General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Adding app depencendies

This might be a dumb question, but I visited 3 clients in the past 2 weeks that did not include application depenendcies in their policy rules For example, they'll have a rule allowing webex-base, but don't add rtcp, rtp-base, or stun. To be fair, at least 1 of them had a rule that contains an application filter that allows risks 1, 2 and 3, so...

ce1028 by L4 Transporter
  • 3130 Views
  • 2 replies
  • 0 Likes

SSL Version

Is there any way for the traffic logs to display the SSL/TLS version that's in use for a particular flow? I don't see the data in the traffic logs or in the session info at the CLI.

Resolved! HTTPS URL Filtering without decryption

Hello all, I am trying to implement URL Filtering for HTTPS websites but without decryption. I found a post on how to deliver response pages to Users. (https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Serve-a-URL-Response-Page-Over-an-HTTPS-Session-Without/ta-p/55998) The URL Filtering is working for me but I dont understand th...

Resolved! Untrust to Untrust - Allow

I was working at a customer site and noticed the customer's last rule before their "Catch-All - Deny" rule was "Untrust - Untrust Allow". It was a universal rule with source zone untrust destination zone untrust set to allow. When I asked why they had this rule, the response was "By default, the firewall comes with a default intrazone allow r...

ce1028 by L4 Transporter
  • 18376 Views
  • 11 replies
  • 0 Likes

Binding to AD with globalprotect

We have user accessing the globalprotect VPN using their AD account and we have userid enabled, but we do not see any evidence of the users in the AD domain controller, is that because GP is accessing the DC using a service account? Is there anyway to get the AD accounts to bind on the DC? We need these records for other things

jdprovine by L4 Transporter
  • 7482 Views
  • 13 replies
  • 0 Likes

Dual ISP IPSEC vpn tunnel monitor drops the connection

Hi all, I added second ISP to firewall and created ECMP for dual ISP followed those guides: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Implement-ECMP-Load-Balancing-on-the-Firewall/ta-p/110339# https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-a-Palo-Alto-Networks-Firewall-with-Dual-ISPs/ta-p/59...

SShnap by L3 Networker
  • 4120 Views
  • 3 replies
  • 0 Likes

GRE support on PAN-OS 8.0

Hi,is it possible to terminate a GRE tunnel on a PaloAlto? Parhaps there is something new in 8.0 Best regrads,Sebastian

sst by L0 Member
  • 5782 Views
  • 5 replies
  • 0 Likes

Resolved! Log forwarding - Local on Gateway or Panorama

Hello - I have Firewalls configured with Log Forwarding to Panorama. The question is, do the traffic logs of the Firewall Gateway keeps the copy of the logs and send another copy to Panorama or does it have only one copy forwarded to Panorama Can i configure to forward all the traffic logs of the Firewall to the Panorama and not to keep local co...

PA VM licensing issue between support accounts

Hi, Although looking through this in internal sources as well, but maybe you guys have seen this and have an idea. Initially there was PA VM-100 trial registered in Support Account 1 - partner account. Everything's good.Trial expired, full license was purchased - auth code was registered in Support Account 2 - customer specific account. VM-100 w...

nikoo by L3 Networker
  • 6313 Views
  • 3 replies
  • 0 Likes

Web-Browsing default port application

Hey , i just wondered why in the era that all web traffic is moving forward beeing encrypted and browsers like chrome will soon mark websites that uses HTTP protocol as "unsage" paloalto "web-browsing" application still uses in it's default ports only tcp/80 port and not also tcp/443 port? thanks

minow by L4 Transporter
  • 30422 Views
  • 5 replies
  • 0 Likes

Re:Minemeld Miner Config

Hi guys,How can we creat a prototype miner in the MInemeld hosted by autofocus, is there any tech document with regards to how to customize/config a prototype for Miner.Thanks

Sanssj by L2 Linker
  • 3201 Views
  • 1 replies
  • 0 Likes

Resolved! Decryption servers same ip

Hi, We need to decrypt traffic (SSL Inbound Inspection) for a server which is running 3 URL. This server has 3 certificates, one per application. So we would like to decrypt traffic for this 3 applications but in decrypt policy we only configure using IP. The IP is the same. So is there any way to decrypt traffic for three URLs. Its possible to ...

BigPalo by L4 Transporter
  • 2588 Views
  • 1 replies
  • 0 Likes

Resolved! Upgrading a stand alone PA-Firewall 3020 to a HA-Cluster

Hello everybody, is there any article or best practice document which discribes the configuration of a Palo Alto 3020 Firewall HA-Cluster active/passive while there is already a working stand alone PA 3020 Firewall. Is it the same way I configure a HA-Cluster out of the box? https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/high-av...

Mvdohe by L1 Bithead
  • 6713 Views
  • 5 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels