General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Setting up Palo FW in vwire mode between router and switch.

We currently have a Cisco switch and router with in our environment. The router does inter-VLAN routing for traffic coming from VLAN's (about 6) on switch; typically as in a ROAS setup. So the switch is L2 and router is L3. Looking for a away to place the Palo Firewall transparently in between with two interfaces (eth 1/1 and eth 1/2); in vwire ...

GlobalProtect Configuration Opinions

Greetings! Just to be upfront, I have my configuration working for the most part but I'm interested to hear if there's not a better/safer/quicker way of bending GlobalProtect to my needs. Please feel free to chime in with ideas, opinions or suggestions! Only as much detail as you feel is necessary but I'm happy to hear what you're thinking Scena...

mbahen by L2 Linker
  • 2908 Views
  • 2 replies
  • 0 Likes

Resolved! How to add domain security group superuser access

Hello, I would like to add a domain security group superuser access to Panorama and devices. So any users in the below groups access to both panorama and firewall’s. Superusers - CN=PA Superusers,OU=Global Groups,OU=Ad Australia,DC=ad,DC=com,DC=auSuperusers (Read Only) - CN=PA Superusers RO,OU=Global Groups,OU=Ad Australia,DC=ad,DC=com,DC=au ...

Problems with routing two different LANs in the same interface

I have this scenario: My PA-200 have 2 interfaces: one connected to the Internet Zone, another to the LAN Zone. The LAN interface has 192.168.1.1/24 as its IP address. I have another LAN connected through a router with 192.168.1.254 IP address. In the PA-200, in the default-router I added the route for 192.168.2.0/24 with gateway 192.168...

Genesis Amazonas.png

Resolved! Panorama 8.0 - EDL & Certificate Profile

Hi all, I just ran into an issue while creating an External Dynamic List in Panorama 8.0. The source is a HTTPS address that requries a certificate profile for validation, so far so good. The problem is that I can't select any certificate profile, the list is empty. There's a certificate profile created under Device > Certificate Management ...

Capture.JPG
Capture.JPG

Resolved! GlobalProtect for Linux cannot connect to local gpd service

After installing the rpm (latest version as of today: 4.1.7, running on Fedora 28) the cli client cannot communicate with the service (although it is started): $ systemctl status gpd● gpd.service - GlobalProtect VPN client daemonLoaded: loaded (/usr/lib/systemd/system/gpd.service; enabled; vendor preset: disabled)Active: active (running) since T...

ctr_ts by L1 Bithead
  • 26196 Views
  • 5 replies
  • 0 Likes

Resolved! DMZ Config for web server

My firewall is using the following Interfaces/Zones: E1/1(5.5.5.170/29) and E1/1.1(5.5.5.174/29) are in the outside zone. E1/2(192.168.254.252/24) is in the inside zone. E1/8(192.168.1.1) is in DMZ zone. E1/1 and E1/2 are connected to the mainvr virtual router. E1/1.1 and E1/8 are connected to the DMZrouter virtual router. I have a web serv...

nmckee by L1 Bithead
  • 13171 Views
  • 4 replies
  • 0 Likes

Security Policy not blocking Facebook

Hello, I am connecting to the VDI as the teststud user and can browse to Facebook. The session is hosted on IPC-VDI-VSH1 as per the screenshot below. I have copied our existing security policy which blocks access to Facebook, Youtube etc. I can see that the traffic is hitting the correct policy, however, I am still able to access Facebook. I ...

Deny traffic.jpg
Security Policy.jpg

Resolved! Connecting to VPN Windows network profile changes to "Domain network" for the phys. network adapter

Just noticed that with Globalprotect 4.1.x the network profile changes to from "Public" or "Private" to "Domain network" for physical network adapter and not just for the VPN adapter while being connected to GlobalProtect service. Also when the VPN session is disconnected the physical adapter profile does not change but instead stays as "Domain ...

NLA-4.0.8.jpg
NLA-4.1.8.jpg
tigeli by L2 Linker
  • 7807 Views
  • 1 replies
  • 0 Likes

Resolved! Disable SSL decryption via CLI - how long

Happy New Year everyone Need to know if i run the below command Disable SSL Decryptionset system setting ssl-decrypt skip-ssl-decrypt yes Will this disable ssl decryption for 1 hour or 1 day need to know for how long?

MP18 by Cyber Elite
  • 3372 Views
  • 2 replies
  • 0 Likes

Cant deny users from using remote desktop on non standard tcp port

I am trying test app id & put a rule in (all the way on top) denying my work station from accessing RDP on machines in other zones. I have successfully blocked users from accessing RDP on standard port 3389 but can still access RDP on a machine that listens for RDP on a non standard port (tcp 51000). I did not specify the non standard port...

rdp.PNG
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels