General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Log forwarding, filtering and auto tag

Hi there I've played with this feature for a while on my own FW, but must be doing something wrong. I'm adding the log forwarding profile, and when checking the filter I make, I get many log lines. But I don't get any output in the DAG. I've tried with threat and traffic logs. Documentation is rather slim on this topic. Anyone done this with su...

gtomte by L3 Networker
  • 7840 Views
  • 5 replies
  • 0 Likes

Resolved! Filtering, Notification, Approval processing capability

Hello, In some use-cases, we may want to have the following features: Filtering - Maybe a list of search strings that if matched are excluded from the output Use-Case: URL lists for O365 are very messy, and sometimes we don't trust all the output given by MS. We may want to filter certain URLs from getting added to the output Notificati...

PAN OS 8 displaying multipe threat/anti virus versions

Hey folks. I don't know if this is intentional or not, but it's annoying as hell, and if it's configurable, I'd like to know hwo to fix it. Since upgrading to Pan OS 8 on one of my PA's (a 500), I've noticed that when I check for dynamic updates, I get multiple versions dispplayed - like the below Previous versions only displayed three - the cur...

threat_display.jpg
darren_g by L4 Transporter
  • 3421 Views
  • 3 replies
  • 0 Likes

CLI commands for Palo Alto configuration

Hi, Are there any CLI commands which we can use to assess all the checks listed in the CIS Palo Alto Firewall 7 Benchmark? For Example:Check : Ensure 'Minimum Password Complexity' is enabled Navigate to Device > Setup > Management > Minimum Password Complexity.Verify Enabled is checked. Is there any CLI command on Palo Alto Firewall dev...

Arti_K by L1 Bithead
  • 9492 Views
  • 5 replies
  • 0 Likes

Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

I've deployed GlobalProtect 4.0.3-31 to my lab machines. When I log in, I get notifications that GlobalProtect is connecting, and then that it is not connected. I'm not panicked because my portal is not available from my internal network. Will switching to an On-Demand configuration make these notifications go away?

Integrating Minemeld with TheMediaTrust

There is a current miner prototype for themediatrust, and the comment from the .yml file indicate that you need a valid TMT DTI API Key to use this Miner. How do you configure this DTI Key in the Config section from the New Local Protoype page? Thanks, John

jcornell by L0 Member
  • 2823 Views
  • 1 replies
  • 0 Likes

Palo Alto and Cisco ISE packet issues

Hi ive got an issue when a user connects on our VPN using the global protect client the connection will take nearly a minute to connect and in the backgroup create several failures on our Cisco ISE RADIUS server, before finally let the user connect. I have got calls open with both Palo Alto and Cisco support but i kinda feel like im not getting...

Resolved! SSL decryption alert or log

Hi We use SSL decryption and from time to time we have issue with web sites and apps not working because we are decrypting their traffic. If its a web site that doesnt like ssl decryption most of the time the end user will get the relevant response page, but our issue is with applications or windows apps that doesnt like ssl decryption because w...

Resolved! Failed to Initiate Phase 0 (ID population)

Hi community, Does anyone already saw this commit error and knows how to solve this issue without doing a simple reboot? PAN-OS 8.0.7, Apps&Threats 773 Regards,Remo

20180203_185654.png
Remo by L7 Applicator
  • 8275 Views
  • 1 replies
  • 0 Likes

Commit limits

Hi Guys, We are running scripts to push configurations into the firewalls. Everything is done via CLI and with set statements (I know that it is odd, but that's the way it is). Does anyone know are there any limits on the configuration size because sometimes we have config synchronization problems with the secondary box? Cheers

ICMP gets dropped by DEFAULT DENY ANY ANY

Source IP: x.x.172.230Source Zone: int-fw Destination IP: x.x.20.50Destination Zone: DMZ Requirements: SRC and DST IPs should be pinged bi-directionally. Scenario:- I've allowed the traffic using ICMP, ICMP-0, ICMP-8, PING bi-directionally but still unsuccessful- Upon checking the logs, I can see that from SRC ----> DST is allowed using the R...

mcjyrnn by L1 Bithead
  • 9853 Views
  • 11 replies
  • 0 Likes

Always on/Pre-Logon GP and Windows logon time

Does anyone have any tweaks or suggestions that might improve the windows logon time when GP is configured as pre-logon always on? Our users have gotten used to waiting sometimes up to 5 minutes after logging in before they see their windows desktop. The only way we have found to alleviate that is to set GP to on-demand (not an option) or uninst...

hshawn by L4 Transporter
  • 6292 Views
  • 6 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels