General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Using Minemeld for URL EDL

Dear MM comunity, I am trying to use MM for parsing a URL list to populate a PA NGFW which lacks Url filtering license. I have found that predefined miner urlhaus.URL which seems very well done. It is based on https://urlhaus.abuse.ch/ , which is free of charge. I have cloned it, then cloned a URL aggregator and a URL Output. I used the fo...

wdoria by L0 Member
  • 12824 Views
  • 4 replies
  • 0 Likes

Resolved! Device maximum ospf peers

hi guys is there a document that list the maximum OSPF peers and OSPF Areas for PA5220(per device is better) since ther might be a hardware or software limit on it for stability purposes. Thanks

toskie by L1 Bithead
  • 3805 Views
  • 1 replies
  • 0 Likes

Downgrade Pan OS

Does the debug svm revert still work on the 8 os? https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcYCAS

jdprovine by L4 Transporter
  • 9137 Views
  • 8 replies
  • 0 Likes

Odd NAT issue...

Had a very odd issue yesterday, I created two new Bi-Directional nat rules [seperate NAT IP's] to the outside world, one worked fine the other did not... One server could not get to the outside world..The NAT matched [OK],The Security Rule Matched [OK], Searched the configs [and old ones] for any possible clash with the NAT IP "X.X.X.115", Nothi...

nat1.jpg
nat2.jpg

Certificate Setup on HA Pair

Hello, I wanted to use the SSL/TLS profile facility to restrcit management GUI sessions to TLSv1.2 but am having trouble with the certificates/process to follow. We have an Active/Passive HA Pair, i have been trying to setup on the passive to test but it is not working, from having a look around i susepct this may need to be setup on the Active...

Resolved! Default Master Key lifetime

Dear Comm, I do understand that we use the master key for encrypting our private keys and passwords stored on the firewall. However I am wondering why we should touch this key at anytime? What is the default lifetime of the default master key? I assume it to be 0 (=infinite) as I cant find anything about this question even in the PANOS admin gui...

Rboehme by L2 Linker
  • 6512 Views
  • 2 replies
  • 0 Likes

ldap user group unable to get access

I have ldap server setup with auth profile. User gets authenticate by ldap server and can login via global protect.User is part og the group and a policy is created for this group to access resources.If i change the group to any access is granted but not with specific group in policy.

Regarding pcnse

What is the level of toughness that we have in real exam than what we see in practice test on a scale of 1-5.Is there any good pcnse practice tests that match the level of real exam. The only source of my prep is just the pcnse study guide is there any book that is recommended.Thx.

Sanssj by L2 Linker
  • 4692 Views
  • 3 replies
  • 0 Likes

Resolved! Datafeed Empty Indicators

Dear group; I had running Minemeld server with defautl Miner like that spamhaus_DROP, spamhaus_EDROP working fine. I Create a Custom Miner of prototype libraesva.LIBRAESVA_Advertising_IP4 with the follow info: Miner: LIBRAESVA_Advertising_IP4-feet2CLASS minemeld.ft.http.HttpFTPROTOTYPE libraesva.LIBRAESVA_Advertising_IP4Processor: aggre...

Resolved! BPA tool

I was told that we can use a tool called Best Practice Assessment. Have you got the link/app to access it?

Farzana by L4 Transporter
  • 17883 Views
  • 8 replies
  • 1 Likes

Resolved! Global-protect configs

I changed global-protect configs by GUI then I checked the following 2 items was changed which I had never changed.Would it happen If I changed it by CLI? and is it by design? The 2 itemsGlobalProtectPortal configuration > Agent > Configs > App・Set Up Tunnel Over Proxy (Windows & Mac Only):Yes・Display Status Panel at Startup (Window...

question on ms-one drive option

Hi,I am looking into blocking online storage from our network, all except One drive. Under objects->Applications->Category-> general-internetsub category file-sharingI see ms-one drive has several optionsbase, downloading, share and uploading.what does the base option?can we selectively allow/block each event?

routing forwarding

hey guys If there is a site-to-site VPN between the FWs and I want to force some specific internet access traffic to go through this VPN, is it possible? Can I just add static routing on FW to force the specified traffic to the VPN tunnel?Do we need some config for the traffic which coming back? Thanks

qd_056 by L2 Linker
  • 4467 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels