General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Hangout/meet configuration

Hello everybody, In my company, we are implmenting g-suite and I would like to know if some of you already did it. I'm facing some problem mainly on google-hangout/google-meet. When I try to do a hangout video and audio, I see my traffic going to stun and after, I have my traffic "aged-out" and my conference never works. Any idea ? David

Resolved! Data filtering blocking when it should not

We were testing File Blocking and found that it was blocking too much. The configuration consisted of 2 rules: - Applications = ms-ds-smbv1, File-types=any, Action=continue- Applications = any, File-types=any, Action=alert The test was to download an excel file using SMBv1, and result was blocked.We would expect that it would allow it. If we j...

Threat in "ZIP", how do you determine what request it was in??

I keep getting a specific threat logged for a "dll" which I suspect may be in a ZIP that has been inspected. I can't seem to find any information on what ZIP it was in so I can corrolate the event with our web filtering system. The threat log does not seem to give me any clues.. Cheers Rob

Resolved! Diasble 7.1 Administrative session cipher suites

Hello, A recent PEN Test has advised we disbale the Arcfour when connecting via SSH to manage the Palo Alto via CLI. We are on release 7.1.6 (pending upgrade). https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/supported-cipher-suites/cipher-suites-supported-in-pan-os-7-1/cipher-suites-supported-in-pan-os-7-1-admin-sessi...

Resolved! IPSec S2S VPN between Palo Alto and 3rd party Security FW Vendor -> ISAKMP Negotiation

Hi, I am trying to setup a Site to Site VPN between a Palo Alto FW and a 3rd Party Security FW Vendor; I would like to undestand under which condition the Palo Alto FW would attempt to start an ISAKMP negotiation (for Phase 1) with the IPSec peer counterpart. I'm familiar with the Cisco ASA setup - where, for ex., the tunnel is brought up only w...

CarloInt by L0 Member
  • 3812 Views
  • 1 replies
  • 0 Likes

User-ID Statistics

We have a cenario where the Firewall control the Internet access from users in the local network and we control these access with URL profiles and security policies.We identify the user session with USER-ID Agent installed on Windows AD Servers.I'd like to count how many users the Firewall identify per day in the Internet Access.How can I get th...

mmcastr by L1 Bithead
  • 4047 Views
  • 3 replies
  • 0 Likes

Setting "log at session start" on multiple rules

I found a KB but it's from 2016 and is no longer applicable. I want to enable 'log at session start' on thousands of existing Security Pre-Rules across several Device Groups. I remember a multi-edit function but something's changed and I can't figure out how to do this. We're running Pano 8.0.8 and 7.1.8 on the firewalls.

Resolved! app not show on application field on policy based forwarding

Hi community, what is the reason one app not show applications field/We need create one policy with one app that show on applications, but when I check in PBF the app is not show. The app name "supremo" use default port tcp/443 and Implicitly Uses: web-browsing.What is the reason ?

Cacti Host Template: From PA500 to VM100 - failing

We have enjoyed Cacti statistics from our PA-500 box for years. But when I replaced the PA500 with a VM-100 then Cacti could no more connect to fetch data via SNMP. I thought both models used the same protocol and version. Below you'll see a screenshot of the cacti settings that worked with our PA500. What do I need to change here to connect ...

CactiHost.jpg

Why public cloud users did not need Palo Alto before ?

Dear all We can see heavy public cloud users since 2016. But we did not have Palo Alto on public cloud until recent. Does that mean public cloud does not need 3rd party security solutions like Palo Alto? Because if public cloud users really need 3rd party security solutions like Palo Alto, they should not survive 2016-2018, should they? They sur...

Re: user-id agent issues

We are using windows user-id agent for parsing the user and user group mapping info. often i see in the logs that the user is being not recognized and hitting the deny rule. after couple of minutes it starts recognizing the user and allows the traffic i am skeptical what could be the reason for this disparity. why would any user info and user...

Sanssj by L2 Linker
  • 2497 Views
  • 2 replies
  • 0 Likes

Resolved! Errors in installing Minemeld on Ubuntu 14.04

I am trying to install minemeld on ubuntu 14.04. here the steps I did: I made iptables inactive I Added and verified successfuly the repo GPG key I added the minemeld APT repo I verified that minemled APT is added in /etc/apt/sources.list However, we I do the last step: sudo apt-get update && sudo apt-get install -y minemeld rsyslog-mi...

Capture.PNG

PAN-SA-2018-0015

Hi guys, Just saw the notice about PAN-SA-2018-0015. Doesn't seem like this vulnerability is a real issue. Am I correct? Or is there a viable way of someone exploiting it?

YoniLeit by L0 Member
  • 4708 Views
  • 2 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels