This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Sanity Check on a VPN Design

Greetings all, I've been asked to set up a secure desktop for one of our departments. The desktop will need access to a few on premises resources such as DHCP, DNS, and AD but, otherwise, it has to be restricted to allow connectivity only to a specific website. I can do this simply with a VLAN setup but this leaves open the possibility of a mis...

jsalmans by L4 Transporter
  • 3411 Views
  • 5 replies
  • 0 Likes

User identification error with AD

Hello everybody!I have a problem with user identification and accordingly with security Policy.In different computer, the same user is seen "user" or "domain\user".The rules for work must have both type of user format. This is a big limitation.Where I have made the mistake?Help me please.Thanks.Daniele

Microsoft Active Directory DCSync Attempt Detection Vulnerabilitiy

Today I got many critical alerts from Palo Alto Firewall. Threat Type: vulnerabilityThreat Name: Microsoft Active Directory DCSync Attempt DetectionID: 54406Category: info-leakContent Version: AppThreat-8010-4662Severity: critical Does anyone has the same issue? Can somebody share the details of this attack?

qafcopa by L1 Bithead
  • 8730 Views
  • 1 replies
  • 0 Likes

Resolved! Virtual firewall in HA with failover ip`s?

Hello, good morning. I have a virtual firewall vm-300 I'm considering setting up the firewall in HA. But the company where I have the dedicated servers does not offer me floating ip`s.But they do offer failover ip's.It is possible to mount a HA, with failover 's ip's? There is some other alternative that you can recommend to me to avoid having ...

SAML for admins auto login or redirect to idp?

I've successfully configure SAML with a Shibboleth IDP for administrator access, however, the login process still requires two clicks : One to select SSO, and another to continue without a username. I'd like to provide a better user experience for admins/customers and ideally eliminate all clicks. Is there a specific URL or configuration that w...

Allowing SSL and Web-browsing on dependent applications open unwanted Internet Access.

I have created a rule which requires access to Adobe-creative clolud. This application is dependent on SSL and web browsing. Setting this rule to allow aslo grants access to websites like Amazon.com or general internet access.Is there a way to make it work just for the particular app? or I am missing something in creating the policy?Thanks.

talk.JPG

Resolved! PA to ASA Proxy-ID Mismatch

Hi all, We have a standard IPSec tunnel one of our smaller sites with a strange issue related to the Proxy-IDs defined on the PA side of the tunnel. Our ASA side (10.7.0.0/16) is set to inherit all policy settings from the PA side, and our PA defines the "policies" with the Proxy-ID. Normal behavior with a policy based firewall (ASA) and a route...

PA_Proxy-ID_Details.PNG
ASA_Ses_Details.PNG
ASA_Ses_Details.PNG

Resolved! Best way to save new config, so they can be loaded and committed later?

Hello friends, I have a question about saving my firewall changes and then applying them at a later date. What I want to do, is enter all my changes into a production firewall, but then not commit them. I want to save just my changes, ie a small configlet. And then at a later date, "load" my changes and commit them (during out of production hou...

Jedi_D by L2 Linker
  • 10717 Views
  • 8 replies
  • 0 Likes

Captive Portal can't redirect HSTS Session

Hi All, i want to ask you about HSTS Session,i just installed Captive Portal with Transparent mode because Palo Alto run in Virtual Wire mode, but Captive Portal can't intercept https session.based on article : Captive Portal Not Working with HTTPS Sessions i trying to decrypt the session. and the problem is when the session intercept web with ...

2018-04-24_16-44-47.png

Resolved! How to solve "CWE-693 : Protection Mechanism Failure" in Paloalto firewall

Hello Geeks, During our compliance scanning (PCI-DSS External Scanning) process on our paloalto 3020 firewalls, the scanner found new vulnerability, "CWE-693 : Protection Mechanism Failure" and suggested to fix it ASAP to comply. Hence, I started googling to solve this issues and found no useful solutions for this yet. Is there any way to solve ...

Wayne88 by L1 Bithead
  • 20747 Views
  • 7 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks