Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
jforsythe by Community Team Member
  • 27 Views
  • 0 replies
  • 0 Likes

Inbound Decryption Advice to overcome Decrypt error

I am asking for help to get SSL Inbound decryption working. I have read all the posts and tried everything I can think of but I keep getting the decrypt error status so I may have a basic misunderstanding. If someone has an insight into what I am doi

...

ClientHello.jpg
ServerHello.jpg
ChangeCipher.png

Resolved! DHCPv6 client support?

Is there an option to have the PA act as DHCPv6 client (DHCPv4 client on an interface is obviously supported)?

I get a /56 prefix from my provider and my DSL router offers me the option to assign a /64 prefix via DHCPv6 (IA_PD), but I cannot find an o

...

ctr_ts by L1 Bithead
  • 4814 Views
  • 2 replies
  • 0 Likes

Minemeld PA syslog processing

Hi,

 

I installed Minemeld. I'm now trying to mine the PA traffic logs via syslog. It seems that the processing works but no indicators are extracted? The PA is running 7.1.13 and sending the syslog messages on TCP port 13514 to the Minemeld server.
I

...

image.png
jorisVD by L1 Bithead
  • 2807 Views
  • 1 replies
  • 0 Likes

Decent IPv6 miner

Hello all, We use MineMeld with our PA firewalls at work, so I thought I'd try it at home as well, and it was easy to integrate with my OpenBSD PF firewall. Lots of high-quality IPv4 address and subnets to block! However, I also run IPv6 at home and

...

Resolved! DAGPusher - Add device - Is vsys supported?

In a Dagpusher output, I see the VSYS as a column, but when adding device there is no input field for VSYS.  

 

 

I checked the code on GitHub for the file at: minemeld-webui/src/app/nodedetail/dagpusher.controller.ts

 

Seems like maybe the VSYS is n

...

PA 3050 Logged in user web filtering

Hi , ive got a 2 PA 3050's running well , however sometimes they seem to fail to detect the user thats currently logged in and then it follows the sert rules to allow then a "Student-level" web filtering rules whereby shopping , and social media etc

...

VICO88 by L0 Member
  • 1675 Views
  • 1 replies
  • 0 Likes

How PAN firewall deals with deceptive or invalid URL ?

Users in my  organization received spam email with embeded link URL like 

 
http://いい中古車.com
  When I check  URL category in PA test URL website it says 
"http://いい中古車.com" is not a valid URL.
 What are the option to block this other than adding it in Bl
...

Fail over with SRV records

I know this isn't really a question for PaloAlto but I was hoping I might get some insight from the community.
We are looking at acquiring a second circuit from a different ISP for a backup failover, not load balancing. I have been studying SRV record

...

Bvance by L2 Linker
  • 2017 Views
  • 1 replies
  • 0 Likes

Problem w/ user ID

Hi Gurus,

 

I'm trying to implement user id agentless.

The LDAP & User Identification are created correctly.

 

Below is the output:

J-C.Valiere.da@PA_Ecore_Master> show user group list

cn=vpn ecore employee,ou=roles,ou=global,ou=organization,dc=corp,dc=ecor

...

Resolved! Customizing response page

First time doing this and I'm fairly familiar with HTML and CSS however I'm not sure how to target Subcategories

Is there a way to target Subcategories when using a custom response page?

 

The online documentation only mentions <category/>

 

also do you u

...

Sanity Check on the Firewall

Hi team

 

 i am new to firewall. 

Please explain what is sanity check and also the packet flow in Palo Alto Firewall.

Need Flowchart for Packet flow fo Palo Alto Firewall

Resolved! Asymetric Bandwidth On IPSEC VPNs and MPLS Tunnels

We are having unidirectional problems with our site to site circuits bandwidth. I am not sure if this is a PAN problem or a problem with the providers. It’s interesting that IPERF shows slowness to the remote site on MPLS but on IPSEC the slowness is

...

traffic_examples_2017-12-12_14-43-38.jpg
BrianRa by L3 Networker
  • 5657 Views
  • 7 replies
  • 0 Likes
  • 23584 Posts
  • 107 Subscriptions
Labels