General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

captive portal from Pan-OS 8.0

Hello community, Does annyone know a manual step-by-step on how to configure captive portal with Pan-OS from 8.0 with authentication rules. the admin guide seems not to clear to me. I´d like to configure captive portal in redirect mode. Does anyone know a manual or you can point out in brief what elements do I need to make this config? Thanks in...

Carracido by L4 Transporter
  • 2813 Views
  • 2 replies
  • 0 Likes

URL filtering https pages

I can’t seem to get this working. I’m trying to block bbc I player but neither url filtering or APP-ID does the job.Do I need to enable ssl inspection to block https pages?I have tried with httpvshttps.com for example and I can block the http version but not the https version

welly_59 by L3 Networker
  • 3981 Views
  • 6 replies
  • 0 Likes

HA active/passive OSPF design

Hi, Following topology is from PAN's design guide for A/P OSPF setup.I wonder if it brings any benefit to connect firewall1 to Edge Router B andFirewall 2 to Edge Router A with additional cabling run OSPF there too. The only thing I can see is that there won't be a firewall failover but routing protocolwill re-route the traffic via RouterB i...

ospf_design.png

Resolved! Pushing from Panorama to firewall with API

I am trying to commit changes to a Panorama and then have changes pushed to the firewall making API calls from a powershell script. Using the API I can:add the firewall to the panoramaadd the firewall to an existing template in the panoramacreate a new device group on the panorama and add the firewall to itAdd rules (policies) to the device grou...

Best practice wise, which ports do we open on our AWS instance for our TRAPS ESM Server?

Best practice wise, which ports do we open on our AWS instance for our TRAPS ESM Server? We currently have SQL and HTTP opened with Security groups in AWS for our two offices. This of course doesnt allow users in the field to get TRAPS updates unless they are on the VPN. Trying to get ideas on what to open. Our concern is that if the server is r...

Custom Category block per default

Hi When I create a custom URL Category, it is automatically added to all URL profiles with action set to "none".Can I set this default action to "block" - that means, the new URL category will be automatically added to all URL profiles with action set to "block" ? Thanks and Regards,RJ

GlobalProtect - Authenticating using trusted domain credentials

My company has recently configured Active Directory/Windows Domain Trust between ourselves and another domain (we have recently merged as a company). Our users currently authenticate to GlobalProtect using LDAP linked to our domain controllers. Is it possible for me to have users from the other domain authenticate using their domain credentials ...

welly_59 by L3 Networker
  • 3225 Views
  • 2 replies
  • 0 Likes

Forward Trust Certificate greyed out

HiI have an enterprised signed CA Certificate and also intermediate certificate. But when I install either of these, it shows that cert is valid but I cannot mark the check box for Forward Trust Certificate. It is greyed out. I can only add self signed cert as a forward trust cert. Any idea what am I missing? BR,Rahul

Global Protect IP assignments

Its seems with the 4.1.4 client then when a user connects and gets an IP address that the client remembers the IP. I have an issue where that has happened, but the user got it out of the wrong pool and I can't seem to find a way to get it released. Also can you use a DHCP server with Global Protect and have different IP blocks based on the conf...

gzygadlo by L1 Bithead
  • 2227 Views
  • 1 replies
  • 0 Likes

Captive Portal on second firewall

Hi community Most of you know about the captive portal feature on paloalto firewalls, to get user-ids for not yet somehow authenticated users. All this is also well documented exept this situation: I was wondering if it is possible to configure the captive portal redirect host to an FQDN which points to an interface on another paloalto firewall....

Remo by L7 Applicator
  • 1819 Views
  • 1 replies
  • 0 Likes

Mac OS High Sierra Virtual keyboard problem

I use Mac OS High Sierra 10.13.6 (17G65) and GlobalProtect version 4.1.2-11. I use an Apple Bluetooth wireless keyboard and track pad. I have a physical disability and use the virtual keyboard that comes with Mac OS High Sierra. GlobalProtect is perfectly happy to take text input from the Appe Bluetooth wireless keyboard. When I try to enter...

Resolved! Top Talker/Conversation in Paloalto 5220

Hello All - How to generate Top Talker report for a particular period. The Report should contain as below Source IP addressDestination IP addressBytesServices/TCP UDP Port numbers These are the minumum filed should be in the Report. Can you pleae help to know who to achieve this. Roughly i tried using ACC module, but i couldnt achieve. I get Top...

  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels