General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 192 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 874 Views
  • 0 replies
  • 0 Likes

Resolved! User-ID and child domain Global Catalog server

Hi,

 

I have a deployment question in regard to User-ID and multi domain.

 

If we are trying to pull group mappings and have user ID setup only on a child domain server through GC LDAP,  the user credentials used to login and thus pick up with the userid

...

Davyboy by L1 Bithead
  • 5464 Views
  • 3 replies
  • 2 Likes

Filtered OSPF

I would like my PAN 5060 to learn one route from my OSPF infrastructure generally - but no others. The idea is that when this route is availalbe traffic would flow to the inside trusted interface of the PAN. But if that route drops out due to WAN cir

...

palomed by L3 Networker
  • 2603 Views
  • 3 replies
  • 0 Likes

SSH Brute Force and IP exception

I have vulnerability profile with action for High severity signatures as "alert".  I then configured an exception for SSH Brute Force (ID 40015) as "block-ip, src and dst (30 mins)". Everything worked well until we had issues for the systems exiting

...

NTLM authentication problems

Hello,

I`m trying to configure NTLM Authentification over Captive Portal for users in my network. I have PA-500. I set the next configuration parameters:

1. LDAP Server Profile

2. Authentication Profile

3. Authentication Policy (Authentication enforcemen

...

niitnn by L1 Bithead
  • 4904 Views
  • 8 replies
  • 0 Likes

Pan-OS 8.0 and PA-200

Has anyone upgraded a PA-200 to PAN-OS 8.0? If so have you seen a performance hit at all? Notice a difference in how long things take? Commits? Response time? How long did the upgrade take? Did it take the 50-60 minutes Palo says? If so is that sitti

...

JeffTQT by L2 Linker
  • 6049 Views
  • 8 replies
  • 1 Likes

Resolved! How PA deals with packets with bad checksum?

Hey Guys,

 

Just trying to find out if someone knows, what PA policy is regarding packects with bad checksum?

Will they be allowed through the PA, or PA silently drops those packets or sends back a reset to

the source?

 

Any help appreciated.

 

Thanks,

Fatema

...

Fatema by L2 Linker
  • 6035 Views
  • 2 replies
  • 0 Likes

BGP peers transit sessions flapping

Hi Guys,

 

PA-5050 is a transit device for four BGP peers. Had no flapping since 2015 on PAN-OS 6.0.12. After upgrade from 6.0.12 > 7.0.11 BGP peering no longer stable:

 

 

Can anyone advise something? Apart of the increasing a timeout session under the a

...

BGP flapping.png

GlobalProtect Patch management Issue

Hi everyone,

 

We have a (HIP) check list of security requirements (joined domain, antivirus version etc… ) for our user machines must be comply with this list before our VPN user can access corporate servers. 

 

We want to add Microsoft Patches (updates

...

GP V3.1.6.PNG

MineMeld sudden_death...how does it work?

I need some help understanding the sudden_death behavior with a MineMeld miner/prototype.

 

From the documentation[1], I understand that sudden_death is designed to immediately age out indicators when they disappear from a feed.

 

Is it comparing the cur

...

BRosenba by L1 Bithead
  • 3144 Views
  • 3 replies
  • 0 Likes

PA-200 Pan OS 5 12 **anyone with a config file?**

I've about ripped out enough hairs no matter what config or method or video i try my setup doesnt work. I know its a check box or something.

 

I just want a basic/simple config

 

 

I'd like all ports 2/3/4 usable on same subnet with nat/dhcp

port 1.1 as wa

...

Resolved! Using PA-200 for home internet router?

Hello folks,

 

I recently bought a used PA-200 software version 6.1.4 for learning and testing purposes. 

I replace my home Linksys with the PA-200 following this article to configure.

https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-U

...

OMatlock by L4 Transporter
  • 8001 Views
  • 9 replies
  • 0 Likes

Application & URL Filtering/ Blocking

Hi

 

 

I've been this question, and I'd assume we'd need to block under both but I just want to make sure.

 

If we block a URL e.g dropbox, does this block the application as well or do we need to double up and also block the application itself under file

...

Mlangley by L0 Member
  • 2113 Views
  • 2 replies
  • 0 Likes
  • 24009 Posts
  • 115 Subscriptions
Top Solution Authors
Top Liked Posts
Top Liked Authors
Labels