General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 1888 Views
  • 1 replies
  • 10 Likes

Resolved! A little help with Subinterfaces and intraVLAN routing

 

I have a PA-3020 with fairly typcial config with a L3 untrusted interface and several trusted sub interfaces. I have a couple questions.

 

Prior to this, I was doing my intravlan routing on my core HP2920 switch. My 192.168.123.0/24 network is the nat

...

firefox_2017-03-22_06-35-32.png
Raland by L1 Bithead
  • 2373 Views
  • 4 replies
  • 0 Likes

User-ID agent upgrade consideration

Hello,

 

I have two Palo Alto Firewalls, each running different software version, 7.1.5 and 7.0.7.

Both firewalls connected to the same User-ID agent server. The User-ID agent version is 7.0.5-3

 

I am planning to upgrade one of the firewall from 7.1.5 to

...

qafcopa by L1 Bithead
  • 2558 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect Agent captive portal Graceperiod timeout

Hello,

 

When the Enforce GlobalProtect Connection for Network Access feature is enabled, we can define a Gaceperiod to allow users to temporary connect through a captive portal ( hotel proxy...)

 

Maximum timeout, i can see is 3600 seconds (1 hour)...

 

W

...

Response page are not display when using explicit proxy.

Hi everyone,

 

I found the issue the response page not display when the client acccess ssl websites and using a web proxy via explicit mode.

I already enabled policy decryption for all ssl websites.

On a browser will display "page not found!" or "This si

...

Kanitin by L1 Bithead
  • 2106 Views
  • 2 replies
  • 0 Likes

Decrypt-Error (SSL In bound inspection)

Dear Team ,

 

i am using PA 5020 BOX With PAN OS 7.1.5 when i am configure the SSL Inspection Inbound and create the Decrypt policy on the firewall so i am getting this error , could you please share the solutions to fix this error and share the config

...

Fahadvu by L1 Bithead
  • 2714 Views
  • 1 replies
  • 0 Likes

Exclude YouTube from Safesearch

Hi All,
 
I have an issue with getting my PA to work in conjunction with Google Apps ( or G Suite) as it is now known. A little about the enviroment:
 
Two group of users:
 
Group 1
SSL decryption enabled
Safe Search disabled
Allowed to approve videos in YouT

...

stuart.l by L2 Linker
  • 1863 Views
  • 1 replies
  • 0 Likes

Resolved! PA200 - Configuring a static internet address

Hi there,

 

This may seem like a stupid question, but we are switching ISP and they have given us a static IP because we use VPN etc. I'm configuring a PA200 and for the life of me cant figure out how to add the ISP gateway. Ive added the IP address an

...

can not install and not remove globalprotect

I work on a Vista machine and after using it succesfully for a long time, I had a problem with my GlobalProtect (it did not connect). I read somewhere it might help to uninstall it and then re-installing again, which I did. The uninstall was succesfu

...

Mister34 by L0 Member
  • 5563 Views
  • 3 replies
  • 0 Likes

Resolved! Configure NAT with multiple ports

Hello ocmmunity,

 

Do you know if it is possible to do this in the firewall ?

Name:  NAT 1
Source Zone: INTERNET
Destination Zone: INTERNET
Source Address: IP_Public
Destination Address: 1.1.1.1
Service: icmp, tcp/5551, tcp/22, tcp/4443, udp/500, udp/4500
Des

...

Apadilla by L3 Networker
  • 5267 Views
  • 3 replies
  • 0 Likes

Using AWS Bundle 2 as an Ironport replacement

I have a Bundle 2 in trail at the moment as a POC. At first glance, the interface is overwhelming, so navigating it is cumbersome at first.  What I am trying to accomplish is a viable replacement for Ironport WSA.  I have a Bluecoat POC in place and

...

ACD-II by L1 Bithead
  • 1678 Views
  • 2 replies
  • 0 Likes

Weird Malware URL Reporting

Has anybody else noticed that their botnet report is triggering on weird URLs that couldn't actually exist. I've listed some examples but I can't figure out why some of the URLs being reported are so clearly 'wrong'. 

 

Visited malware URL 8M{zy!ces{~y

...

BPry by Cyber Elite
  • 3119 Views
  • 9 replies
  • 0 Likes

Panorama Device Group - Commit Failed

Dears, we have a PA3020 Box already configured. We imported that config to Panorama (creating a new device group & template by default). We didnt mark "sharing" so the device group has unique objects

 

Then we clanup the policies and objects to keep on

...

Top Liked Authors