This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Amazon Echo Alexa video calling issues

I'm a current Palo Alto Home user. I've been able to figure out issues with current APP ID's that are not listed for most home use for IOT devices. I'm trying to see if anyone has figured out how to let Amazon Echo Alexa Video calls go through using custom App ID's.

hicksm by L0 Member
  • 8132 Views
  • 2 replies
  • 0 Likes

Email config audit on change.

On our old firewalls we used KIWI CATTOOLS to pick up configs hourly and compare them for differences, this sort of works on the Palo but each night it seems to generate strange changes in the configs. Ideally I would want to send out the config audit on commit, the emails that normaly come through are more or less useless and unreadable. Or can...

Resolved! PA-820 - Am I asking too much!

Hi,I've been asked to assess if PA-820s could be used to support a smallish MSP environment and as I'm new to the PA world (and indeed MSP network design) I'm hopeful some of you can point me in the right direction. I may be going about the design wrong so do say if you think there are better/relatively cost free ways to acheive the desired outc...

Generic Customer.png

Resolved! SSH2 Brute Force events in System Logs

Hi guys,I've noticed in my System logs that there are SSH2 brute force attempts against our firewall.Unfortunately nothing is listed in the Traffic or Threat logs under the Monitor tab to indicate from which zone the traffic is originating from.Why would this be the case and how can I enable logging for this in the Traffic\Threat logs to determi...

8.0 credentials phishing queries

Hello All, I have case where in client is having set up the user-id without agent on DC. As per the document says that with this set up the only protection feature available is "Use IP User Mapping" under URL-filtering. I am seeing that it is working partially. When I test the same with log in page on zoom, I am seeing that the URL log shows th...

apatel by L0 Member
  • 2417 Views
  • 1 replies
  • 0 Likes

URL Filtering - Block-Continue On Embedded URL

As a rule we present the "Continue" response page to users for potentially time wasting categories such as streaming media. This works fine, although we have instances where some videos are embedded into other web pages. In these instances the browser does not display the block/continue page, just a generic browser error. We don't want to allow ...

SARowe_NZ by L3 Networker
  • 4006 Views
  • 1 replies
  • 0 Likes

Resolved! SSL Forward Proxy Decrypt Performance Experiences on 5060

Greetings, My company is planning to migrate from an inhouse MS shop to a Office365 based one. We will be using Ofiice365 to provide access to applications like email, LYNC, and Sharepoint. In order to enforce internal security policy, I need to decrypt all of the connections that originate internally to Office365. The decryption is needed for t...

j.silva by L1 Bithead
  • 3185 Views
  • 1 replies
  • 0 Likes

Resolved! Max number of DHCP servers?

Hi all, I have a PA-220 with PAN-OS 8.0.6. I run multiple VLANs on it and have configured 5 DHCP servers on 5 different VLAN interfaces. Now I'm wondering why this setup even works because when I read the PA-220 feature overview it says that only 3 DHCP servers are supported on this device.See "Address Assignment" on https://www.paloaltonetworks...

Resolved! Disabling SSL Decryption not working

Hey everybody!After watching all tutorials and reading all PAN's walkthroughts, I still fail to disable the SSL Inspection (decryption) on all of the outgoing (or any..) traffic. This is my decryption profile:*Rest tabs are default. This is my Decryption Policy: *My Security Policy is just any,any,allow (nothing special) and my traffic is never ...

Capture.PNG
Capture.PNG
Capture.PNG
Capture.PNG

Resolved! Firewall Policy

I am working to configure our new Palo Alto Firewall. In the policy section, I have configured one policy to allow RDP service (3389) using souce & destinaion IP address (Rule-20) and configured another rule (Rule-50) to deny all traffic. Below is the summary of config- Rule-20:Source IP: 192.168.10.20Dest IP: 192.168.15.20App: RDP (3389)Ac...

meshbah by L1 Bithead
  • 4713 Views
  • 5 replies
  • 0 Likes

Resolved! Inter-VR-Routing from Branch Office

Hey all!I am working on a Inter-VR Routing issue and would ask you for some input, how's a best practise..In Headquarter we have two VR's (2 Internet Routers), to reach the old official IP's there was build a DMZ2, which is in the secoundary VR ISP2. With the route in the default VR, which i say the /24-Network in this VR goes in Next Hop to VR ...

routing_rudolstadt.gif

One configuration for multiple sites

We are trying to deploy the PA 220 at multiple sites. The firewall will be facing an outside internet connection protecting a production server. Objective 1 is to create vpn accounts for specified users and machines (using MAC addresses) to control access, Objective 2 is to block ALL other traffic (incoming/outgoing) Objective 3 Create a c...

ddocksta by L0 Member
  • 5022 Views
  • 2 replies
  • 0 Likes

Resolved! Layer 3

I am getting ready to set up our firewall at our commany. I have done the free learning curriculum and what I learned was information but it didn't prepare for my first steps totally. I understand that the basic required properties when setting up a Layer 3 interface is: type, virtual router, security zone..I am going to be setting our interface...

Populate Dynamic Address group via XPATH

Hi, Has anyone succeeded yet in populating a Dynamic Address Group with IP addresses using XPATH?(API can use 2 methods: an XML file or all info included in one command via XPATH).Idea is to integrate with Infoblox, which only understands XPATH. Thanks

How to block sites where to buy/sell crypto coins

Hi, I'm getting the question of the management to block all sites that are dealing with selling or buying crypto coins.They are getting tired of it that lots of employees are wasting time to check there crypto coins all the time and buy and sell them.Is there a way to block this in the firewall? I'm afraid that all of these sites are in the cate...

ZEBIT by L3 Networker
  • 5893 Views
  • 6 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks