General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 14488 Views
  • 1 replies
  • 4 Likes

Surveillance system

Has anyone here used a surveillance system?? I'm in need of a security system, but I don't have any idea on how to select the best one. I recently happened to read an article http://www.fire-monitoring.com/ip-cctv-moving-future/ and thought it will b

...

ConMac by L0 Member
  • 725 Views
  • 2 replies
  • 0 Likes

Skype for Business using App-ID?

Does anyone have a definitive list of which applications are required for 365 hosted Skype for Business to work please?

 

I'm using MineMeld to product a dynamic block list of the 365 Skype for Business IP ranges published by Microsoft and I've settled

...

Multiple WAN Interface Setup, different zones

Hi all

 

I'm struggling to configure a VM-200 with multiple WAN interfaces. I've read a few forum posts on the subject and I understand the suggestions (PBF, 1:1 vs 1:Many NAT, etc) but the situation I'm in is a little different.

 

We are running the VM-

...

Send OSPF default route with PBR

I have a network were what I would like to have happen is that the PAN device tracks its connection to the internet and as long as that is alive send a default route to its neighbor.  If that fails i would like it to stop sending that default route s

...

Redundant IPSEC VPN with cisco and VPN monitor

Hello Experts

 

I have PA on hub site and Cisco ASA at spoke site. At hub site, I have two ISP links, and ASA establish two IPSEC VPN with hub PA through both ISP, one IPSEC is primary and other is backup

 

Now to failover, I am thinking to use VPN monit

...

Resolved! IPSEC VPN negotiation without traffic

Hello Experts

 

Is there any option to initiate a IPSEC VPN without passing actual traffic. Like in Juniper SRX, there is option "establish-immediately" or in Juniper Netscreen "rekey" option 

 

Regards,

 

GR

Rule too allow access to group of URLs?

PANOS 7.0.4 and I'm struggling to do something that feels basic 

 

I need to allow anything on the LAN access to

 

  • *.sophos.com 
  • *.sophosupd.com
  • *.sophosupd.net
  • *.sophosxl.net
  • ocsp2.globalsign.com
  • crl.globalsign.com

as per https://community.sophos.com/kb/en-u

...

What's new in MineMeld 0.9.26

Release Date: 2016-10-28

 

How to update: Updating MineMeld

 

Core

- added new indicator types for file hashes: MD5, SHA256, SHA1, SSDEEP

- improved responsiveness of engine under load (RPC have max priority now)

- nodes now are publishing their stat

...

Screen Shot 2016-10-28 at 18.43.18.png
Screen Shot 2016-10-28 at 18.52.20.png
screenshot-mmbeta.panw.io 2016-10-28 18-51-35.png
Screen Shot 2016-10-28 at 18.34.25.png
lmori by L7 Applicator
  • 2831 Views
  • 0 replies
  • 3 Likes

SSL revoked certs

We recently had a case where we were seeing high proxy_wait_pkt_drop and SSL decryption sessions were taking a while to connect. After a week or two of back and forth support advised us to disable Certificate Revocation Checking (both CRL and OCSP) u

...

bgmncwj by L2 Linker
  • 918 Views
  • 0 replies
  • 1 Likes

Regex

Is there any specific regex pattern for Palo Alto ?
i am trying to create a Regex that matches SSN but it doesnt seem to like it.
It either errors out as it should be 7 bytes long or it is invalid.

Resolved! Order of different NAT

Hello Experts

 

I am just wondering, what is the order of different NAT on same packet. Lets say I want to do destination NAT and source NAT for the same packet. What NAT will happen first destination NAT or source NAT?

Resolved! Destination NAT or Static NAT

Hello

 

If I configured static NAT and destination NAT for one public service to be accessible from Internet. What type of NAT rule will be utilized by  PA, I mean static NAT or destination NAT or it soley depends upon the order of rules?

Resolved! Proxy ID in SA?

Hello Experts

 

I have site to site VPN between HQ PA and branch PA. I used the proxy id on HQ as Local: 172.16.110.0/24 remote: 10.10.10.0/24 and everything is working.

 

Now brach office need to access another subnet in HQ that is 172.16.111.0/24. In t

...

Resolved! Can't do a commit ! Auto-commit failing

Hi

Have got a Pa-3020 Demo box to use for a POC, but I cant commit anything as "commit operation aborted as auto-commit not done yet"

In the Task view several auto-commit antries are failed.

Any one has any suggestions ??

 

Best Regards Jens W

Top Solution Authors
Top Liked Authors