General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 335 Views
  • 0 replies
  • 2 Likes

Resolved! Intra-Zone Source (dynamic) NAT

Guest network (10.10.10.0/24) is in Outside zone & Internet link (11.11.11.11/24) is also in same zone.
Guests need to browse internet (say google.com)

My question is about intra-zone source NAT/PAT!

Guest, who is the source of the traffic; requires tra...

Site-to-Site VPN random issue

I have Site A setup with a site-to-site VPN with Site B.  Site A contains all the resources (DC, email, fileserver, etc). The firewall in site B is configured as DHCP for the local clients. Primary DNS is setup for internal AD DC/DNS server. Secondar

...

ce1028 by L4 Transporter
  • 1680 Views
  • 2 replies
  • 0 Likes

Office 365 access advice

We are moving to Office 365 Exchange Online and may use some other Office 365 services in the near future such as SharePoint Online or OneDrive for Business.

 

I found the FAQ "Office 365 Access Control" and have configured the requisite custom applica

...

Group Mapping Failure

Has anyone had a problem with the group mapping authentication process? We have successfully connected to our AD/LDAP, PA sees the groups and group members, however this connection and the associated mapping fails after the initial connection. In add

...

C.Wong by L0 Member
  • 1520 Views
  • 1 replies
  • 0 Likes

Resolved! App-id tcp/993 having issues

New install of dual PAN 3020s on 8.0.2  that went really well for the most part and the only issue I am having now is imap(s) and Linux clients w/office 365 not working right. 

 

  1. I have a 'known ok' rule with outlook-web-online (among other allowed app
...

drewdown by L4 Transporter
  • 8934 Views
  • 17 replies
  • 0 Likes

Slow VPN access

I have a user that is on wireless at home and using the VPN to access files and folders on the network and he says it is slow. I told him to hardwire in to his switch and see if that helps. Any other areas I should check to see if the VPN? might be c

...

jdprovine by L4 Transporter
  • 2573 Views
  • 5 replies
  • 0 Likes

PA 3020 - new security rule isn't active.

Hey all!

There is a strange problem with my PA 3020 7.1.7:

I need access from a client pc to a printer with many ports so for testing I set up a security rule with application any and service any.

The rule is enabled but it's not effective.

The firewall

...

MPI-AE by L4 Transporter
  • 2355 Views
  • 5 replies
  • 0 Likes

Miner for MS WNS

I would like to set up a new Miner to collect the Public IP addresses for the Microsoft Windows Notification Service (WNS).

The list is available as a downloadable xml file but I haven't been able to find a feed.

Does anyone know whether it is possib

...

paul_w by L2 Linker
  • 3514 Views
  • 2 replies
  • 0 Likes

DAG is not working

hey

 

i have started playing arround with MineWeld.

i am testing a solution for a customer to update DynamicObject / Block lists on the PA to be used by the SOC team.

 

i have created a IPv4 List and connected it directly to a DagPusher node.

 

but w

...

DagPusher.PNG
DagPusherConfig.PNG
PA-Group.PNG
minow by L4 Transporter
  • 6329 Views
  • 5 replies
  • 0 Likes

User-ID suddenly stops recognizing Users

I'm using PA-5020 as a Perimeter firewall with User-ID implementation for 5000+ users with multiple User-ID Agents across network.


Palo Alto Version : 7.1.8
User-ID Agent Version : 7.0.7-13

 

Problem i'm facing is the User-ID Agent, all of a sudden it st

...

Screen Shot 2017-06-28 at 11.12.41 AM.png

Using new MineMeld file hash indicators?

I see that new indicator types for file hashes (MD5, SHA256, SHA1, SSDEEP) were added in MineMeld 0.9.26 this is awesome, but should those indicator types be selectable from the ( NODES > ADD INDICATOR > TYPE ) drop down menu?  I don't see them liste

...

Resolved! Determining safe starting thresholds for Zone Protection

I've been asked to investigate Zone Protection on one of our PAN firewalls.  I'm trying to determine what safe values would be for me to begin with for syn, icmp, udp and other ip protection types.

 

Since this is a production firewall, I need to be ce

...

epeeler by L2 Linker
  • 2749 Views
  • 2 replies
  • 0 Likes

Resolved! Large amounts of google-base traffic

I am looking into abusers of our bandwidth and have found one person who has 11GB in a day reported as google-base and from the low number of sessions (18), I suspect it's file transfer.  I could understand tht much traffic being google drive but sur

...

djr by L4 Transporter
  • 3614 Views
  • 2 replies
  • 0 Likes
  • 23670 Posts
  • 108 Subscriptions
Top Liked Authors
Labels