General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Max session age?

Quick question here.  If there is a perfect TCP or UDP session that is just sending stream data for example (say, an IP camera feed to a DVR server) and there are no app hiccups or dropped packets - is there a max session age for this condition?  I c

...

dberber1 by L2 Linker
  • 2247 Views
  • 3 replies
  • 0 Likes

Resolved! PA inbound decryption

PA drop (decrypt-error, policy-deny) packet when client present a certificate (SMTP STARTTLS).

 

PAN OS version: 8.1

 

Test cases

 

1) Client cert TRUSTED, TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384

 

Client send Certificate Verify TLS payload

 

openssl s_client

...

decrypt-error.jpg
decrypt-error2.jpg
decrypt-ok.jpg
decrypt-ok2.jpg
blabla by L2 Linker
  • 5761 Views
  • 8 replies
  • 0 Likes

Dataplane increment from 07/03/2018

Hi,

 

We realised that we have had an increment in dataplane from 07/03/2018. Before this day the normal value was 42% aprox. After that day the normal value is incremented to 58%. So we would like to know the reason for this increment.

I check "resourc

...

Resolved! Panorama fails to deploy PanOS to Firewalls

We have a Panorama (M-100) managing several PA5020 firewalls. We need to update the PanOS from 6.1.7 to 6.1.10 (don't push for higher this is all we can do for now). I've updated the Panorama to the 6.1.10 version. Now i try to use the deployment sof

...

Resolved! Any 'Bards' up for a poetic challenge?

It doesn't always need to be hard work and no play, some fun distractions should be part of the job 

 

Therefore I'm calling on all the bards among you (poet warriors in case you never played AD&D  ) to have a swing at a geeky or funny limerick and

...

reaper by Cyber Elite
  • 2605 Views
  • 2 replies
  • 6 Likes

Resolved! User ID agent user-IP mapping refresh evets

Hi Experts

 

As you know the default cache time for user-IP mapping in user-ID agent is 45 minutes. If I am not using WMI or netbios or server session monitoring then:

 

1- How user-IP mapping can be maintained by user-ID agent? This means user has to lo

...

LSVPN deployment using iBGP

I'm looking for information to see any one setup LSVPN using iBGP or other dynamic protocol such as OSPF. Here the scenario and not sure LSVPN using iBGP is right choice or not.

 

IPSec VPN tunnles between HQ and DR

Layer 2 extension between HQ and DR s

...

Resolved! Certificate Error on Miner Refresh

Currently Running MineMeld Version 0.9.40 on Ubuntu 14.04. I am getting the following certificate error. I have tried updating the self-signed cert, restart, ubuntu reboot. with no change.

 

 

iheredia by L1 Bithead
  • 8545 Views
  • 6 replies
  • 0 Likes

Resolved! Certificate is expired and is shown in the browser

Good Morning,

 

System: PA-3020

SW Ver: 8.0.6

 

we are trying to implement a certificate on our Test Firewall and have encountered the an expired certificate.

We have created the certificate (self-signed); however, when I go to the Palo Alto GUI, the brows

...

Certificate Error.png
jasfree by L1 Bithead
  • 3740 Views
  • 4 replies
  • 0 Likes

Resolved! URL classified as Malware but not sinkholed

Hello,

 

Quick question for a specific URL (cia.toh.info)  This URL is classified as malware in PAN-DB but doesn't show ip in the AV release notes as a malware site so it doesn't get sinkholed when we do a DNS lookup for that url.  We've noticed other

...

epeeler by L2 Linker
  • 1877 Views
  • 1 replies
  • 0 Likes

Virtual Wire

Hello!

 

Is possible to have configured Antispyware with DNS Sinkholing and External dynamic lists (URL filtering) in virtual wire envirnoment.

Is it working if I configure only one L3 port on PA and put on fake IP , all other interfaces remain on virtu

...

ales by L0 Member
  • 1476 Views
  • 1 replies
  • 0 Likes

Resolved! I've bought 1 more public IP range but cannot use it

Dear all,

I've 2 internet lines connected to 2 different ISP: ISP-1 and ISP-2. Default route to internet is the connection to ISP-2

I just bought 1 more public IP range from ISP-1 that belong to a different subnet with my current ISP-1 public IP range.

...

Hongson by L2 Linker
  • 3497 Views
  • 5 replies
  • 0 Likes
  • 24186 Posts
  • 101 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels