General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Global Protect Portal and ECN

In PanOS 7.x the Global Protect Protals drops TCP-Connects with ECN Flag set silently. 

This can only be seen in the drop-PCAP.  

Also proxy_offload_check_err counter increments with each SYN.

 

This  is a behavior which differs from most Webservers we s

...

Resolved! MineMeld syslog indicator rules

Hi all,

 

I've successfully connected my firewall to the syslog miner and can see logs arriving. I believe I now need to create a rule to match logs to extract the indicators.

 

Here's my recieve stats from the miner:

Here's the rule I'm trying to c

...

miner-stats.jpg
rule.jpg
tkirk by L1 Bithead
  • 8275 Views
  • 6 replies
  • 0 Likes

Removing interfaces off a VM-series HA pair

As per title, functionally, this is easy to do.

1. Shut VM down.

2. Remove interfaces from virt solution configuration for the VM

3. Power up. 

4. All is well.

 

But, in a PAN VM-series HA pair... I'm worried that I might have to shut both down AT THE SAME

...

mpgioia by L3 Networker
  • 814 Views
  • 1 replies
  • 0 Likes

Import from xml of a 2 vsys system

I have an xml config export from a PoC system that had 2 vsys configured. Is there a way to peel out one of the vsys configurations from the xml and import vsys1 only?

RFalconer by L3 Networker
  • 1120 Views
  • 1 replies
  • 0 Likes

url-filtering


Hi,

In url filtering adult-and-pornography blocked . But la-xxx.com can accesible
xxx.com not blocked

 

1)
test url la-xxx.com

la-xxx.com adult-and-pornography (Dynamic db)

2)
test url xxx.com

xxx.com adult-and-pornography (Base db)


other info
----------

show ur

...

sib2017 by L4 Transporter
  • 2375 Views
  • 8 replies
  • 0 Likes

Two L3 interfaces on One Zone

 

 

 Hi,

 

 

in the setup of the above diagram , I need to run OSPF on Paloalto between two Core-SWs, so I have to create two L3 interfaces  Point to Point with the two SWs.

 

the two core-SW is considered as inside for me , so from the prespective of routi

...

Question.jpg

Resolved! Create threat signature

Hi Guys,

 

I need to know if I can create a threat signature in case I've only the malware hash.

 

Is it possible to do on PA?

 

If not, Is there any other way I can block malwares based on hashes only?

 

Regards,

Sharief

Syslog Miner different confidence values.

Is there the way to separate traffic and threat logs from syslog miner to be directed to diferent outputs based on confidence. What i mean is something like that in rules:

conditions:
  - type == 'THREAT'
fields:
  - misc
  - url_idx
indicators:
  - src_tra

...

Shadosan by L0 Member
  • 1644 Views
  • 0 replies
  • 0 Likes

Troubleshooting ipsec tunnel setup.

I have setup ipsec between PA200 and cisco device. When trying to bring tunnel up not even able to establish phase1.

Getting following errors in logs. I have keyed in pre-shared key again on both the sides.

 

ikev2-nego-child-start:'IKEv2 child SA negot

...

GlobalProtect client upgrade "Prompt" file location?

We are using the GlobalProtect Agent Upgrade Process "prompt" method to upgrade our users GP client. We are having issues with our last version upgrade to GP 3.1.1 on all of our PAN firewalls, where some of our clients get this message - "The program

...

Resolved! PA drops traffic apparently without NO REASON

Hi All,

 

I have PA 2050 with panOS version --> 7.0.9

I have two rules:

Rule 4 --> Permit for svc-casse application as (ssl, ms-updated ecc)

Rule 5 --> Cleanup for svc-casse

 

That's the situation check :

RULESLOG

 

Really really strange behavior I never seen

...

Rule_INVOLVED.JPG
LOG_DROP_Without_no_reason.JPG
SSL_Allow_random.JPG
Top Solution Authors
Top Liked Authors