General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 14545 Views
  • 1 replies
  • 4 Likes

Resolved! Cisco VPN Client Timeout

Hello,

we are using Cisco VPN Clients to connect to our Palo Alto Network Device, it works like a charm, but the user are logged out after one hour.

The timeout for  Login Lifetime is set to 30 day, and the Idle Timeout is set to 8 hours.

Any suggestion

...

Statefull or not statefull

We recently purchase pa3020s for mainly application control reason and put them behind cisco ASAs.   I set up trust-to -untrust policy which applies to outbound internet traffic. I denied unwanted apps and allowed rest using user group mapping.   tha

...

awarsame by L1 Bithead
  • 2570 Views
  • 13 replies
  • 0 Likes

globalprotect client for android

I have the globalprotect client installed and working for pc's but I downloaded and installed the client on my android and it looks like it is trying to connect or is connecting then it pops up my username and password box again. I checked the traffi

...

jdprovine by L4 Transporter
  • 1145 Views
  • 5 replies
  • 0 Likes

Globalprotect vpn access permissions

I want to give different access permission to different group when they access the network using the globalprotect vpn client. I have it configured but its now allowing me to pick the specific group that I want the access for

jdprovine by L4 Transporter
  • 2985 Views
  • 9 replies
  • 0 Likes

About vulnerability signatures 'HTTP SQL Injection Attempt'

Hi colleagues,

There are 17 'HTTP SQL Injection Attempt' signatures in last threat db(499). I know that there are a lot of techniques for sql injections, but it would be great if Palo Alto marks a bad part in SQL query or writes a more complete descri

...

faust by L1 Bithead
  • 2777 Views
  • 0 replies
  • 1 Likes

URL Filter Question

Does PA not do DNS lookups on URL filtering?

We have an FQDN being blocked as malware, but the site can be accessed if the IP address is used.

thx

//moe

Firewall between host and gateway

Sorry if this is really basic but...

I have configuration where, we've added a gateway to a subnet that we only want one host to be able to access to get offsite.  The gateway is on the other side of a vwire in the same subnet space obviously but in a

...

epeeler by L2 Linker
  • 2086 Views
  • 6 replies
  • 1 Likes

Delay with User-ID and Captive Portal

HI,

This is only theoretical for me as I don't use captive portal (yet) but I noticed a problem.  I am successfully authenticating pretty much all my users, but quite often I see a few flows at the start of a user session which doesn't have a user-id.

...

djr by L3 Networker
  • 1461 Views
  • 3 replies
  • 0 Likes

PANOS 6.14 issue 69324 fixed

From the Release Notes:

Fixed an issue where a Log Collector group

configured with local as the group name

triggered a reboot loop. With this fix, local is

no longer allowed for use as the name of a Log

Collector group.


That's great, but what happens i

...

djr by L3 Networker
  • 670 Views
  • 0 replies
  • 0 Likes

Resolved! create a any-ipv6 address object

Hey all,

Is it possible to create a any-ipv6 address object?
I tried with an object "::/0" (same syntax used to configure default route) but this seems to hit any-ipv4 address as well.

Tried this in PanOS6.0.10, PanOS6.1.3 and PanOS7.0.0.0b23

mr.linus by L4 Transporter
  • 2279 Views
  • 4 replies
  • 0 Likes

New NGIPS NSSLabs report for PaloAlto!

Hello

You can download a copy from http://connect.paloaltonetworks.com/nssreport-success

Has anyone link from such test for other vendors (from this year tests)?

You can compare it with https://info.sourcefire.com/NSSLabs_NGFW.html

Regards

Slawek

_slv_ by L4 Transporter
  • 884 Views
  • 0 replies
  • 0 Likes

PA URL FILTERING UPDATES force to update the HA peer

Hi, i have 2 palo alto 2050 in HA (active/passive). The active HA has intenet acces in order to take the palo lato updates but the passive PA doesnt have access to internet. The problem is that the active PA has a URL version updated but the passive

...

SOC_CSG by L4 Transporter
  • 7199 Views
  • 12 replies
  • 0 Likes
Top Liked Authors