General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

The WildFire module price

Hello, сolleagues!I am interesting in the PaloAlto and I am only starting to use it. IPlease say where can I buy subscription to the The WildFire module ?Can I buy only The WildFire subscription or I must buy smth else?If anybody know where is a page with prices - please say. I found the page with description https://www.paloaltonetworks.com/pro...

Resolved! X-forwarded-for not showing results

We use F5 with its VIP interfaces in DMZ and is doing SSL offloading (presents a cert on the webserver's behalf allowing plain text traffic to be inspected). As in below example, external source(1.1.1.1) acesses 2.2.2.2(PA NATS to 10.10.10.10 of the F5 VIP). F5 then does SSL offload and SNAT for communication with server, but the source interfa...

image.png
raji_toor by L4 Transporter
  • 6059 Views
  • 4 replies
  • 0 Likes

Resolved! Is there a protoype that can read this XML format?

Before I go down the route of writing a prototype (or attempting to), I was wondering if there was a prototype that I could use to read an IP list in this XML format. I would be interested in pulling out the address and country: <?xml version="1.0" encoding="utf-8"?> <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" ...

Running MineMeld from OVA

Good afternoon! I have a quick question about running MineMeld from the OVA. We have some pretty strict policy against installing via GitHub and, the best way for me to get MineMeld installed, would be to use the OVA method. I'm new to running it this way. After I get MineMeld up and running on this VM, can I upgrade MineMeld to the latest ...

Not having a Threat license on panos and do the AV and anti-spyware functions even work?

I am a little new to PA firewalls. My question is, with an expired Threat license, or no Threat license installed at all, is all the functionality of the AV and anti-spyware components not active? Customer has one with expired license, but I am trying to be specific on what functionality they have lost due to the expired license. Another cust...

S_Gibney by L0 Member
  • 2655 Views
  • 2 replies
  • 0 Likes

Create new prototype for Rest API and simple URL

Hi Experts, I have a customer who wants to create new prototype for this customer. customer requirement is very simple but, it's very hard to me. first of one, customer said spunk is using Rest API, below is feeds from splunk curl -k https://splunk_IP_address/services/search/jobs/export -d "search=| inputlookup autofocus_lookup" -d output...

jilim by L1 Bithead
  • 4637 Views
  • 3 replies
  • 0 Likes

RTP fragment packet flowing is not allowed when fragment enabled on zone protection of PAN-OS

Hi All, I have an issue about sip/rtp traffic. Endpoints are using a calling application that used sip protocol . We have also enabled fragment feature in zone protection setting.I investigate this issue and when endpoint make calling, zone protection drops rtp packets because they are fragmented.Could you inform me is there another solution adv...

Resolved! How do you use the new predefined Dynamic IP lists?

Greetings all, I'm wanting to use the new Palo Alto provided dynamic IP lists to block known malicious or high risk IPs but, when creating a security policy, I can't seem to get it to appear in the list for selection. I've tried copy/pasting the name in there and it just shows the red underline. I'm doing this in 8.0.7 Panorama and both of my f...

jsalmans by L4 Transporter
  • 9838 Views
  • 11 replies
  • 0 Likes

SSL decryption non standard ports

Hello all, I am wondering if palo can identify and decrypt encrypted traffic on non-standard ports(other than 443)? In other words, does firewall decrypt all encrypted traffic traversing through that matches rule?

Resolved! show user group name not showing user list

Hello, We are not getting the list of individual users in the command: show user group name <name> > show user group name "CN=adminstaff,OU=staff,OU=security,OU=Groups,OU=College,OU=Schools,OU=CEWA,DC=test,DC=edu,DC=au" short name: test\adminstaff source type: ldapsource: TEST_AD_Groups We can see them in the Webgui. We followed t...

Farzana by L4 Transporter
  • 9330 Views
  • 1 replies
  • 0 Likes

PAN-2020 site-to-site with Meraki Cloud managed firewall

Hi all,Has anyone had success establishing a site-to-site tunnel between an PAN firewall and a Cisco Meraki Cloud managed firewall? I've been messing with it for most of the day and have not found much luck. I've added a third party peer on the Meraki, but it doesn't seem to make any connections back to PAN even an attempt to establish the tun...

cmateam by L3 Networker
  • 10371 Views
  • 7 replies
  • 0 Likes

Resolved! Configuring OCSP

I am trying to configure OCSP and I am a little confused. I have added an OSCP responder. It appears the second step is to allow the Firewall to use it by configuring Device-Management->Interfaces. However, for most of my settings, I am using a Service Route Configuration and I don't see HTTP OCSP listed as an option in Service Route. Is ...

Resolved! Minemeld with Proxy

Is there any way to perform the minemeld install from behind a proxy? I am deploying a minemeld node in a datacenter where internet access is only available via squid proxy. Thanks,Nasir

nbilal by L3 Networker
  • 20050 Views
  • 12 replies
  • 0 Likes
  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels