General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! SSL application undefined in monitor

Hi,I'm changing server but I assign it the same IP addresses of the other server with the same name because this is a Vmware P2V.After migration there strange effect on this. Some sites go on other are down. If I view in monitor section "session browser" in those IPs I can view "undefined" and not "ssl". What have I to do to start alla websites ...

s_quasar by L3 Networker
  • 6698 Views
  • 7 replies
  • 0 Likes

Resolved! How do I controle session time out ?

HelloI use PAN-OS 7.1 I want to controle session time out in only any policys. In this case, use custom application setting?First time I will use it. Already, set meny policys and use same port.One case, I want to use factory default session time out.Other one case, I want to set sesstion time out to 4000 seconds. ------------------------Examp...

awawa100 by L2 Linker
  • 2727 Views
  • 1 replies
  • 0 Likes

How to block a Specific `https` Site(internal DMZ) with URL Filtering

Im new Paloalto FW and welcome any advice. I`ve applied url block a Specific web site(internal DMZ serverfarm) From Untrust access /w Paloalto pa3020/os 6. Exist system was `https ssl` decrypted. So, when I get into the site with `http`Its blocked with FireWall But when I get into the site with `https' Its not blocked. My question is How can I ...

JoDW78 by L0 Member
  • 2631 Views
  • 1 replies
  • 0 Likes

Resolved! Email Scheduler with Thrid Party

Hi everyone Someone have problem when trying send test email using smtp.office365.com or smtp.gmail.com in Email Server Profile? Because when i try, this error appear I suppose that need authentication, but i didn't found where i could set the credentials in the PA Maybe the solution can be configure a smtp relay, but im not sure Thanks in adva...

Sin título.png

Resolved! Method Upgrade PanOS and impact upgrade

Dear All I want to know, method upgrade and impact if we are wrong away. In guide PA : Determine the upgrade path.You cannot skip installation of any major releases in the path to your target PAN-OS version. Therefore, if you intend to upgrade to a version that is more than one major release away, you must still download, install, and reboot th...

java exe Download being blocked

Hi Turned on protection on one of my links and now it seems like jdk-8u131-windows-x64.exe is being blocked I can see this on monitor / data filtering category = computer and internet info name Mictosoft PEID 52060 I'm lost how I put in an exception - or where to put in an exception. Also the web page that comes up is file transfer blocked

WIldFire status: Disabled due to configuration

Hi PA community, We have two 5060 appliances in active-passive HA mode.We also have WF-500 as private cloud and "Cloudwildfire.paloaltonetworks.com" as public cloud. We have a problem in one of the appliances (Whether she is active or passive):test wildfire registration This test may take a few minutes to finish. Do you want to continue? (y or n...

Erez by L1 Bithead
  • 8734 Views
  • 9 replies
  • 0 Likes

Best way to add application

Hi I want to give my users access to bitbucket via ssh. This is provided on port 7999. So 2 ways I think i can do this. create a service TCP-7999 Bitbucketadd policy with application ssh and service TCP-7999 or I can create a custom applicaiton on port 7999. then i have to do a applicaiton override. so which is the better way , I am thinking th...

Ideas for new and/or updated KB articles

With the ever-growing plethora of features in Palo Alto Networks firewalls and Panorama, keeping up with the knowledge is vital. In the world of Network Security, there is very little room for the 'unaware' and 'unprepared'. At LIVE community, we are constantly adding up-to-date and relevant articles, which can not only make you aware of our NGF...

ansharma by L4 Transporter
  • 8261 Views
  • 8 replies
  • 2 Likes

URL filtering - no response page appears with https site

Hi, On my PA-200, I use URL filtering to block the access to some http and https site. For https sessions, the response page is serving without SSL decryption. I use this command: set deviceconfig settings ssl-decrypt url-proxy yes I use also a intermediate CA certificat generates by our organization for Forward Trust. The response page is also ...

sam76 by L0 Member
  • 4450 Views
  • 2 replies
  • 0 Likes

Wildfire scheduled updates through Panorama

Is there any way to schedule Wildfire updates to kick off only a couple of times a day? I know we can do every minute, 15, 30, etc. Due to the connections and the environment I have 1500 firewalls I need to schedule the push to only be twice a day. Is this possible? Is that ability coming?

JeffTQT by L2 Linker
  • 2744 Views
  • 1 replies
  • 0 Likes

Limting Globalprotect client access via IP address

Is there a way to allow specific GlobalProtect users to only connect from specific public IP addresses? For example say I only wanted to allow user1 to connect from IP address 1.1.1.1, and if user1 connects from any other public IP address, or if user2 is trying to access from 1.1.1.1, to have that access be denied?

Resolved! Newbie question on polices

Hi Got to test pa-3060's got them setup in HA active active mode. I have a LACP trunk setup with 2 vlans of it. vlan 213 - zone trustedvlan 215 - zone devi have ospf and ip addresses assigned and working on the 213 side of things. so I can ping it from the rest of my network.vlan213 gets DGW from OSPF. I have .2 and a .3 address assigned to pa1 ...

Resolved! OSPF LSA Threshold: Security Finding

Wondering if there's a way to configure a threshold for OSPF LSA updates/messages?Or if such a threshold is already in place by default on Palo Alto firewalls. Something that can maybe drop anything more than say 7 LSA messages in 5 minutes.Apparently, there's a security threat related to a device getting DOS'd by an overwhelming flow of LSA me...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels