyname.com, gpgateway-b.companyname.com

BPA recomendations on unconfigurable pre-defined profiles.

BPA recomends making changes ( Sinkhole, Packet capture) on a number of our Security profiles. For example adding packet capture and sinkhole DNS. But one of the rules it recomends this on is the pre-defined "strict" Anti Spyware Policy. And other changes to the default Anti Virus policy... Neither of these can be modified so will fail to meet ...

Resolved! Need to Send Output of Command to Text File

Hi there,Can I send (print) output of a command to a csv file? (PA500, software: 8.1.4)For example the following command lists the users of the AD and disaplys on the screen. I need a switch/parameter or perhaps another command that lets me send the output (the list of the users) to a text or a csv file. Is that possible? Example of the command:...

  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels