General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 331 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3687 Views
  • 2 replies
  • 14 Likes

Setting Up MS DirectAccess

Trying to configure DireectAccess (Windows Server) to work but I believe it is failing due to the Palo Alto. I created a custom application and application override for the ports needed but still failing. Per a Microsoft Document, "the firewall has t

...

jharlow by L3 Networker
  • 2978 Views
  • 3 replies
  • 0 Likes

Resolved! Seperate Internet Connections

Hi

First time here, so after some advice.

We have a Palo Alto 3020 providing internet access and DMZ, all is running fine.

I have to order another internet circuit, which is the best way to connect / configure this?

 

1. Create an LACP port channel on the

...

Resolved! Subordinate CA creation for SSL Decryption

Hello,

   I am attempting to set up SSL Decryption on a new firewall and trying to create a Subordinate CA with our internal Microsoft Certificate Services.  I am in the process of generating the CSR on the PA, but I am a little confused on what the C

...

Virtual Wire + vPC

I’m considering the following  ( Active / Passive Virtual Wire + vPC ) configuration in my primary Datacetner. I really don’t want to lose the current vPC redundancy that I have in place today. Today I can cut, unplug, power off, kick, shutdown, and

...

thaubein by L0 Member
  • 2018 Views
  • 3 replies
  • 0 Likes

Setting up Policy to allow all access to a squid proxy

Hi

 

Still a beginer with the PA.

 

I have a universal rule that allows from 

any zone 

my internal ip address

 

to 

ip address group that has by proxy addresses in it.

 

For applicaiton I have 

http-proxy - this covers a lot of ports

default urls

 

 

from my test  

...

Double NAT

Hi!
we have a couple of customer who use paloalto firewalls. We have always problem to connect two accesses through NAT via paloalto. We usually use cisco meraki and the communicate on the higher port numbers. It always work when we have one site that

...

majo44 by L0 Member
  • 2289 Views
  • 1 replies
  • 0 Likes

Scripting

Who can provide me with a from scratch python script to create a new firewall rule? Im not looking to use pandevice or any of Palo Alto modules on github (my compnay will not allow us it import and use it.) Looking of a script that doesn't use pandev

...

PA-500 SSL decryption decrypt-error session end

I apologize of this is a dumb question as I know that some sites will have decyrption issues, but is it normal to have a lot of traffic log entries with decrypt-error as the session end reason?

 

None of our users are complaining that they can't get to

...

gwosad by L0 Member
  • 3443 Views
  • 4 replies
  • 0 Likes

GP for many external clients

Does anyone have a good solution/setup for providing external clients with VPN access?  Not regular users/company employees.

 

We need to be able to provide these external clients access to different resources internally. IE webpages, server access usi

...

GP Agent not receiving split tunnel networks

I am doing a PoC to replace a Web Proxy. The VM is in AWS and the idea is to use the GlobalProtect agent on all the PC's and Mac's in our offices to send all Interent traffic to the VM and the Internet to utilize the PA URL Filtering, Wildfire, etc.

 

...

Resolved! Seperate URL categories for free and paid web hosting?

Hi,

 

We are seeing an influx of phishing mails trying to send users to sites hosted with free web hosting services.

 

On of the things we've done to combat phishing is blocking access to unknown domains, but every subdomain of a free web hosting provide

...

as-mg by L3 Networker
  • 1849 Views
  • 1 replies
  • 0 Likes

Resolved! malicious domain

Hi,

What is the benefit if we use sinkhole instead of just blocking malicious domain resolving

Thanks

simsim by L4 Transporter
  • 3218 Views
  • 5 replies
  • 0 Likes

Firewalls in HA, how bring them in Panorama

Hello I have a HA Active/Passive pair of Firwealls in 7.0.5 and Panorama 7.1.9

I need to import configuration into Panorama. The process below is not clear if I need to do that for both firewalls

https://live.paloaltonetworks.com/t5/Management-Articles

...

Kaliman by L2 Linker
  • 1544 Views
  • 1 replies
  • 0 Likes
  • 24193 Posts
  • 100 Subscriptions
Top Liked Authors
Labels