General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Disabling GP client but where are the logs kept?

Does anyone know if anything is logged on the firewall side when someone disables the GP client? We require a password to be entered when the client is disabled but I am not finding anything in the system logs that can be related to the event. Obviously we dont want to allow users to just bypass all fo the security provided by the firewall by d...

hshawn by L4 Transporter
  • 3714 Views
  • 3 replies
  • 0 Likes

Commit with warning

Hi,when I attempt to apply a commit I receive this warning:The following component(s) are mismatched with the peer device:Application ContentThreat Content Why this? If I apply the commit what is the result? Do I have to worry?I have 7.0.9 version.

s_quasar by L3 Networker
  • 3684 Views
  • 6 replies
  • 0 Likes

Kerberos SSO

Hi community,I'm trying to setup kerberos sso for captive portal authentication and all my attempts are unsuccessfull. I always redirected to the captive portal web-page. So sso is not working. All configs was done step-by step by the guide.Kerberos Server ProfileAuthentication profileCaptive PortalAuthentication policyGenerating a keytabAny hel...

Kerberos Server Profile.png
Authentication Profile.png
Captive Portal.png
Authentication policy.png

Is it possible?

Is it possible that the traffic which fall under the rule interzone-default get action ALLOW ?How it is possible?

Screenshot_1.png
policies-security.jpg
Radmin_85 by L4 Transporter
  • 2120 Views
  • 2 replies
  • 0 Likes

Create or clone an application

I would LOVE to create an application/AppID for SSh on an alternate port, e.h.10022 rather than 22. I thought cloning the ssh AppID would be the way, but Clone is greyed out and unavailable. Creating or adding an Application seems straight forward until I get to the Signatures tab. Can someone give me some guidance on this please?

BoDollis by L1 Bithead
  • 4674 Views
  • 1 replies
  • 0 Likes

Filter rules with no log forwarding profile configured

Anybody knows a trick how to filter for rules with no log forwarding profile configured? (log-setting eq 'Profile-Name') => all rules with Profile-Name !(log-setting eq 'Profile-Name') => does not work, shows all rules(log-setting neq 'Profile-Name') => does not work, shows no rules(log-setting eq none) => does not work, shows no rules

Anon1 by L4 Transporter
  • 14350 Views
  • 9 replies
  • 0 Likes

Resolved! Deploying Minemeld in AWS using cloud-init

Team, I'm attempting to delpoy a MM instance into AWS and running into issues which appears to stem from rabbitmq. I have a firewall and other Unbuntu instances deployed so I know my network settings are good. When I deploy the MM instance I can validate that all network services are operational but the install comes to a scretching halt when ra...

jnewsome by L2 Linker
  • 15823 Views
  • 8 replies
  • 0 Likes

Enable MS Teams through minemeld

Hi, When trying to use Minemeld to enable access to Office365 MS Teams brakes. This is because url api.teams.skype.com is not in the url list minemeld pulls. Instelad this url is being categorized as 'internet-communications-and-telephony' by panos and that category is blocked in the url filter. Also, we have other url categories we´ve manuall...

mgusta by L2 Linker
  • 9519 Views
  • 5 replies
  • 0 Likes

Dynamic List for URL Filtering

Hello, We would like to use the Dynamic list for URL filtering function but we want to pick up the list from an internal web server, the link below says the path with follow the service route for palo udpates but this for us will be out to internet, the web server we want to store the list is internal. https://www.paloaltonetworks.com/documentat...

Playtime

I know that I am not the only one who faces trying to track and minimize the amount of playing on the internet during regular work hours. Is there anyway to track and prove that a user is playing on the internet when they should be working using the PA?

jdprovine by L4 Transporter
  • 2199 Views
  • 2 replies
  • 0 Likes

VPN users

Hello, Is it possible to restrict access to servers for a VPN user? (allow one or two servers access in the local network)

LEMO_SA by L0 Member
  • 2604 Views
  • 3 replies
  • 0 Likes

Resolved! Stable OS version as of April 2018

Hi, We have multiple firewalls with different version of O.S.Could someone give me a summary of recommended version/release per each major OS version?Like what would be the recommended version for the ff versions: 7.0, 7.1, 8.0? Thanks!

ACC Report mismatch some during time

Hi all, I found the issue about ACC report mismatch some during the time Symptom: I try to compare between during time last 24 hour and last 7 days is found mismatch which lasts 24 hours have traffic more than 18 G but last 7 days have traffic 500 M( Report user activity application )example: last 24 hours have to use application google-ba...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels