General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

SNMP Interface out/in counter unity

Hello !

 

I'm doing some SNMP polling and i needed to know the unity of the output for the interface out/in counter object byte/s, byte/h , bits?? 

 

Thanks in advance !

DanielVe by L1 Bithead
  • 1325 Views
  • 0 replies
  • 0 Likes

Resolved! SNMP Paloalto

Hello !

 

I want to do snmp polling to a palo alto firewall, but not using any management "software" (like zabbix). I'm trying to do it via bash command snmpget, in which i pass the object OID 1.3.6.1.2.1.25.3.3.1.2.1 (CPU util on the management plane)

...

DanielVe by L1 Bithead
  • 2858 Views
  • 3 replies
  • 0 Likes

Max session age?

Quick question here.  If there is a perfect TCP or UDP session that is just sending stream data for example (say, an IP camera feed to a DVR server) and there are no app hiccups or dropped packets - is there a max session age for this condition?  I c

...

dberber1 by L2 Linker
  • 2220 Views
  • 3 replies
  • 0 Likes

Resolved! PA inbound decryption

PA drop (decrypt-error, policy-deny) packet when client present a certificate (SMTP STARTTLS).

 

PAN OS version: 8.1

 

Test cases

 

1) Client cert TRUSTED, TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384

 

Client send Certificate Verify TLS payload

 

openssl s_client

...

decrypt-error.jpg
decrypt-error2.jpg
decrypt-ok.jpg
decrypt-ok2.jpg
blabla by L2 Linker
  • 5686 Views
  • 8 replies
  • 0 Likes

Dataplane increment from 07/03/2018

Hi,

 

We realised that we have had an increment in dataplane from 07/03/2018. Before this day the normal value was 42% aprox. After that day the normal value is incremented to 58%. So we would like to know the reason for this increment.

I check "resourc

...

Resolved! Panorama fails to deploy PanOS to Firewalls

We have a Panorama (M-100) managing several PA5020 firewalls. We need to update the PanOS from 6.1.7 to 6.1.10 (don't push for higher this is all we can do for now). I've updated the Panorama to the 6.1.10 version. Now i try to use the deployment sof

...

Resolved! Any 'Bards' up for a poetic challenge?

It doesn't always need to be hard work and no play, some fun distractions should be part of the job 

 

Therefore I'm calling on all the bards among you (poet warriors in case you never played AD&D  ) to have a swing at a geeky or funny limerick and

...

reaper by Cyber Elite
  • 2559 Views
  • 2 replies
  • 6 Likes

Resolved! User ID agent user-IP mapping refresh evets

Hi Experts

 

As you know the default cache time for user-IP mapping in user-ID agent is 45 minutes. If I am not using WMI or netbios or server session monitoring then:

 

1- How user-IP mapping can be maintained by user-ID agent? This means user has to lo

...

LSVPN deployment using iBGP

I'm looking for information to see any one setup LSVPN using iBGP or other dynamic protocol such as OSPF. Here the scenario and not sure LSVPN using iBGP is right choice or not.

 

IPSec VPN tunnles between HQ and DR

Layer 2 extension between HQ and DR s

...

Resolved! Certificate Error on Miner Refresh

Currently Running MineMeld Version 0.9.40 on Ubuntu 14.04. I am getting the following certificate error. I have tried updating the self-signed cert, restart, ubuntu reboot. with no change.

 

 

iheredia by L1 Bithead
  • 8484 Views
  • 6 replies
  • 0 Likes

Resolved! Certificate is expired and is shown in the browser

Good Morning,

 

System: PA-3020

SW Ver: 8.0.6

 

we are trying to implement a certificate on our Test Firewall and have encountered the an expired certificate.

We have created the certificate (self-signed); however, when I go to the Palo Alto GUI, the brows

...

Certificate Error.png
jasfree by L1 Bithead
  • 3688 Views
  • 4 replies
  • 0 Likes

Resolved! URL classified as Malware but not sinkholed

Hello,

 

Quick question for a specific URL (cia.toh.info)  This URL is classified as malware in PAN-DB but doesn't show ip in the AV release notes as a malware site so it doesn't get sinkholed when we do a DNS lookup for that url.  We've noticed other

...

epeeler by L2 Linker
  • 1861 Views
  • 1 replies
  • 0 Likes
  • 24295 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels