General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1210 Views
  • 0 replies
  • 0 Likes

Resolved! 8.1.4 & TLS 1.3?

This link (https://www.ietf.org/mail-archive/web/tls/current/msg27066.html) says that PAN-OS 8.1.4, PAN-OS 8.0.14, and PAN-OS 7.1.21 will fix a TLS issue.  I don't see any mention of this in the 8.1.4 addressed issues page though.  Do we know this is

...

Resolved! Dual ISP VPN failover with static route path monitor

Now that we have newer features like static route path-monitoring, is there a new recommended configuration for Dual ISP with VPN failover?  I'm thinking SiteA (Dual ISP) to SiteB (Dual ISP) with IPsec VPN both using a single VR. 

I assume it will be

...

Palo Alto Mgmt Port Issue

Dear Friends,

 

We are facing a issue that currently we are unable to console to firewall device. But traffic is passing through active firewall. Status is HA1 backup= Down

 

Please advice 

 

Thanks,

Lakshitha

Resolved! logs for Intelligence Sharing and telemetry

is there any way i can find from cli or from web gui that confirms my PA is sending all telemetry   data ?

 

any where in PA  cli i can find the logs or data send to Telemetry?

 

where it  send this data to?

 

is this function performed by the MP of the PA

...

MP18 by Cyber Elite
  • 2272 Views
  • 2 replies
  • 0 Likes

URL Filtering block websites?

I have a URL filter profile with a list of URLs set to block (under Objects  Security Profiles > URL Filtering), which is applied to security group profile. 

However none of the URLs are being blocked. 

Is there something I should check to confirm this

...

URL Filtering different with browser and application

Hi

 

We have a server, from where the user wants to go to, for example, abc.xyz.com.

The certificate from the website xyz.com has a CN *.xyz.com.

 

We dont have decryption for URL Filtering. In the URL Filtering category, we have allowed abc.xyz.com.

The u

...

FQDN as source address

Hi to all

 

I have a problems with riles with FQDN

 

For example i created rule:

 

source ip - destination ip - destination port

 

I changed ip to FQDN object - pc1.domain.com.  Palo Alto can resolve name to IP. 

 

New Rule:

 

source FGDN - destination ip - dest

...

aaobuhov by L2 Linker
  • 3765 Views
  • 4 replies
  • 0 Likes

Resolved! Upgrade to 8.1 from 8.0.x

I just got off the phone with Palo support as I'm doing an upgrade from 8.0.9 to 8.1.4.  They said all I need to do is download (not install) the base 8.1.0 image, then download and install 8.1.4

 

While on the line with them, I came across this from d

...

ce1028 by L4 Transporter
  • 11769 Views
  • 10 replies
  • 0 Likes

Resolved! Skype for Business vs Skype

Hi All,

 

is there a way for Palo to distinguish between Skype and Skype for business?

Application list only suggests you single Skype application...

 

Idea is to block regular skype and only allow skype for biz, maybe there are any weird workarounds....

...

Carve public Subnet without involving Vendor

Anyway to accomplish following without modifying routes at the router?

 

I have a subnet 1.1.1.0/24

 

1.1.1.1/24 PAN ETH1 Need to route 1.1.1.50 from ETH1 -> ETH3 as it sits behind ETH3. I need ETH1 to reply back to router when it says arp who has for 1.

...

junior_r by L3 Networker
  • 7140 Views
  • 7 replies
  • 0 Likes

Resolved! ip id in wireshark to confirm PA is not dropping the traffic

 

I am troubleshooting sharepoint connection to cloud on port 443

pcap and global counters show no drops

i see no discards in the cli.

 

when user access the website he sees blank page no contents

 

if i confirm the ip id in pcaps of the PA is same from rec

...

MP18 by Cyber Elite
  • 3924 Views
  • 6 replies
  • 0 Likes
  • 24173 Posts
  • 117 Subscriptions
Top Solution Authors
Top Liked Authors
Labels