General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Disk usage for / exceeds limit, 95 percent in use, cleaning filesystem

Hello,

Since upgrading PA-200 to 8.0, we’re having disk space issue more often.

It seems to be due to excess logging, which we clear up.
Is there a way to automatically clear these logs once the disk hits a lower threshold?

Thanks in advance.

Minemeld no webpage anymore

Hi,

I have installed Minemeld on a Ubuntu 14.4 virtual machine more than a month ago. All worked well, updates, webpage and all.

Today I noticed there is no webpage anymore to login to. Ping resolves so network seems ok.

I have restarted the VM and tri

...

Resolved! MineMeld CentOS/Docker Stability

What is the current standing of the MineMeld CentOS docker deployment model?

The latest post I have seen from @lmori (29/11/2016) is that it is "quite stable now and supported".

Could we get an update on PA's current stance on this deployment mod

...

Resolved! Any Packet Lost when Changeing Interface Type from HA to Aggregate (of HA type)

We have an Active/Active PA-5050's in production with HA3 running on a single ethernet (1GB).

I need to know if there will be any packet lost (HA packet forwarding) if I change this interface from HA type to AE type/AE group (e.g. ae8). Considering t

...

New PA user and currently concerned

Hi

I am a new PA user, purchased a pa-850 and 2 x PA5220's

Adding these to my OSPF network, i have setup a policy "network protocols" that allows OSPF.

But for some reason in my log, I get OSPF time out session and aged out sessions and sessions that

...

Palo alto Globalprotect remote vpn

Hi All,

Just want to know if i can use single VSYS to configure globalprotect remote vpn access for different customer with different ip range.

Resolved! Pan Configurator service-edit.php

With Pan Configurator service-edit.php if I want to delete unused objects is it possible to set a count limit? For exampel I dont want to do all 500 at one time unt say 100 at a time. Look to see if there is a string like "maxcount' to end comman

...

Possible to stop local account passwords syncing when in HA

Hi All,

We are currently in the process of roling out a Privielged Account Security platform to mange and rotate passwords across all of our devices.

We have ran into a snag with the PAs because of the password sync when in HA...

Is there a way to

...

Resolved! Checking Global Protect Client Status via Command Line

We have had a heck of a time getting Global Protect 4.0.2 deployed in our environment. One of the things I am coming across is that the install goes fine, at least accoring to the exit code on msiexec and in looking thoguht the log created by msiexe

...

Port Scan Options

Hi all,

Looking for some feedback from anyone else who has run into this issue before.

Basically we have zone protection set up for our Wifi and ResNet security zones. Included in this zone protection is a block-ip rule for port scanning. We've rec

...

Custom application tutorials?

Anyone know where I might find an in depth tutorial on creating a more advanced custom application? The tutorials I've found have all been HTTP related, which is great, but I was hoping to find something that did something a little more complex like

...

How to convert security policies into an excel file in Palo Alto Firewall

I am looking for a way to convert exsisitng security policies in PA firewall in PAN-OS version 7.0.x to an excel or CSV file. I found no valid way or documents. Can any body help me.

Cheers

Yasir

Resolved! How to specify which program generates malicious traffic?

Hello all,

I know this question is outside of the PAN device matter.

But my customer asked me how to specify the program on his computer for removing malicious program.

Let me tell you exmaple:

When I see threat log, it shows

Src 192.168.1.1:12345

Dst

...

Resolved! PA cannot distinguish between Dropbox and Cloudfront

Hi,

PA does not seem to be able to distinguish between Dropbox and Cloudfront. In the Traffic logs, all sessions are identified as dropbox-base. Outputs from show session id:

DROPBOX:

start time : Thu Aug 3 09:58:15 2017
timeout : 120 sec
total byte cou

...

Unable to probe IP x.x.x.x, list is full with 201 entries, currently probing 40 IPs

Hi...

i have two PA Boxes(4.1.9) and one User-ID Agent(5.0.4-5)

i've got unknown message from User-ID Agent log.

===== UaDebug Log =====

06/17/13 08:57:50:139[Debug 911]: Unable to probe IP 172.19.73.93, list is full with 201 entries, currently probin

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Resolved! Disk usage for / exceeds limit, 95 percent in use, cleaning filesystem

Minemeld no webpage anymore

Resolved! MineMeld CentOS/Docker Stability

Resolved! Any Packet Lost when Changeing Interface Type from HA to Aggregate (of HA type)

New PA user and currently concerned

Palo alto Globalprotect remote vpn

Resolved! Pan Configurator service-edit.php

Possible to stop local account passwords syncing when in HA

Resolved! Checking Global Protect Client Status via Command Line

Port Scan Options

Custom application tutorials?

How to convert security policies into an excel file in Palo Alto Firewall

Resolved! How to specify which program generates malicious traffic?

Resolved! PA cannot distinguish between Dropbox and Cloudfront

Unable to probe IP x.x.x.x, list is full with 201 entries, currently probing 40 IPs

IKEV2 w Cert - Wildcard peer for DN does not work.

Transferring assets from one CSP Tenant account to another

Proper "outside" interface configuration

Configuring Palo Firewall into an IDS

A question about ECMP

Re: MFA external provider question

Re: GlobalProtect 6.3.3

Re: SPARE device usage

Re: Upgrade path to 11.2.5 from 11.0.0 on a PA-410

Re: Global Protect application blank screen

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! Disk usage for / exceeds limit, 95 percent in use, cleaning filesystem

Resolved! MineMeld CentOS/Docker Stability

Resolved! Any Packet Lost when Changeing Interface Type from HA to Aggregate (of HA type)

Resolved! Pan Configurator service-edit.php

Resolved! Checking Global Protect Client Status via Command Line

Resolved! How to specify which program generates malicious traffic?

Resolved! PA cannot distinguish between Dropbox and Cloudfront