This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Best practiecs

Is anyone using these recommended settings?

 

set deviceconfig setting tcp urgent-data clear

set deviceconfig setting tcp drop-zero-flag yes

set deviceconfig setting application bypass-exceed-queue no

set deviceconfig setting tcp bypass-exceed-oo-que

...

jdprovine by L4 Transporter
  • 4977 Views
  • 11 replies
  • 0 Likes

PANOS 7.0 SNMP logical interface counters

I tried the feature and the RX and TX counters are a way off from the physical interface (Tested on 5060 using e1/21 and e1/22 for AE1).   I opened a case with TAC,  and this is the explaination from TAC,

 

For hardware interfaces (ethernet1/21 and e

...

When will a new GlobalProtectClient GUI/UI be written?

We've been holding off replacing our Cisco Anyconnect clients as the interface of GlobalProtect is a big downgrade for us.

 

Any idea when/if there will be improvements made to the GP UI?

 

At the moment it looks like it was developed by engineers with n

...

GPforWin7.png
anyconnectwin_reconnect2.png
pmc by L2 Linker
  • 6100 Views
  • 4 replies
  • 6 Likes

Resolved! cli: traceroute host, ping host use connected interface

Is it possible to have traceroute host and ping host default to using the interface the cli was connected to?

 

We have the Management Interface of our PA 500 set to an internal address, like 192.168.129.11.  We can connect to it from our mpls networ

...

Internal Root certificate replacement

Does anybody have any experience of changing out the internal root CA cert? Our server guys have updated our internal cert authority to support SHA-256 certs which has had a knock on affect of causing issues with our GlobalProtect gateway certs on ou

...

Crazy policies needed for BGP and VPN

Hi,

first read this article:

https://live.paloaltonetworks.com/t5/Learning-Arti​cles/Any-Any-Deny-Security-Rule-Changes-Default-Be​...

 

then

 I have this exactly behavor but I don't have wrote any/any/deny rules!

In my enviroment both intrazone-defa

...

Palo Alto NSX-Edition for multi-VC environments.

Hi all ,

 

Is there support documentation available for multi-VC implementations of the NSX-Edition ? I found plenty of good Deployment guidelines as per https://www.paloaltonetworks.com/search?q=NSX&%3Acq_csrf_token=eyJleHAiOjE0NTk4NDY1NTgsImlhdCI6MTQ

...

rherlaar by L0 Member
  • 1267 Views
  • 0 replies
  • 0 Likes

Vulnerability exemption

Hi


what is actually
simple-client-critical
simple-client-medium

 

I

 

I  want to change the default action from alert to block .
the rule is under simple-client-medium , but the search result shows it is under
simple-client-high

Thanks

 

 

 

36029.png
sib2017 by L4 Transporter
  • 1717 Views
  • 2 replies
  • 0 Likes

URL White Listing

Hi all,

 

First of all, we are impressed about MineMeld, thanks Luigi for your ideas and work.

 

We have just started to play with MineMeld and wandering the format to whitelist domains and network ranges using stdlib.listURLGeneric (as wlURL)

 

We would l

...

Resolved! CLI checking licenses

Hi everyone! 2 quick questions in 1:

 

-To be able to include a URL as destination in a policy, do I need to have license for URL filtering?

-How can I check what licenses do I have in the CLI?

 

Thank you!

No Email protection for SaaS

The closest way to protect a SaaS email soltuion I have found is Proofpoint which has a wildfire API hook option.

 

I am supprised there is no SaaS service for forwarding attechments or inline scanning of email directly from paloalto networks.

Tech101 by L1 Bithead
  • 1960 Views
  • 3 replies
  • 0 Likes

TAP mode on VM edition

Hi everyone,

 

 

is there any chance somehow to SPAN physical port from switch to VM port group in promiscuous mode, where I placed TAP port of my virtual firewall? Actually, is this supported in any way, or this interface mode is suited only for vir

...

Tician by L3 Networker
  • 1526 Views
  • 0 replies
  • 0 Likes

TAP interface questions

I'd like to monitor a portion of my network on my failover PA in TAP mode.

 

Will this affect my HA pair at all? 

 

Is it possible to set up an aggregate TAP of 2 ports?

 

thanks in advance...

  • 24208 Posts
  • 99 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks