This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 274 Views
  • 0 replies
  • 1 Likes

Resolved! Looking to get started with SSL Decryption

I'm currently reading articles on this site on how to set this up. I was hoping someone could point me to a guide or tell me a very basic test set up for this feature on the P.A. Thanks in advanced.

User-id not working correctly

Hi All!

 

i have a issue with the user-id feature: some users are not recognized by the PA device: if i check the logs searching for the username i see the last access some days ago, but if i search for his ip he is doing traffic.

Even checking via CLI

...

DKanta by L2 Linker
  • 3578 Views
  • 6 replies
  • 0 Likes

Untrust to Untrust

Should the untrust to untrust be denied. As the defalt interzone traffic allows everything.

 

untrust to untrust rules for us are ether used for IPSEC or global protect. It seems to me blocking this traffic effects detecting SCANS.

raji_toor by L4 Transporter
  • 4927 Views
  • 2 replies
  • 1 Likes

Security profile group best practice

HI guys, I've read most of the reference material by Palo alto only applying security profiles on inside->out security polices but not outside->inside polices. I would think that is a given since outside->inside policies are to protect your front fac...

No wildfire submissions (FWD_ERR_CONN_FAIL_PUB errors)

 

Hi there,

 

Wildfire is not submiting files. I have the simplest configuration possible, and I'm using the test file (https://wildfire.paloaltonetworks.com/publicapi/test/pe). However, nothing is getting to the portal, or logs for that matter.

I'm runn

...

Hwinter by L2 Linker
  • 5160 Views
  • 7 replies
  • 0 Likes

Configure GlobalProtect With Public IP adresse

Hello

 

1-i have the router adsl with the public ip adresse : ex 41.137.11.123 (WAN interface) ==> this is a Public/fixe IP adresse.

2-i have a paloAlto firwall, is connected by its wan interface (192.168.1.2) to the local interface of the router adsl (

...

Resolved! Call API key via invoke-restmethod

Is Palo Alto's API able to accept GET requests from the PowerShell "invoke-restmethod" cmdlet which have the api key set as a variable?  I ask this because I would like to run these requests without embedding my API key in the HTTPS GET request.  Thi

...

Log forwarding "Zone Protection" ?

I can't find an up to date way to enable log forwarding for "Zone Protection" profiles.

 

I found a guide for 6.1 but its not relevent for 8.0

 

I want alerts when we get port scanned.

 

Cheers

 

Rob

SSL Decrypt and GitHub

I keep fighting this SSL Decypt issue with my PAs, its almost getting to the point where its not worth running the SSL decrypt function because it causes so many issues. I am currently having issues with people downloading a zip file from git hub. 

 

g

...

Resolved! PA is Default Deny

Stupid question. Just need confirmation.

PA (42020) devices are default deny correct?

If a packet is not specifically allowed or denied by a rule; when it gets to the bottom of the rules the default action is to deny, correct?

thanks

--CH

choff123 by L3 Networker
  • 5826 Views
  • 4 replies
  • 0 Likes

Port analyse by TCPDUMP

Hello All,

 

I would like to capture packet by tcpdump on other interface than management interface.

How can do it ? (please explain more detailled as possible).

 

Thanks for your help.

GB.

Global Protect and Bandwidth Considerations

Looking for feedback on what you all have experienced with GP VPN for a user count of over 2k users. 

 

Specifically what type of INet circuits that were needed.  What was the amount of bandwithd which was seen on the circuits?  Finally, is there any s

...

Resolved! App-ID Mismatch for symantec-endpoint-manager

Is there any experience with 'symantec-endpoint-manager' over tcp/8014 being mis-identified as web-browsing?

 

We have a 5260 firewall in a datacenter environment, with hosts that need to access a Symantec-Endpoint-Server for AV updates.  Clients acces

...

chrislss by L1 Bithead
  • 4057 Views
  • 4 replies
  • 0 Likes
  • 23639 Posts
  • 107 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks