General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 430 Views
  • 0 replies
  • 2 Likes

Show how long the VPN site-to-site tunnel is up

Hi everybody,

 

Is there any CLI command or log that show the time of the tunel VPN (phase 1, phase 2 or both of them) is up?

 

The commands:

show vpn ike-sa gateway <gateway name>

show vpn ipsec-sa tunnel <tunnel name>

 

It shows the lifetime since the last

...

How to Block all countries

I am trying to make a policy on my new PA-220 and i want to block all traffic coming in from every country except the united states..I can't figure out how to do that except by blocking every country one country at a time.. Can anyone tell me if ther

...

hill11 by L0 Member
  • 3742 Views
  • 4 replies
  • 0 Likes

Resolved! Spyware Infect Host report from P.A.

I just got a spyware infected host report that says something like

 

 

Destination address    |    Destination Host Name         |   Count

X.X.X.X                                hostname.domain.com              2.94k 

X.X.X.X                             

...

Globalprotect IPSec crypto

A couple of questions 

1. Is the IPSec crypto for global protect completely separate for the IPSec crypto option that you find lower down in the list on the firewall?

2. Is the Globalprotect IPSec crypto still used when x-auth is turned on?

jdprovine by L4 Transporter
  • 2577 Views
  • 2 replies
  • 0 Likes

how to write a simple miner documentation

Hi there,

   I'm a new user, so hopefully this is a simple question.

 

I installed minemeld via source code on ubuntu 14.04 using the instructions on this page : 

https://github.com/PaloAltoNetworks/minemeld-ansible

 

 The installation went smoothly

...

vb0398 by L2 Linker
  • 12756 Views
  • 18 replies
  • 0 Likes

Resolved! PBR forwarding does not work

For the first time I configured a Palo Alto firewall.

I have created three zones each connected with a specific interface:

INTERN

EXTERN

DMZ

 

For each zone I created a virtuel router each configured with static routes :

Intern:

DMZ -> Interface DMZ

Dmz:

EXTER

...

ZEBIT by L3 Networker
  • 5146 Views
  • 7 replies
  • 0 Likes

Pro active monitoring for routing table

Hello,

 

We have faced problem where routing table is full and we had an outage where customer were unable to access Internet for specific sites.

 

We asked for syslog or SNMP traps on it but we received as of now, there is no provision to monitor it

...

OpenVPN to a server behind PA

I have a dest NAT setup with port translation thus:

untrust untrust public IP tcp 443 > private IP tcp 1194

 

Policy set as

untrust trust any src to public IP for 443.

 

The NAT works fine, but I see aged-out on the traffic monitor, and no traffic at all o

...

Resolved! Problem with Panorama shared context

Hi, I am currently migrating our firewalls to Panorama and have a problem with shared settings.

Every Panorama commit shows me Warning:

 

  • Disabled applications in shared: intercall google-spaces-base google-spaces-posting zenefits gitlab-base gitlab-upl
...

linhartj by L0 Member
  • 6143 Views
  • 2 replies
  • 0 Likes

GlobalProtect Users appear on GUI and not on CLI

PANOS 8.0.5

Current connected GlobalProtect Users appear on GUI by “Monitor/User-ID/Source-type=globalprotect” and not appear on CLI "show user ip-user-mapping all type GP”: the record is not absolutely present.
On PANOS 7.1 the CLI command "show user
...

Aiace by L1 Bithead
  • 2630 Views
  • 1 replies
  • 0 Likes

File minemeld-web.conf doesn`t exist

I`m looking for file minemeld-web.conf  into /etc/nginx/sites-available/minemeld-web.conf  directory but it doesnt exist, there`s only default file.

 

I need to change HTTPS services to HTTP

 

I installed the super fast setup from the site https://live.p

...

vhgambit by L1 Bithead
  • 3187 Views
  • 1 replies
  • 0 Likes

Resolved! OpenConnect client with a Global Protect plugin

Hello,

 

We found that only 1 factor authentication is required when connecting to the VPN using OpenConnect client with a Global Protect plugin, it appears that it bypasses the portal authentication and only requires the gateway authentication. We hav

...

Farzana by L4 Transporter
  • 20883 Views
  • 2 replies
  • 1 Likes

Licence NFR PaloAlto

Hello

 

I just receive my PA-850, i made the registration of the device in support section, but after this registration, i can't see the licences for the new device :

Threat Prevention
BrightCloud URL Filtering
PAN-DB URL Filtering
GlobalProtect Gateway
Glo
...

nfr palo.jpg
  • 23698 Posts
  • 110 Subscriptions
Top Solution Authors
Labels