General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Traps false positive

Hi, Our traps solution is detecting malware when it shouldnt happen. This hash have been checked as benign, Within Security Events we are repeated alerts in Malware Modules due to the protection of processes that refer to executable parents and children that despite having a benign diagnosis by Wildfire continue to appear recurrently, in fact t...

1.jpg
2.jpg
3.jpg
BigPalo by L4 Transporter
  • 2211 Views
  • 2 replies
  • 0 Likes

Load Config Partial for Panorama Firewall Import

If anyone used it before, can you please share “load config partial” commands to import all configuration items from saved firewall xml config (fw1.xml) file into new Panorama template (e.g. template1) and new device group (e.g. dgropup1).I can work out most of them, but have the feeling that I am missing some configuration items.

BatD by L4 Transporter
  • 4455 Views
  • 6 replies
  • 0 Likes

Failed to add imported nodes from device to Panorama

I am trying to import firewall to Panorama using “Import named Panorama configuration snapshot” option. However when I select the device, I get the following error message, with no indication of why it is failing: “Failed to add imported nodes from device to Panorama. Validation failed.” They are new firewalls with very little configuration on t...

BatD by L4 Transporter
  • 2536 Views
  • 1 replies
  • 0 Likes

Authentication policy for RDP

I have succesfuly implemented auth policy for http and https (with decryption).But I can't get it to work for RDP. Yes, I know I need GP client for non-browser protocols. Customer is using MS MFA server. As it's not supported by PA as MFA server we configured it as Radius server.I have auth profile which uses Radius server profile towards MS MFA...

santonic by L6 Presenter
  • 4419 Views
  • 2 replies
  • 0 Likes

Packet flow for Hardware Offload

Dear Experts, Was wondering regarding packet flow in terms of hardware offload. Is it like below or somethingelse? Ingress Stage > Session table/flow lookup> Offloaded or Ingress Stage > Session table/flow lookup > App-ID/Content-ID inspection is done or not > offloaded Please suggest. Best Reagrds, Fozail

fozail by L3 Networker
  • 5100 Views
  • 4 replies
  • 0 Likes

Resolved! panorama and user-id agent connections

Hi I have a A/P clusert and I have panorama talking to it and also other PA's to distribute userid info. Now I have agent configured from panorama to each of the management ports on the A/P cluster. But 1 is always failing - as its the passive one, I was thinking i should actually attach userid agent to a lo back device and have only 1 agent con...

Resolved! attacker and victim who is impacted?

under threat logs i see attacker and victim and also i see spyware signature attacker is source - dns server--- victim is -- appliance how can i verify who is impacted with this spyware? Mike

MP18 by Cyber Elite
  • 3580 Views
  • 4 replies
  • 0 Likes

Resolved! Pre-Logon GP VPN

Ive read a number of guides, but for the life of me i cannot get pre-logon working. Is there an idiots guide to the required certs i need? Our clients already have a machine cert which we use for wifi authentication

welly_59 by L3 Networker
  • 2697 Views
  • 1 replies
  • 0 Likes

Resolved! Application and Threat Update ----Decoder

need to confirm one thing below with application and threat updates when we see the decoder as DNS then we do need to check all the vulnerability and anti spyware in order to make what traffic is linked to DNS? In other words when i see the decoder as DNS i just want to make sure which anti spyware or vulnerability is modified? Mike

MP18 by Cyber Elite
  • 3010 Views
  • 2 replies
  • 0 Likes

Globalprotect disconnects

Weird one here, I have many remote users, all over, experiencing no issues. But... I have one user which when the user connects, he successfully connects but as quick as he auth's, he gets disconnected. Reason "client logged out". In which he does not logout, his side just never connects. + HQ is in Nor Cal, user is in Florida+ User only uses "y...

k.truex by L1 Bithead
  • 8244 Views
  • 5 replies
  • 0 Likes

Resolved! Is PANOS 8.1.3 really functionnal on PA-3250 ?

Hi all, We migrated 2 weeks ago from a PA-3020 to a PA-3250. We upgrated the PA-3020 from PanOS 7.1.19 to 8.1.3 and then we exported the configuration and then imported it into the PA-3250 (that was already in PANOS 8.1.3)Since this migration we faced to different issues we never encountered using the PA-3020.The most important of them is that a...

unknown-tcp.png

Experiencing issue with MineMeld fresh installs

Hi, Have anyone tried a fresh install of MineMeld recently? I'm getting issues with minemeld engine on Ubuntu 14 (using apt repo) and 16 (ansible). What I did was doing an apt-get update && apt-get upgrade on both version: From the console: minemeld-engine FATAL Exited too quickly (process log may have details)mineme...

vedd3r by L2 Linker
  • 5342 Views
  • 1 replies
  • 3 Likes

Resolved! threat logs - type vulnerability and spyware - Action - reset both and drop

Under threats logs i see type as : type vulnerability action - reset both-----------sev is high does this mean that if it is DNS query traffic this will time out the traffic?Threat ID here is 54122 type spyware action is drop --------------sev is drop as name says it will drop the traffic right? so if server is doing dns query to dns serve...

MP18 by Cyber Elite
  • 5782 Views
  • 3 replies
  • 0 Likes

Switching GP from User (Always On) to Pre Logon

I’m looking at switching GP from User (Always On) to Pre-Logon (always On).Current setup is one firewall serving as both the portal and gateway. I’m doing both username/password with client user certificates for multiple authentication factors, as this is a requirement.I deployed a computer cert to test Pre-Logon but it doesnt seem to work as ex...

MikeC by L3 Networker
  • 8959 Views
  • 10 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels