General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Zscaler and Minemeld v2

Hello, I'm trying to get simple data from https://ips.zscaler.net/pac/json. I tried to exploit the extractor with http://jmespath.org/ but really, I don't think I need an extractor here, just indicator "ip". But it doesn't work : age_out: default: null interval: 257 sudden_death: true attributes: confidence: 100 share_level...

GlobalProtect Client is not Connecting

Hi there , i'm new here , hope i get a reply 🙂 i'm using an ipsec tunnel between two site . in the second site i'm not able to use the globalprotect , he cannot connected . but , when i change the desktop dns to 8.8.8.8 it worked . any solution !!!

Resolved! Issue with Windows Insider Updates when using SSL Decrypt

PAN-OS 8.0.xWe have users not receiving updates for Windows Insider Program builds when SSL decryption is enabled. Does anyone know what changes need to be made to make this work? I've solved a few other SSL decryption issues where decrypt-exceptions needed to be added or the CA imported as a trusted CA in the PA, but so far I have been unabl...

Demast by L2 Linker
  • 10489 Views
  • 9 replies
  • 0 Likes

Best practice for applying list of IP's to a security policy.

Hello, I'm trying to identify what the best way of applying a list of datacenter IPs to one of our security policies. The list has about 150 IP's and I'm apparently unable to paste the list of IP's into an address group as it gives me an error notice stating static "IP" is not a valid reference for all the IP's in the list. Creating the option...

Non-reordered IoC feed

I have an IP IoC feed that I would like to ingest and re-publish via MM. The feed is ordered by priority i.e. earlier addresses are newer\more active\higher risk, but if I ingest and publish (miner -> output) it is re-ordered by numeric order. Is there any way to prevent this and maintain the initial order? Technically I have a way aroun...

apackard by L4 Transporter
  • 3080 Views
  • 1 replies
  • 0 Likes

Using Minemeld to mine Adobe Creative Cloud addresses?

I saw this link where someone was looking at this same type of thing I am trying to do but I have not seen someone actually create the miners for Minemeld w/ Adobe. I am looking at their GitHub on how to create a miner for them myself, but I figured if someone has done the work already I could work on other things. I tried looking at their Windo...

acdop100 by L0 Member
  • 4736 Views
  • 1 replies
  • 0 Likes

Decrypt Port Mirror problem

We have decrypt port mirrior license on our PA-850But under interface types we can not see the Decrypt mirror type interfaceThe Pan-os version is 8.0.8

Screenshot_7.png
Screenshot_8.png
Radmin_85 by L4 Transporter
  • 4546 Views
  • 5 replies
  • 0 Likes

Resolved! PA 500 not booting up

Hello, we tried to make a factory reset on PA 500 following this link https://live.paloaltonetworks.com/t5/Management-Articles/How-to-perform-a-factory-reset-on-a-Palo-Alto-Networks-device/ta-p/56029 Finally we have not been able to make the factory reset and it gave us those errors attach lowmem_reserve[]: 0 730 970 970DMA32 free:16176kB min:15...

Denis by L2 Linker
  • 5590 Views
  • 6 replies
  • 0 Likes

VPN tunnel to a firewall NOT internet facing

Hi, I have a scenario with two sites which has two sets (HA) of firewalls, external and internal. So external handles everything internet and behind the internal the datacenter resides. Clients are in between. We have MPLS between the sites which terminate in the internal firewall. Now we want to setup site-to-site vpn as a backup for MPLS failu...

Filtering the monitoring log fails endlessly

Pretty often seemingly simple monitor filters seem to get our PA devices in an endless loop. For example:( rule eq management_services ) and !( addr.dst in a.b.c.d ) and ( app eq ms-sms ) will never succeed. The fitering start running, shows a couple of matching results, screen goes blank and starts over indefinetly. Please advise.

mvdven by L1 Bithead
  • 5154 Views
  • 5 replies
  • 0 Likes

Resolved! Query MineMeld for a single IP\IoC?

We are looking at various options to build a SOC framework and one of the objectives is to be able to have an internal 'queryable' API that we can use to investigate a single IP\IoC. Is there anyway to make MineMeld work in that manner i.e. so we can query a list to see if an IP is included- https://minemeld/feeds/badlist?ip=8.8.8.8, rather th...

apackard by L4 Transporter
  • 4497 Views
  • 2 replies
  • 0 Likes

Importing PA200 configuration to PA220.

We are planning to phase out PA200 firewall with PA220 .PA200 firewall is running PAN OS 7.1.14.PA 220 firewall comes preloaded with PAN OS version 8.0.X. My concerns is, Can we directly import the firewall configuration (device state) from PA200 to PA220 without any issue? Or do we need to upgrade the PA 200 first to 8.0.x and then export and ...

Nischal by L2 Linker
  • 5775 Views
  • 2 replies
  • 0 Likes

URL alerting without SSL decryption

Hello all! I've got a question on URL category alerting. I can set up alerting for malware and phishing categories, for example. I get the alerts if the site is HTTP only. I don't seem to get them if it is HTTPS. My question is this... Shouldn't the domain names still get flagged for those categories just on the DNS query? Not only that but doma...

Active/Active HA tentative state question

Let's say we have 2 firewalls in A/A HAeach firewall has 2 vWire (single interfaces, no aggregration)eth1/eth2 = vWire 1 and eth3/eth4=vWire2link monitoring is set such that if any of eth1/eth2 interfaces are down or any of eth3/eth4 are down the firewall will go into tentative state.Say I unplug eth1/eth2 on FW1. FW1 goes into tentative state. ...

PerryK by L2 Linker
  • 4733 Views
  • 3 replies
  • 0 Likes

Resolved! Cli command to test Authentication Profile requiring exact match

Hey All While working a support case for a customer, I've come accross an odd situation and before I go log to Palo TAC I wondered if anyone else had seen this/was aware of it: So Authentication profile configured with an allow list restricted for one LDAP group. I can use that Auth Policy in say GlobalProtect and sure enough- only users who are...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels