General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! SCP Export Query from Panorama

I'm having a bit of trouble with the format for exporting traffic logs from Panorama for a particular user. I've setup the CLI command as below but the resulting csv file is empty. scp export log traffic query "user.src equals <username>" ...scp export log traffic query "username equals <username>" ... I've also tried "equal" instead...

Ash2k by L2 Linker
  • 4439 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama Device groups and pre and post policies

Hi Okay just to under stand if I have a device group TopMiddlepa and I place my device in pa group and i have rules security in the pre sectiontop -> Rule 1middle -> rule 2pa -> rule 3 how does that look on the actual PA. if I look at my device security will the policies be rule 1rule 2rule 3 or rule 3rule 2rule 1 and i presume its &...

Resolved! App-id and Migration Tool with Panorama

Hey all, I use Panaorama to manage our firewalls. At the time of our deployement we simply just migrated the existing ASA configuration to the PAN Firewalls to get them up and running as fast as possible. We would now like to migrate our service ports to App-id. I found out how to do this during Ignite 2017 using the MIgration Tool but it was ne...

JDenton1 by L1 Bithead
  • 8820 Views
  • 6 replies
  • 0 Likes

Report not showing URL by name, just IP

Hello, We are new to using reporting on the PA 3020. When we run reports, specifically a user report, we would like to see the URL by name of the location on the Internet our user was visiting. However, as shown in the included photo, some URL's are decoded and some still show IP only. Is there a config or something we've missed? Is there a meth...

Capture.PNG

Resolved! Long Term User Activity Logging/Reporting Options

We have 2 3050 appliances (not in HA) managed by a Panorama VM. For now all are running version 7.0.x but we are upgrading to 7.1.x in coming months. We may have a requirement to retain user activity logs (mostly URL activity) for a minimum of 6 months to a year for around 1100 users. Looking for recommendations if we should increase our Panoram...

How to configure MineMeld to forward Logs to RSA Security Analytics

I want to forward the output of output nodes in minemeld to SIEM, I want to see the output indicators in Security Analytics to create rules and when an indicator match generate an alert, actually I have configured PaloAlto Firrewalls with Dynamic List but I would like to send output indicators to SIEM

vhgambit by L1 Bithead
  • 6245 Views
  • 3 replies
  • 0 Likes

Available Feeds

I'm looking to understand what are the available address feeds which can be consumed from Minemeld. Is there somewhere I can look this up, without installing it?

Resolved! Site 2 Site VPN

I have an issue where we have ike traffic comeing from the end point which is being allowed but the ipsec-esp is being caught by the deny all rule. The strange thing is that the the rule to allow ike and ipsec-esp is on the same rule. We do carry out NAT on the public IP for some ports , is this this the issues Can any one please point me in th...

Untitled.png
RC-BHF by L2 Linker
  • 4096 Views
  • 4 replies
  • 0 Likes

"Change Monitor" Reporting

Hi community PAN has this really nice feature called "Change Monitor" in the WebUI under monitor tab>App Scope. Unfortunately this feature is only available in the WebUI and not in Custom Reports or by API. Has may be someone found a custom solution on how to get the outputs from the "Change Monitor" into periodic/daily automated reports or m...

Remo by L7 Applicator
  • 3054 Views
  • 5 replies
  • 0 Likes

Time out Oracle sessions

Hi, We have problems with time-outs in Oracle connections. We are seeing how the BBDD sends keep alives and in the FW is increased the number of packets when passing the keep-alive packet, but following one of these connections, in one of them we did not see increase the number of packets in the firewall, And the time to live of the session is n...

Help understanding the alienvault otx process

I have an alienvault otx miner set up. I would like to subscribe to a lot of the pulses published there, however it's as though the feed isn't presenting or something along those lines. I've had it running for a decent amount of time and the amount of indicators is fairly small. Other than subscribing in the otx web interface is there anything...

chirss by L3 Networker
  • 4637 Views
  • 2 replies
  • 0 Likes
  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels