General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Global Protect DHCP Options

I have a PA-500. I have a basic configuration for Global Protect up and working - certificates, agent settings, etc. All is well. The client can route to internal resources as expected.

 

Now, the next step I need to take for these VPN clients in trans

...

mkeller by L1 Bithead
  • 2540 Views
  • 4 replies
  • 0 Likes

OpenVPN behind PaloAlto

Hi!

 

We can't get OpenVPN to work. Our Juniper-SA works well.

 

The setup is only working without Firewall:

Laptop (static IP 80.0.0.4) attachted to an switch and the OpenVPN server attached to the same switch (eth1, dmz)

 

 

Our Policies:

 

Monito

...

palo-config-policy3.png
palo-config-monitor.png
Morneweg by L1 Bithead
  • 2469 Views
  • 7 replies
  • 0 Likes

DNS + GlobalProtect broken in pan-os 7.0.3

Hi Everyone,

 

A quick run through my configuration:

 

I am using LDAPS; In Device -> Server Profiles -> LDAP and Device -> User Identification -> Server I am using DNS A records instead of IPs for my Active Directory servers; this is to ensure the d

...

Logs when upgrading WildFire by using Panorama Templates

Hello all,

 

I have some Firewalls being managed by a Panorama and the WildFire upgrades is one of the features being pushed from the Panorama by using Templates. I´m curiouos about the logs that I receive in the Firewalls where I see that Wildfire i

...

wilfire_upgrade_logs.gif

Block the remote desktop acces with Palo Alto Network

Hello,

 

In or company i need to block the remote desktp access of a specific address to the critical server like database server.

I add a security rule in the PA-500 by block (ms-rdp and t.120) applictions to a specific address by without any result

...

RCHAIBI by L2 Linker
  • 4029 Views
  • 8 replies
  • 0 Likes

NAT and site to site VPN

Hello,

 

We're trying to build a Site to Site VPN connection with an other company. They are installing software on two of our servers (10.130.0.100 and 10.202.20.20) and they need the VPN to automatically transfer configuration and other files.

The

...

VPNPrblm.PNG

Resolved! Panorama Dynamic Updates

I see three locations for Dynamic Updates while logged into the Panorama device.

 

  1. Panorama Tab >> Dynamic Updates
  2. Panorama Tab >> Device Deployment >> Dynamic Updates
  3. Device Tab >> Dynamic Updates (for each Template)

I think I know what 2&3 are for.  

...

Blocking Malware Callbacks

Malware Callbacks for command&control and also for data exfiltration are often transported in

HTTP POSTs.

 

The URL blocking of category malware URLs seems only to block the HTTP response. The GET or POST request seems to pass untouched to the server

...

Unibw by L2 Linker
  • 1804 Views
  • 2 replies
  • 0 Likes

Interface question

Hi!

 

This is our network:

 

My question is about interface 1/6:

I can ping the juniper from outside the network. But I can only ping the OpenVPN Server if I configure the IP-Address 80.0.0.5/32 explicit in this interface. Without this entry (80.0.0

...

netz-skizze.jpg
interface-aktiv.png
Morneweg by L1 Bithead
  • 1051 Views
  • 3 replies
  • 0 Likes

PA200 stops forwading traffic

Hi,

 

we have a pa200 (6.0.8) whichs suddenly stops forwarding traffic. So we had to reboot the device via managment UI to fix the problem. After doin some research i found this knowledge article from palo alto:

 

https://live.paloaltonetworks.com/t5

...

voip_class
iweltag by L2 Linker
  • 830 Views
  • 2 replies
  • 0 Likes

Resolved! PA-500 destination NAT not working on PAN-OS 7.0.3

Hi guys,

 

I have a Zabbix monitoring server on an external IP/network which is listening on port 10060. I have a zabbix agent installed on my internal windows server that is also listening on port 10060. The server will make requests to the agent to

...

Top Solution Authors
Top Liked Authors