This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Skype for Business vs Skype

Hi All, is there a way for Palo to distinguish between Skype and Skype for business?Application list only suggests you single Skype application... Idea is to block regular skype and only allow skype for biz, maybe there are any weird workarounds.... like allowing/blocking certain miscorsoft URLs or tcp ports. Cheers,

Carve public Subnet without involving Vendor

Anyway to accomplish following without modifying routes at the router? I have a subnet 1.1.1.0/24 1.1.1.1/24 PAN ETH1 Need to route 1.1.1.50 from ETH1 -> ETH3 as it sits behind ETH3. I need ETH1 to reply back to router when it says arp who has for 1.1.1.50

junior_r by L3 Networker
  • 8100 Views
  • 7 replies
  • 0 Likes

Resolved! ip id in wireshark to confirm PA is not dropping the traffic

I am troubleshooting sharepoint connection to cloud on port 443pcap and global counters show no dropsi see no discards in the cli. when user access the website he sees blank page no contents if i confirm the ip id in pcaps of the PA is same from receive and transmit then we are good right?

MP18 by Cyber Elite
  • 4632 Views
  • 6 replies
  • 0 Likes

User lockouts in STS (external authentication service)

We are experiencing a high number of user lockouts with our externally accessible STS. The traffic is HTTPS so it is making it through our blocking policies. We are requiring MFA through DUO but the challenge/response for the username/password is happening before the MFA kicks in. After 5 failed attempts the users account is locked for 20 minute...

Upgrading from 8.0.6 to 8.1.4 Issue

I am trying to upgrade from 8.0.6 to 8.1.4. I can upload the image via the GUI and it states it saved. I use the cli to install the software package and it fails. I have downloaded 8.1.0 and 8.1.4. Do I need to upgrade to another iteration first? Side note: When looking in the GUI or CLI it doesnt show any software files.

Security Policy organization best practices?

We're working on an audit of our security policies to start getting rid of some generalized rules and start making things more specific. I figured we could do some organization at the same time. I'm curious how others are organizing their security policies and what best practices might be here. Coming from an ASA background, my original securi...

jsalmans by L4 Transporter
  • 5409 Views
  • 2 replies
  • 0 Likes

Resolved! Block Domain on NGFW

Hello, can you anyone let me know how i block access based on domain name, e.g. i want a rule to allow all SMTP inbound except from domain testblock.com, how do i do this? Thanks Ryan

Resolved! Global Protect Portal Cached credentials

Under Global potect client logs i see in PAN GPA logs cached credential for the portal does it mean it i using username and pw for only the portal connection? if i do not want portal to use cached credential what config change i need to do?

MP18 by Cyber Elite
  • 17450 Views
  • 3 replies
  • 0 Likes

Issue in Retrieve framed IP address attributes from authentication server

HI Guys, I have deployed radius server for authenticating the third party Ipsec clients. When I connect to global protect from my mobile third party ipsec client it is getting connected via x auth support enable in global protect gateway and authenticate itself using Authentication profile configured(This has both LDAP and radius authentication...

Resolved! Policy not catching correct traffic

Hi all, first time poster so go easy! We're running into an issue where a rule that is meant to catch ether-ip traffic on port 20033 is slipping through and being caught by a lower rule which allows any application and service. Rules as follows: When running the "show session all filter rule X" command in cli, we can see that sessions are only ...

rules.png
rulebig.png
cli.png

HA1-B down on 3200 series

I've been doing some tinkering with a pair of 3220s and am noticing that in the GUI it's reporting HA1 Backup is down in the HA widget of the dashboard if I use the HA1-B port. HA1-A is up, and if I use the management port for HA1-Backup, it comes up fine. I configured HA1-B the same as HA1-A, only using a different /30 network. I've tried di...

dan731028 by L3 Networker
  • 12293 Views
  • 6 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks