General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Zscaler and Minemeld

Hello,

 

I'm using Minemeld 0.9.44 and I would to get 'range' from the URL https://ips.zscaler.net/cenr/json.

After several attempts with JSON prototype, trying to set different extractor, field (indicator set as range).

 

I'm still not able to get a

...

Resolved! Creating a global, URL based whitelist rule

I'm trying to build a global rule for Sophos cloud based services. I've built a list of all the URLs they use, added the URL list to the URL category part of the rule with the applications web-browsing, ssl, sophos-update and sophos-live-protection,

...

Getting started Panorama 8.1

Ok, let just star by saying I am new to Panorama and I think understand the concept but just doesn’t work as expected. So I will just explain the end goal, I currently have an active/passive pa-500 pair that I am switching to two 3220 in an ha pair. ...

bschaper by L2 Linker
  • 1711 Views
  • 1 replies
  • 0 Likes

Adding MFA to Pre-login GlobalProtect

Global Protect VPN Solution is defined with Pre-login and always-on VPN features.

 

 

Workflow:

  1. Once machine is booted and before user login, Machine is authenticated based on certificate and identified in logs with (Pre-login) user
  2. Pre-login access is re
...

GP.PNG

Nested groups configuration

Hi, Do i need to be able to manually configure the nested groups in the migration tool to be able to successfully migrate them to Palo Alto? Please let me know what version of the migration tool supports supports this configuration within the tool an

...

Resolved! Asterisk Wildcard Error

When Creating a Custom URL Category, I am entering a wildcard infront of the url *lans.com.au

 

However when attempting to apply this wildcard, I am getting this error

 

URLBlock -> list '*lans.com.au' is invalid. Consecutive asterisks (*) in a URL wildc

...

Pooch87 by L0 Member
  • 3102 Views
  • 2 replies
  • 0 Likes

Resolved! Policy Export

Hello,

Is there way to export a policy from a PAN device in a read-able format? We are in the process of cutting over a new PAN internet firewall and all the rules had to be created by hand (from the previous vendor model). I'm looking for the ability

...

CRHC by L4 Transporter
  • 5623 Views
  • 5 replies
  • 0 Likes

VPN Issue Between PA and WATCHGUARD

Dear All 

I'm facing one issue relate to VPN between PA and WG.
I am using 3DES/SHA1/PFS2, it is not working till i disable PFS-2 on Phase-2.

2018-05-10 10:44:10.483 +0700 [DEBG]: { : 40}: keyacquire received: x.x.x.x[0] => y.y.y.y[0]
2018-05-10 10:44:10

...

Resolved! Server Log Monitor Frequency and User-ID

 

What recommended value for Server Log Monitor Frequency if we increase the from 2 Sec to 10 Sec ?

 

 

What is the relation between this queries and User Identification Timeout of 600 minutes and Server Log Monitor Freq?

 

 

 

 

 

 

NavidAlam by L3 Networker
  • 4244 Views
  • 1 replies
  • 0 Likes

Transparent Proxy

Hello,

 

I am new with PA family and currently evaluating PA-3220 / PA-3060 appliance

I would like to know if i can implement transparent proxy feature with the above applaince for all my users including branch office without making major changes to net

...

Resolved! Migrating from sub-interface to L3 interface

Hi,

 

We have pair of PA in HA mode, we are going to move one of the sub-interface to a L3 interface. is it possible to do this without any downtime? I am considering below steps

 

  • take out sub-interface from monitored interface (to prevent failover)
  • conf
...

  • 24298 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels