General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Policy lockdown question

Hi all, maybe obvious question but it there was to lock down a firewall policy to just a particular. Example only John Doe can make changes to Rule#1 and 2

Resolved! Github Pan-configurator tool

Trying to install and use Pan-migrator what does below mean and how does one resolve it


C:\Users\frankcl\Downloads\dev\dev\pan-configurator>git pull origin master
fatal: unable to access 'https://github.com/cpainchaud/pan-configurator.git/': Could n...

GP certificate differences in 2.3 and 3.1

Hi,

 

We have an internal CA, we have a certificate generated and it is used for GP portal/gateway only, clients are authenticating via usual credentials. Nothing fancy overall. So there are external clients who do not have CA cert installed, so they a

...

nikoo by L3 Networker
  • 1608 Views
  • 1 replies
  • 0 Likes

Resolved! CLI command to disable power supply

Hi

 

Does anyone know of a command to disable one of the power supplies on a PA5000 series firewall (for the 7.0 software train) please? I need to disable one of the power supplies on a remote firewall and dont have the option of pulling the cable manu

...

Resolved! MineMeld syslog indicator rules

Hi all,

 

I've successfully connected my firewall to the syslog miner and can see logs arriving. I believe I now need to create a rule to match logs to extract the indicators.

 

Here's my recieve stats from the miner:

Here's the rule I'm trying to c

...

miner-stats.jpg
rule.jpg
tkirk by L1 Bithead
  • 9895 Views
  • 6 replies
  • 0 Likes

Removing interfaces off a VM-series HA pair

As per title, functionally, this is easy to do.

1. Shut VM down.

2. Remove interfaces from virt solution configuration for the VM

3. Power up. 

4. All is well.

 

But, in a PAN VM-series HA pair... I'm worried that I might have to shut both down AT THE SAME

...

mpgioia by L3 Networker
  • 1617 Views
  • 1 replies
  • 0 Likes

Import from xml of a 2 vsys system

I have an xml config export from a PoC system that had 2 vsys configured. Is there a way to peel out one of the vsys configurations from the xml and import vsys1 only?

RFalconer by L3 Networker
  • 1889 Views
  • 1 replies
  • 0 Likes

url-filtering


Hi,

In url filtering adult-and-pornography blocked . But la-xxx.com can accesible
xxx.com not blocked

 

1)
test url la-xxx.com

la-xxx.com adult-and-pornography (Dynamic db)

2)
test url xxx.com

xxx.com adult-and-pornography (Base db)


other info
----------

show ur

...

sib2017 by L4 Transporter
  • 4010 Views
  • 8 replies
  • 0 Likes

Two L3 interfaces on One Zone

 

 

 Hi,

 

 

in the setup of the above diagram , I need to run OSPF on Paloalto between two Core-SWs, so I have to create two L3 interfaces  Point to Point with the two SWs.

 

the two core-SW is considered as inside for me , so from the prespective of routi

...

Question.jpg

Resolved! Create threat signature

Hi Guys,

 

I need to know if I can create a threat signature in case I've only the malware hash.

 

Is it possible to do on PA?

 

If not, Is there any other way I can block malwares based on hashes only?

 

Regards,

Sharief

Troubleshooting ipsec tunnel setup.

I have setup ipsec between PA200 and cisco device. When trying to bring tunnel up not even able to establish phase1.

Getting following errors in logs. I have keyed in pre-shared key again on both the sides.

 

ikev2-nego-child-start:'IKEv2 child SA negot

...

  • 23692 Posts
  • 105 Subscriptions
Top Solution Authors
Top Liked Authors
Labels