General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 313 Views
  • 0 replies
  • 0 Likes

Youtube API Integration

 

Suggestion here to create a miner for Youtube using their API.  This would allow whitelisting or blacklisting a specific channel and all associated resources.  

 

Eg:

You can identify each channel based on URL, but not the videos as these have thei

...

Threat Alerts

I have configured Threat alerts to be emailed. This is working, however I'm getting information level alerts. I have setup a filter to only mail critical or high. I built this filter under objects/log forwarding, then log type threat. Is this the cor

...

Device Authentication with Azure AD

We have setup an Azure AD environment with some test machines that are Azure AD joined, but not joined to our on-prem AD environment. Our PA certificate is installed on these machines. For a time PA correctly identifies these machines with the correc

...

Route Public IP range through Shared Gateway

Hi guys,

 

I hope you can lend me a hand here.

 

Our ISP finally allocated us a Public /25 (aa.bb.cc.0/25) subnet which will be routed via the existing /30 (xx.yy.zz.2/30) internet link that we have.

 

We want to split it in half and use the Shared Gateway

...

Office 365 SOAP error : Session End Reason decrypt-error

I am having issues with SSL decryption for office365 . In specific this is related to Azure API and SOAP protocol . 

Traffic to azure cloud via soap to the following URL "roaming.officeapps.live.com/rs/RoamingSoapService.svc" is keep getting "decrypt-

...

11.jpg
12.jpg
bpeeri by L2 Linker
  • 7633 Views
  • 5 replies
  • 0 Likes

Resolved! Native VPN client on android phone

I recently upgraded my PA 5050 to 7.1.9. Before that users could connect to the VPN could connect via their native VPN client on their android phones and today I got a call saying one user no longer could and it was failing on the encryption. Any ide

...

jdprovine by L4 Transporter
  • 10863 Views
  • 28 replies
  • 0 Likes

Resolved! application 'ms-ds-smb' is not a valid reference

Hello,

 

We are seeing the following error occurring when trying to commit changes. 

Validation Error: 
rulebase -> application-override -> rules -> SMB -> application 'ms-ds-smb' is not a valid reference 
rulebase -> application-override -> rules -> SMB

...

Farzana by L4 Transporter
  • 3876 Views
  • 1 replies
  • 0 Likes

Resolved! Confused About User-ID and User Mapping

Regarding the User-ID Agent (Active Directory) feature of the firewall, I’m confused as to the difference and need for either the User Mapping and/or User-ID Agent. Is the User Mapping feature replacing the User-ID agent?

The units we have were setup

...

Time for my annual 'GlobalProtect UI is not good enough' post

I've been complaining about GlobalProtect's lackluster UI for years now. 

 

Here's my post from 2016 complaining about the issue:

 

https://live.paloaltonetworks.com/t5/General-Topics/New-Global-Protect-3-0-is-not-good-enough/td-p/75922

 

Here's my post fr

...

pmc by L2 Linker
  • 4429 Views
  • 3 replies
  • 5 Likes

GlobalProtect Panel suppression

We have Global Protect set up to use user-logon and use user certificastes issued by our PKI to authenticate users.  When a user logs in while connected to an external network, it connects just fine.  But when a user logs into windows while connected

...

ACC Dashboard

So I know that within in ACC dashboard there is a Risk  Score Displayed. There is also  Rule list that  that shows  risky app assosciated  rule name . My question  is  does Panorama give you overall risk score  for the rule itself? For example what i

...

PA-5220 AUX ports SFP+ module attributes

Hi

 

I found this

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-check-the-media-type-on-the-interface-of-a-Palo-Alto/ta-p/71362

 

which gave me this

show system state filter sys.s1.p*.phy

 

But this I don't think shows me aux1 or aux2.

 

Any

...

Aged-out issue

Hi,

 

I have configured PA on Azure but it is unable to ping to PA.

It always shows that "aged-out" as error message.

Once I ping to proxy-server on Azure, the log is shown on PA but it is aged out and could not get the response.

I did set up Static route

...

Resolved! IKEv2 Site to Site VPN to Cisco ASA5540

Hi folks,

 

Are there any Cisco ASA specialists out there?

We have a problem with a site to site vpn connection between paloalto and an ASA 5540. Actually the problem seems to be on the ASA side.

 

The proxy id's on the PA are configured like this:

Remote

...

Remo by L7 Applicator
  • 6112 Views
  • 6 replies
  • 1 Likes
  • 23823 Posts
  • 112 Subscriptions
Top Liked Authors
Labels