General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Minemeld diminishing numbers when passing from miner to processor.

Hello, We are trying to integrate Recorded Future IP risk list with our SIEM to do correlation after that. We have set up correctly the miner, which gives us around 50k indicators. We then proceed to pass it to the processor stdlib.aggregatorIPv4Generic, which just process 20k indicators. Finall we convert it to CEF format with the output cef.t...

Resolved! Mid-January Azure AD IP Update

Can anyone confirm these 2 new ranges will be added to the feeds at the appropriate time? Didn't see any discussion on this. https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Azure-AD-updating-IP-Addresses-in-Mid-January/ba-p/304828

Chad00 by L1 Bithead
  • 3902 Views
  • 1 replies
  • 0 Likes

DHCP - DNS Servers

Hi All, Awhile back I was having an issue using DHCP on our PAN Fws. In the DHCP options, if I set the primary DNS to an internal DNS server and the secondary to a public DNS server, our clients randomly had issues accessing internal resources. I would notice even though they had connectivity to the internal server, it was using the secondary t...

MikeC by L3 Networker
  • 5393 Views
  • 4 replies
  • 0 Likes

Resolved! NAT Issue

Hi Friends,I have 2 server hosted in lan zone and one public ip . i have configure the NAT for 1 server from outside from port 80 and its working fine. but i want access the other server from lan with public ip from port 80 but its not working showing application is undirected. please suggest.RegardsSatish

Satish by L4 Transporter
  • 8132 Views
  • 3 replies
  • 0 Likes

Allow policy for 2 hours per day

Hi It is possible to allow a rule for 2 hours within a possible time windowI would like to allow for exampe youtube for 2 hours per day for our employees . Could i solve this somehow via API ? Regards Markus

Mr.Robot by L0 Member
  • 3002 Views
  • 3 replies
  • 0 Likes

Palo Alto Agentless User-Ip mapping Not Working

Hi Folks, Need urgent help on an issue where " PAN Box Integrated with AD as an LDAP entity for USER-IP Mapping. So when User switches from LAN --> WiFi or WiFi --> LAN different IP Subnet, user-ip mapping don't change instantaneously" because of this user based policy doesn't enforce. Please help.

Resolved! Threat Prevention - IPS features

Hi, Can we enable IPS features on a particular sub-interface/zone in Palo alto so that it gets applied to all traffic that enters through that particular sub-interface? From the little reading which i did, i am seeing it as configuring it in security profiles and applying the profile under individual security policy. I particularly ask for a ...

MGRashmi by L2 Linker
  • 5498 Views
  • 4 replies
  • 0 Likes

Resolved! Scheduled export of csv system log for Global Protect logins

Have been looking around trying to find this and can't find it. I have a filter for system logs to filter all the successfull Global Protect logins for the last calendar week. I have been manually exporting this to a csv but wanted to schedule the process to email the csv out. Is there any way to do this?

Resolved! Aperture working/basic, how aperture policy works

I started with aperture and document mentioned "Aperture compares your user defined aperture policies to the data content and context to calculatre any policy violations" I understoodConext = data exposureContent = Data patterns inside the acutal file As palo alto stores only meta-data, how the policy is checked. Whether policies are sent to the...

Passive device dataplane interface and management interface

Hi Team, Can we ping management IP of the passive device from the any one of the dataplane interface on the passive device. Interfaces on the passive devices are up (showing green) --> passive link state is auto. We have tried pinging the internet interface and it is working fine but internet is not working. We are unable to ping the manageme...

IPSec VPN not working before phase 2 negotiation

Hello, I made an VPN Tunnel between paloalto and fortigate(3 tunnels). Every config is same between them. 2 of them work well but 1 tunnel has an issue. About 3 mins before phase 2 negotiation(by lifetime or other reason), traffics can't go through the tunnel.(I can see traffic logs that incomplete). After negotiation and install sa, it works no...

yhlee1 by L2 Linker
  • 7012 Views
  • 7 replies
  • 0 Likes

Is it ok to set ipsec phase 1 lifetime 24 hours when the peer set it to 86400 secs?

HelloI made ipsec tunnel between paloalto and fortigate. I keep have issue about rekeying, so I try to set different lifetime phase 1 and 2.phase 1 : 28800 -> 86400phase 2 : 28800 -> 28800 In paloalto I can't set 86400 sec, so I plan to set it 24 hours. Is it okay to set it that way? Because fortigate will set the value to 86400 sec.

yhlee1 by L2 Linker
  • 8778 Views
  • 2 replies
  • 0 Likes

Resolved! Whitelisting Load-Balanced Sites - Fetch DNS records as JSON

For sites (to be whitelisted) that are behind ever-changing IP ranges (e.g. Amazon load balancer), has anybody used a services like these? https://dns.google.com/resolve?name=www.netflix.com https://dns-api.org/A/www.netflix.com Is there an existing miner that does DNS lookups? I saw this recommend in another thread but I'm hoping to a...

Minemeld TAXII ISAC

Hi all, I have the way to get feeds from ISAC with a TAXII prototype and I want to share with you all. Proabably it can help someone. Firstly it's necessary to import the minemeld-taxii-ng extension on system>extensions and install extension from git, and activate it, https://github.com/PaloAltoNetworks/minemeld-taxii-ng.git Then, clone the t...

isac_example.JPG
Xavi_Gil by L0 Member
  • 6741 Views
  • 1 replies
  • 3 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels