General Topics

Radius Authentication - Passive Firewall

Hi,

I am trying to authenticate the passive firewall via Radius for management purposes.

In the active firewall I have the same radius server configured with two different secret keys (one for active and one for passive). On my radius server I

...

PCI compliance and port 443

We are employing GlobalProtect VPN on our PA, which also happens to be our intranet gateway (NAT) to the Internet. Technically speaking, the setup works very well. Because port 443 is typically open on most firewalls, we can connect to the VPN virtua

...

Objects Tab and Policies Tab: Categories for Blocking/Filtering.

Suggest a category for Social Media be added.

How to block access to internet based on User name and group

We have a request from our teachers for a way to block access to the internet based on students' username.Oh - and the teacher needs to be able to grant or deny this access from a simple interface...

Myself and my colleague are scratching our heads

...

Does PA supports Agentless Remote Access VPN

Hi All,

Please let me know, whether PA supports agentless(GlobalProtect) remote access VPN? With SSL or IPSec.

If it supports, please let me know how to configure it.

Thank you in advance..

Resolved! Does statistics for appid ssl include other appid's using ssl such as gmail-base, facebook-base etc?

This is a fork of https://live.paloaltonetworks.com/t5/General-Topics/Statistics-reports-on-how-much-SSL-traffic-you-got/m-p/67945 but with a specific question.

Dealing with reports in PA I wonder if the counters/statistics regarding appid ssl incl

...

Is there a vulnerability signature for apache commons collection?

Hello all,

My cusotmer wants to block apache commons collection of vulnerability.

I have searched it on threat vault but there is never nothing.

Is there a vulnerability signature for apache commons collection?

If no there is not, Can PA detect e

...

Google QUIC Disconnects

We started getting complaints from users that various Google services were showing intermittent disconnects. I think we've tracked it down to the QUIC protocol not being accurately identified by the PAN firewalls and getting blocked. I see 443/udp tr

...

Reporting on Security/NAT Polcies and Hit Counts

Is there a way to export the current Security and NAT Policies to CSV, or even just PDF?

I need to clean up a dirty firewall that I inherited, but I need other teams to let me know what is active/inactive. Screenshots or CLI outputs can work, but I

...

Resolved! Statistics/reports on how much SSL-traffic you got?

Hi, any of you who knows if there is a whitepaper or such on how to generate a report or otherwise pick out the numbers/figures/graphs for how much SSL-traffic you got vs non SSL-traffic through a PA device?

That is both in bandwidth and number of

...

Policy Based Forwading Capability Question

Hello All, Was just wondering if anyone may be able to help with this our question.

Please see the attached High Level Diagram. Both Firewalls are PA 3020's with the full licence set enabled. We need to replace the ISA server which is not providing

...

Resolved! Multiple Tunnels with 0.0.0.0/0 proxy-ids

The scenario is 3 firewalls, with PA-HO acting as the hub and PA-1 and PA-2 as the branch sites. The Branch sites connect to the head office network via ipsec tunnels to PA-HO and vice-versa.

Due to multple dis-contigous subnets on the branches, it w

...

Resolved! About address and EBL limitation for maximum

Hello.

I want to know my question what address and EBL maximum from you.

1.

https://live.paloaltonetworks.com/t5/Configuration-Articles/Using-IP-Address-Lists-on-Palo-Alto-Networks-Policies/ta-p/57411

The above documnet describes " Each imported

...

Resolved! I want to know it is posible view the directory in where storage the logs /var/log/ Logs

Hi guys

Anyone know where is the path where the logs are stored FW CLI ?

I hope your commentes

regards

Resolved! Log timestamps

Hi,

My query is about how the Palo Alto firewall timestamps logs when it sends them to a syslog server. Does it stamp the logs with UTC (GMT) time or does it use the configured local time as the timestamp? I notice when reviewing logs on the device

...

Discussions

Radius Authentication - Passive Firewall

PCI compliance and port 443

Objects Tab and Policies Tab: Categories for Blocking/Filtering.

How to block access to internet based on User name and group

Does PA supports Agentless Remote Access VPN

Resolved! Does statistics for appid ssl include other appid's using ssl such as gmail-base, facebook-base etc?

Is there a vulnerability signature for apache commons collection?

Google QUIC Disconnects

Reporting on Security/NAT Polcies and Hit Counts

Resolved! Statistics/reports on how much SSL-traffic you got?

Policy Based Forwading Capability Question

Resolved! Multiple Tunnels with 0.0.0.0/0 proxy-ids

Resolved! About address and EBL limitation for maximum

Resolved! I want to know it is posible view the directory in where storage the logs /var/log/ Logs

Resolved! Log timestamps

HA4 firewalls

B2B VPN IKEv2 Fail with Amazon Private Cloud Peer

Help understanding Asymmetric Path issue

Can't import a certificate via XML API using C#

Unable to download new version

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

CVE-2024-3400 IOC's

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Failed to update content package

Re: Solution for "SSL decryption bypass for Anydesk"

Unlock your full community experience!

Resolved! Does statistics for appid ssl include other appid's using ssl such as gmail-base, facebook-base etc?

Resolved! Statistics/reports on how much SSL-traffic you got?

Resolved! Multiple Tunnels with 0.0.0.0/0 proxy-ids

Resolved! About address and EBL limitation for maximum

Resolved! I want to know it is posible view the directory in where storage the logs /var/log/ Logs

Resolved! Log timestamps