Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
jforsythe by Community Team Member
  • 27 Views
  • 0 replies
  • 0 Likes

HA Active Active Asynchronous Routing Issue

Have two PA vm 1000hv setup in active active HA. They see each other on HA 1,2, and 3 link and synching configs (not vr configs). We have an asynchronous routing scenario that is temporary for now, but need it to work. However, the FWs appear to be d...

Resolved! HA comments before configuration?

Hi folks,

 

Configuring my first HA tomorrow around 1:30pm cst.

I am enabling HA on a production 3020 as active, then adding a secondary 3020 as passive (same OS, updates, etc. according to HA documentation).

Expecting a network interuption because of th

...

OMatlock by L4 Transporter
  • 3545 Views
  • 5 replies
  • 0 Likes

Resolved! Parse rsyslog message

I want to integrate WLC to Palo-Alto

I've done converting the snmp to syslog using rsyslog

But I don't get how to parse it in palo alto

 

here 3 syslog messages I got from wireshark when a user tries to login

Jun 10 14:08:37 localhost snmptrapd[10216]: 20

...

mzharfan by L0 Member
  • 2745 Views
  • 3 replies
  • 0 Likes

Resolved! Help me troubleshooting my globalprotect setting

Hi All,

My pan-os is 7.1.1.

I want to setup sslvpn for my co-works. Here is my globalprotect setting screenshot http://pan.baidu.com/s/1ccW1h8#list/path=%2Fpaloate

Could you take a look and tell me where I wrongly configured?

Once my globalprotect client

...

Same Zone Traffic to inside hitting different rules

Howdy All,

 

I'm running into an issue where traffic from "Colo-Voice" segment bound to Any on the inside is hittin an "Any L3" policy (shown below) that's in place as the last policy. During our capture, we can see there's another host from the same s

...

Capture.PNG

Resolved! Clarification around URL Filtering licenses

I just wanted a quick clarification around what you Can and Can't do without a PANDB license, I know you can create Custom URL categories without a license, but can you also use Dynamic External Block List, or can you create a security policy and man

...

nrobison by L1 Bithead
  • 9512 Views
  • 4 replies
  • 0 Likes

"icloud-base" excessive hits on firewall

Hi there,

 

I have a question in regards to iCloud (application = icloud-base) and I was hoping someone could shed some light on or point me in the righht direction.

 

I have a source address which is showing in the URL Logs as blocked due to our restric

...

Resolved! SSL Decryption not working in chrome

Trying to configure SSL Decryption and googled this to no end.

I have an Enterprise CA, created the cert with that, I can see that the GPO's have deployed to the cert to the users.
In my testing I only have decryption turned on for one user.

 

Internet E

...

DaleK by L1 Bithead
  • 4710 Views
  • 7 replies
  • 0 Likes

is there autofocus artifacts miner

Hi,

 

I am looking for autofocus artifact miner, and in minemeld app, I found "autofocus.artifactsMiner".

But when I check my vm ubuntu, I could not find it.

 

How Can I copy and re-use this "autofocus.artifactsMiner" to my ubuntu minemeld ?

 

Thanks

...

Resolved! NAT configuration - DMZ zone to Trust zone

I've had a total brain fade, and am unable to figure this out. Hoping you guys can help.

 

Network topology is relatively simple. Firewall has three zones - outside, inside and DMZ - DMZ has a /25 of "real" Internet addresses on it. Outside has a /30,

...

darren_g by L4 Transporter
  • 5738 Views
  • 2 replies
  • 0 Likes

Tcp service report for rules

Is there a report that I can run that will show me every rule that has tcp service applied? For example let's say migration tool is not an option and I do not want to scroll through 3000 rules to manually look. Or can I can export all rules and someh...

Restrict Any Any from Security Policy

Hi There,

 

At one of our sites we fell vicitim and have the dreaded any any security policy in place. We are trying to determine the best course of action to lock it down.

 

Would I create tap firewall ports and span all the traffic, then create new rul

...

nicford by L2 Linker
  • 2278 Views
  • 4 replies
  • 0 Likes
  • 23584 Posts
  • 107 Subscriptions
Labels