General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Question to app dependencies

Hi guys!

I'm new to Palo Alto.

Scneario:

I make a new rule from an inside zone to the internet with the app gmx-mail.

gmx-mail depends on web-browsing and ssl.

Do I have to add web-browsing and ssl to this rule to make gmx-mail work?

Or could I make anothe

...

MPI-AE by L4 Transporter
  • 1096 Views
  • 5 replies
  • 0 Likes

Can't seem to connect to Cisco ASA

Using the following Phase 1 settings:

 

I keep getting this error:

Received unencrypted notify payload (no proposal chosen) from IP x.x.x.x[500] to y.y.y.y[500], ignored...orIKE phase-1 negotiation is failed. Unable to process peer’s SA payload.

Check th

...

Capture.PNG
dclaro by L0 Member
  • 2019 Views
  • 3 replies
  • 0 Likes

Surveillance system

Has anyone here used a surveillance system?? I'm in need of a security system, but I don't have any idea on how to select the best one. I recently happened to read an article http://www.fire-monitoring.com/ip-cctv-moving-future/ and thought it will b

...

ConMac by L0 Member
  • 968 Views
  • 2 replies
  • 0 Likes

Skype for Business using App-ID?

Does anyone have a definitive list of which applications are required for 365 hosted Skype for Business to work please?

 

I'm using MineMeld to product a dynamic block list of the 365 Skype for Business IP ranges published by Microsoft and I've settled

...

Multiple WAN Interface Setup, different zones

Hi all

 

I'm struggling to configure a VM-200 with multiple WAN interfaces. I've read a few forum posts on the subject and I understand the suggestions (PBF, 1:1 vs 1:Many NAT, etc) but the situation I'm in is a little different.

 

We are running the VM-

...

Send OSPF default route with PBR

I have a network were what I would like to have happen is that the PAN device tracks its connection to the internet and as long as that is alive send a default route to its neighbor.  If that fails i would like it to stop sending that default route s

...

Redundant IPSEC VPN with cisco and VPN monitor

Hello Experts

 

I have PA on hub site and Cisco ASA at spoke site. At hub site, I have two ISP links, and ASA establish two IPSEC VPN with hub PA through both ISP, one IPSEC is primary and other is backup

 

Now to failover, I am thinking to use VPN monit

...

Resolved! IPSEC VPN negotiation without traffic

Hello Experts

 

Is there any option to initiate a IPSEC VPN without passing actual traffic. Like in Juniper SRX, there is option "establish-immediately" or in Juniper Netscreen "rekey" option 

 

Regards,

 

GR

Rule too allow access to group of URLs?

PANOS 7.0.4 and I'm struggling to do something that feels basic 

 

I need to allow anything on the LAN access to

 

  • *.sophos.com 
  • *.sophosupd.com
  • *.sophosupd.net
  • *.sophosxl.net
  • ocsp2.globalsign.com
  • crl.globalsign.com

as per https://community.sophos.com/kb/en-u

...

What's new in MineMeld 0.9.26

Release Date: 2016-10-28

 

How to update: Updating MineMeld

 

Core

- added new indicator types for file hashes: MD5, SHA256, SHA1, SSDEEP

- improved responsiveness of engine under load (RPC have max priority now)

- nodes now are publishing their stat

...

Screen Shot 2016-10-28 at 18.43.18.png
Screen Shot 2016-10-28 at 18.52.20.png
screenshot-mmbeta.panw.io 2016-10-28 18-51-35.png
Screen Shot 2016-10-28 at 18.34.25.png
lmori by L7 Applicator
  • 3049 Views
  • 0 replies
  • 3 Likes

SSL revoked certs

We recently had a case where we were seeing high proxy_wait_pkt_drop and SSL decryption sessions were taking a while to connect. After a week or two of back and forth support advised us to disable Certificate Revocation Checking (both CRL and OCSP) u

...

bgmncwj by L2 Linker
  • 1125 Views
  • 0 replies
  • 1 Likes

Regex

Is there any specific regex pattern for Palo Alto ?
i am trying to create a Regex that matches SSN but it doesnt seem to like it.
It either errors out as it should be 7 bytes long or it is invalid.

Top Solution Authors
Top Liked Authors