General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1197 Views
  • 0 replies
  • 0 Likes

SSL Decryption inbound and OCSP stapling

Hi

 

Seems like inbound SSL Decrypt doesn't handle OCSP stapling  ..... Not sure why PA have missed out on this.

 

Raised it with my SE... not happy with my SE not feeling the love.

 

Any one else been caught by this

 

EDIT - adding stapling, must stay away

...

SSL inbound inspection wildcard certificate

Trying to configure ssl inbound inspection for one of my web sites hosted internally. The IIS server has many sites being served thru host headers. All of the SSL bound sites use the same wildcard certificate *.external-domain-name on this server. I

...

Resolved! Update 0.9.46 Broken (at least for me)

Hey all,

 

So my Minemeld appliance updated to 0.9.46 at some point which broke the system. I was able to temporarily fix the issue by just changing the symlink in /opt/minemeld/engine from 0.9.46 to 0.9.44. Obviously, this is not ideal.

 

When I loo

...

How to report false positive if I'm not a customer

Hello there, 

I represent Kromtech company(https://kromtech.com) which produces MacKeeper app (https://mackeeper.com). 

We have report from our partners that your WildFire service marks our products as Malware.

We would like to report false positive but

...

Screen Shot 2018-05-18 at 10.41.48 AM.png
ze0adik by L1 Bithead
  • 2882 Views
  • 1 replies
  • 0 Likes

Resolved! VM50 on Server 2016 HypperV

Does anyone know if the VM50 is supported on Windows Server 2016 Hyper-V?   I have downloaded the PANOS 8.0  Vhdx file and installed it based on the Server 2012  R2  Guidelines,  but every time I try to start the VM, I receive a message the virtual m

...

User-ID/Facebook allow group

Hello, 

 

I am having trouble with this configuration. 

 

In a Windows domain environment. 

 

I installed User-ID on server and confirmed User-ID is running and IP/user mapping is all listed in the monitoring log. 

 

User-ID agent is connected in the firewal

...

MineMeld Splunk App

Hi Guys,

 

I'm new to this community. At the moment, we are actively exploring MineMeld in our environment and would like to know if there is any connectors available for Splunk to consume intel collected by MineMeld .

Please advise.

Thank you.

Is my upgrade the cause of a vlan not working

After I upgraded my palo alto fro 7.1.15 to 7.1.16 I had a report that a certain vlan can not longer access the internet.  I have a back up of the config before the upgrade and one after the upgrade and so far I don't see any change in virtual router

...

jdprovine by L4 Transporter
  • 4386 Views
  • 9 replies
  • 0 Likes

Arp getting time out after 30 min on sub interface

We are facing some starnge issue .

We are having an ISP which is connected to sub interface.

We are trying to repalce it with new one. Same Subnet /29 but different IP. NAT rules also same because same subnet.

The issue we are facing is when new ISP con

...

Static Routes

We have a Cisco ASA that has tunnels to our branch offices.  An Example is 192.168.9.0/24.  The local network is 192.168.10.0/24.  The lan port of the ASA is 192.168.10.10.  The lan port of the Palo Alto is 192.168.10.1.  When I change the gateway to

...

Resolved! Risky ports

What are the risky ports we should not allow from user zone (internal network) to external network (internet / external network)? Like we don't allow 21/23 etc, please suggest other ports too.....

SumitB by L1 Bithead
  • 3250 Views
  • 3 replies
  • 0 Likes

Resolved! excluding threats from TAP allerting?

We have a TAP interface listening to a number of vlans (internal and external)

 

We get a lot of noise in our allerts from threats we would prefer not to get alerted on.

 

For example, presently "SipVicious"  scans are occuring all the time to what are a

...

  • 24172 Posts
  • 117 Subscriptions
Top Solution Authors
Top Liked Authors
Labels