General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Sophos Install & Updates From DMZ

Anyone create a policy allowing a Sophos AV install and then Updates form a DMZ? I have created such a policy but still seems to be an issue. The security policy has all the source and destination zones and the destination host are any. I am then allowing the following applications (not using ports at all)dnsms-ds-smbmsrpcnetbios-ccsophos-live-p...

Resolved! PanOS 8.02 and UAgent 7 vs UAgent 8

Hello. I have recently upgraded our PA-5050 to PanOS 8.0.2. I went to upgrade our UserAgent from v 7.0.7-13 to the new 8.0.2-20 version on our Windows Domain Controllers I was getting errors during the install process and then realized our DCs were NOT 2008R2, only 2008 Service Pack 2. I also noticed we do not run any "read-only domain controlle...

dannon by L3 Networker
  • 2925 Views
  • 1 replies
  • 0 Likes

Source Users don't show up in Traffic & Threat

My problem is the Source User in Monitor > Logs > Traffic & Threat don't show for all users. All other columns including Source and Destination IP are displayed properly. The unshown users can be from trusted lan/wlan/vpn zones and is going to trusted lan or untrusted wan zones. The application they run can be ssl, facebook or dns.....

Resolved! TLS/SSL profile for PORTAL + GATEWAY (GlobalProtect); must have valid cert for GATEWAY ?

I posted a question here in a config article.https://live.paloaltonetworks.com/t5/Configuration-Articles/Certificate-config-for-GlobalProtect-SSL-TLS-Client-cert/tac-p/158713#M2099 PORTAL just lets me hit 'accept' anyway. (of course.. as it's all self-signed..)But GATEWAY won't let me continue ? Server certificate validation failed (again... ma...

mpgioia by L3 Networker
  • 4038 Views
  • 2 replies
  • 0 Likes

Missing config after panorama upgrade

Hi, we had a problem upgrading our panorama long time ago, after upgrade to 7.0 x we lost some config (URL filtering profiles, Custom url category, application filters), so we had to add all these config by hand Yesterday we upgrade again the PA from 7.0.x to 7.1.10 and the problem happened again, we have lost some part of configs (one prerule, ...

Forcing TLS/SSL decryption to cipher suite PAN can decrypt?

We're on 7.1.x and use SSL decryption on traffic coming in to sites we host. Is there a way to force the SSL traffic to a (strong) cipher suite(s) that the PAN can decrypt please? I found this KB but I'm not entirely clear if this lets you mandate only cipher suites that can be decrypted? https://live.paloaltonetworks.com/t5/Configuration-Articl...

Site 2 Site VPN

We have a S2S VPN set up with a Juniper SRX at a partner site.The P1 key life time is 8hr and P2 life time is 1hr We are seeing that the VPN drops quite frequiently. After they have had a look at the logs they are saying that during the re-key phase our end is timeing out. I am not sure how to get debug logs , we run PAN OS 7.1.7 The have provi...

RC-BHF by L2 Linker
  • 4701 Views
  • 6 replies
  • 0 Likes

Resolved! Different source user in Monitor tab

Hello, Can you please advise why sometimes 1 user can show up with a different credentials in the Monitor tab? Please direct me to a KB/Article to rectify the issue.For example:Source user:abcd\joeabcd.com.au\joeThis causes some applications are being denied because of the false user information is not in a appropriate security group. Thanks in ...

Farzana by L4 Transporter
  • 3532 Views
  • 4 replies
  • 0 Likes

Question to disabled applications

Hey guys! I spotted some error messages in the system log of a PA-3020: Disabled applications in vsys1. After some research I found out that new apps in content updates will be disabled. My question is: What am I supposed to do now? Can I enable all disabled apps? Will that have any impact? Can I enable new apps in content update? Thanks!

MPI-AE by L4 Transporter
  • 6850 Views
  • 7 replies
  • 0 Likes

Resolved! Untrust certificate issue

Hello, Our guest users are seeing untrusted certificate errors on every response pages.An internal CA certificate (issued from enterprise CA server) is used but we can’t push the certificate to the guest users as trusted CA as they are not internal users. Please suggest a way to resolve this issue. Thanks in advance.

Error.png
Farzana by L4 Transporter
  • 2531 Views
  • 1 replies
  • 0 Likes

Resolved! How to add "/ (slash)" at the end of URL

Is it possible to make a topic for the under URL of xml ? https://support.content.office.net/en-us/static/O365IPAddresses.xml Currently, existing custom URL categories have a trailing "/", so I want to make it the same. Regards, Naoya

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels