General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

MineMeld Splunk App

Hi Guys, I'm new to this community. At the moment, we are actively exploring MineMeld in our environment and would like to know if there is any connectors available for Splunk to consume intel collected by MineMeld .Please advise.Thank you.

Is my upgrade the cause of a vlan not working

After I upgraded my palo alto fro 7.1.15 to 7.1.16 I had a report that a certain vlan can not longer access the internet. I have a back up of the config before the upgrade and one after the upgrade and so far I don't see any change in virtual routers that would have cause the PA to block the traffic. I know that is very little information but i...

jdprovine by L4 Transporter
  • 5243 Views
  • 9 replies
  • 0 Likes

Arp getting time out after 30 min on sub interface

We are facing some starnge issue .We are having an ISP which is connected to sub interface.We are trying to repalce it with new one. Same Subnet /29 but different IP. NAT rules also same because same subnet.The issue we are facing is when new ISP configured , we are getting the ARP entries for ISP gateway on Palo Alto Sub interface however its e...

Static Routes

We have a Cisco ASA that has tunnels to our branch offices. An Example is 192.168.9.0/24. The local network is 192.168.10.0/24. The lan port of the ASA is 192.168.10.10. The lan port of the Palo Alto is 192.168.10.1. When I change the gateway to one of the servers to use the Palo, it can ping a host on the 192.168.9.x network and the remote...

Resolved! Risky ports

What are the risky ports we should not allow from user zone (internal network) to external network (internet / external network)? Like we don't allow 21/23 etc, please suggest other ports too.....

SumitB by L1 Bithead
  • 3870 Views
  • 3 replies
  • 0 Likes

Resolved! excluding threats from TAP allerting?

We have a TAP interface listening to a number of vlans (internal and external) We get a lot of noise in our allerts from threats we would prefer not to get alerted on. For example, presently "SipVicious" scans are occuring all the time to what are actually unused IP addresses on one VLAN. How can we dial these out??? ThanksRob

MineMeld and ELK

Hi all, I'm having some trouble parsing MineMeld events into Logstash, and then into ELasticSearch. Does anyone have any resources available for this kind of set up?

tom.dell by L0 Member
  • 4549 Views
  • 2 replies
  • 0 Likes

Bad Gateway Error - Minemeld Not Running

Hi All, My Minemeld instance seemed to randomly break and I'm not sure why. When I try to login I get a bad gateway error and the EDL URL's give the same message. Here are some log snippets: minemeld-engine.log: 2018-05-11T06:25:45 (4222)base.state INFO: bruteforce_de-IP - transitioning to state 82018-05-11T06:25:45 (4222)basepoller.stop I...

password policy has locked out the admin

Is there a way to have an email warning if a password is going to expire? One of our palo alto (which is stigged) has locked every user out. This includes the emergency and admin accounts. I guess, now the only way to get back in is to to in via the management console via the palo alto, correct?

GP with HIP feature doesn´t work after upgrading Kaspersky to version 11

I´m using a HIP profile to check if antivirus real time protection is enabled in the PC, everything was working properly until upgrading Kaspersky from version 10 to 11. I cannot connect with GP anymore. Does anyone have the same issue? "resubmit host profile" in the agent didn´t work I´m running Pan-OS 7.1.16 adn GP agent 3.1.6

Carracido by L4 Transporter
  • 4075 Views
  • 2 replies
  • 0 Likes

Missing ikemgr.log

I wanted to delete the ikemgr.log.old, however, I deleted the ikemgr.logNow no vpn logging is available anymore. I already restarted the management plane. No luck.Does somebody know what to do?

Gerben by L0 Member
  • 3936 Views
  • 3 replies
  • 0 Likes

Resolved! adding more than one UIA agent on firewall?

Hi Techies, I have a small doubt whether I can add more than one UIA server in my firewall in the sense that they should behave kind of active passive . Requirement is something like that I want to secure user id functionality on firewall so that if one of my UIA gets down , then firewall should contact other UIA server for that.... Let me know ...

Any Any Rule

Many times I have seen that engineers used to allow any rule during troubleshooting and forget to remove which creates problem in audit and compliance check, is there any option so that engineers should configure rule with any in source/destination/port/application fields. Thanks in advance,sumIT

SumitB by L1 Bithead
  • 2488 Views
  • 2 replies
  • 0 Likes

Controling East-West traffic without NSX

Hello,In a "Supported Deployments on VMware vSphere Hypervisor (ESXi)" section of the documentation (https://www.paloaltonetworks.com/documentation/71/virtualization/virtualization/set-up-a-vm-series-firewall-on-an-esxi-server/supported-deployments-on-vmware-vsphere-hypervisor-esxi#_92501) for VM series it is mentioned that VM Firewall can be de...

  • 24397 Posts
  • 123 Subscriptions
Top Solution Authors
Labels