General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Non-reordered IoC feed

I have an IP IoC feed that I would like to ingest and re-publish via MM.

 

The feed is ordered by priority i.e. earlier addresses are newer\more active\higher risk, but if I ingest and publish (miner -> output) it is re-ordered by numeric order.  Is

...

apackard by L4 Transporter
  • 2278 Views
  • 1 replies
  • 0 Likes

Using Minemeld to mine Adobe Creative Cloud addresses?

I saw this link where someone was looking at this same type of thing I am trying to do but I have not seen someone actually create the miners for Minemeld w/ Adobe. I am looking at their GitHub on how to create a miner for them myself, but I figured

...

acdop100 by L0 Member
  • 3769 Views
  • 1 replies
  • 0 Likes

Decrypt Port Mirror problem

We have decrypt port mirrior license on our PA-850

But under interface types we can not see the Decrypt mirror type interface

The Pan-os version is 8.0.8

 

Screenshot_7.png
Screenshot_8.png
Radmin_85 by L4 Transporter
  • 3251 Views
  • 5 replies
  • 0 Likes

Resolved! PA 500 not booting up

Hello,

 

we tried to make a factory reset on PA 500 following this link

 

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-perform-a-factory-reset-on-a-Palo-Alto-Networks-device/ta-p/56029

 

Finally we have not been able to make the factory

...

Denis by L2 Linker
  • 4047 Views
  • 6 replies
  • 0 Likes

VPN tunnel to a firewall NOT internet facing

Hi,

 

I have a scenario with two sites which has two sets (HA) of firewalls, external and internal. So external handles everything internet and behind the internal the datacenter resides. Clients are in between.

 

We have MPLS between the sites which ter

...

Filtering the monitoring log fails endlessly

Pretty often seemingly simple monitor filters seem to get our PA devices in an endless loop.

 

For example:

( rule eq management_services ) and !( addr.dst in a.b.c.d ) and ( app eq ms-sms )

 

will never succeed. The fitering start running, shows a couple

...

mvdven by L1 Bithead
  • 3006 Views
  • 5 replies
  • 0 Likes

PA VM 8.1.0 (MS HV) dns-cache

Hello,

Looks like built-in dns-proxy isn't working correctly. Entries are timing out and system log is filling. mgmt-obj is not showing up in dns-cache section and consequently, not configurable. Any ideas how to fix?

 

system log entry:

dnsproxy,resolve

...

ALyamzin by L0 Member
  • 1267 Views
  • 0 replies
  • 0 Likes

Resolved! Query MineMeld for a single IP\IoC?

We are looking at various options to build a SOC framework and one of the objectives is to be able to have an internal 'queryable' API that we can use to investigate a single IP\IoC.

 

Is there anyway to make MineMeld work in that manner i.e. so we c

...

apackard by L4 Transporter
  • 3446 Views
  • 2 replies
  • 0 Likes

Importing PA200 configuration to PA220.

We are planning to phase out PA200 firewall with PA220 .

PA200 firewall is running PAN OS 7.1.14.

PA 220 firewall comes preloaded with PAN OS version 8.0.X.

 

My concerns is, Can we directly import the firewall configuration  (device state) from PA200 to

...

Nischal by L1 Bithead
  • 4777 Views
  • 2 replies
  • 0 Likes

Minemeld infrastructure components decoupling

Hi all,

 

I was wondering whether there is an easy way to decouple infrastructure components (i.e. redis, rabbitmq, nginx) on remote servers? 

 

A quick overview of the engine code shows that some parts look for environment variable 'REDIS_URL'. Howe

...

URL alerting without SSL decryption

Hello all! I've got a question on URL category alerting. I can set up alerting for malware and phishing categories, for example. I get the alerts if the site is HTTP only. I don't seem to get them if it is HTTPS.

 

My question is this... Shouldn't the

...

Active/Active HA tentative state question

Let's say we have 2 firewalls in A/A HA

each firewall has 2 vWire (single interfaces, no aggregration)

eth1/eth2 = vWire 1 and eth3/eth4=vWire2

link monitoring is set such that if any of eth1/eth2 interfaces are down or any of eth3/eth4 are down the fir

...

PerryK by L2 Linker
  • 3192 Views
  • 3 replies
  • 0 Likes
  • 24297 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels