General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 442 Views
  • 0 replies
  • 2 Likes

Normal behavior of LACP in passive/active HA setup.

Hi,

 

I would just like to verify the normal behavior of LACP in an Active/Passive HA setting.

 

Currently we have a pair of PA-3060 running 6.1.10 in active/passive. Both devices have LACP bundles towards a Cisco router.

On the active firewall the LACP n

...

Timeout value of user-ID log

 

We are using ldap authentication and globalprotect.


In the above picture, the timeout value continues to be 2592000 and 0

 

time out 2952000 and 0 , what does that mean?

 

Why does it look like above?

 

Please let me know.

 

 

 

 

 

 

image.png
jskang by L1 Bithead
  • 4004 Views
  • 1 replies
  • 0 Likes

NAT and security policies

Hi all.  I am trying to setup a ADFS environment in our network.  The actual ADFS server is located in the internal LAN, and the ADFS Web Application proxy is reside in the DMZ; internal LAN and DMZ is in a different VLAN.  

The goal is to send user a

...

EDLs

Can we group EDLs?

Once the url is fetched and content is read by the firewall and later the url is deleted, does firewall keep the cache of contents?

can firewall detect redundant entries?

Manage client SSL VPN use

Hi PAN Community,

 

I work for a school and we have issues with student VPN use - specifically x-vpn, hotspot shield etc. We have rules in place that take care of the proxies and standard VPN applications and have SSL decryption and URL blocks in place

...

New VM-100 throws error at commit

Hi

We have imported a config from a PA500 into a newly installed VM-100 v8.1 (under vmware).  After having done some VLAN changes to interfaces, we suddenly started to get the below error message when committing:

 

 

Can someone point us in the correct d

...

Commit.jpg

Resolved! content update

I have this question and cannot find the answer from the online training:

 

Which type of content update does NOT have to be scheduled for download on the firewall?

 

I think it is PAN-DB updates but I just need to make sure.

Resolved! Where do you track your certification progress?

Hi all,

 

I thought you'd want to be able to list your certifications and their expiry dates and any relevant announcements, so you could plan your further study, re-certification...

Also, employers ask about cert updates.

Couldn't find it myself.

Other t

...

GAleksic by L1 Bithead
  • 3530 Views
  • 3 replies
  • 0 Likes

Resolved! To drop or deny

I found some best practices documentation on the fuel group site and they recommend drop over deny.  So I would be interested to see how people are configuring their fire wall more drops or denies and why?

jdprovine by L4 Transporter
  • 39338 Views
  • 6 replies
  • 1 Likes

MAC OS Decryption Issues

Hello All,

 

I was just curious if anyone has encountered issues with Apple Mac devices and SSL decryption? We have users that are unable to perform an Internet Recovery over the network, but when they are off the network it works for them. This has on

...

Resolved! How to manage 140+ Firewalls with their certificates...

Hello Community,

 

I was wondering how in a "larger scale" environement (140+ branche offices) people are generally managing their certificates?

  • Take the scenario of Panorama managing thoses 140+ PA firewalls with their corresponding 140+ templates...
  • Th
...

Rievax by L2 Linker
  • 3261 Views
  • 5 replies
  • 0 Likes
  • 23701 Posts
  • 110 Subscriptions
Top Solution Authors
Labels