General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 82 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3327 Views
  • 2 replies
  • 14 Likes

Resolved! IPSec Transport Mode

I cannot find a way to configure the IPSec tunnel encapsulation to use Transport Mode versus Tunnel Mode in either the GUI or CLI ... anyone have insight into this?

aragone by Not applicable
  • 4603 Views
  • 4 replies
  • 0 Likes

Almost maxing ssl decryption settings

Hi,

We own a PA-2050 running version 5 of the pan os in a school.

I have recently noticed that we are now approaching the ssl decryption limits of the device. i.e. 977/1024.

Previously I didn't know that there was such a limit.

What is the best method to

...

leahy268 by L1 Bithead
  • 2892 Views
  • 4 replies
  • 0 Likes

How to allow a specific file extension

I work for a K-12 school district that uses a program that reads books to students.  The file extension is .kes (KES is a file extension that belongs to Text Files of Kurzweil Educational Systems) and is blocked in our file blocking profile as an Enc

...

almay by L2 Linker
  • 3434 Views
  • 2 replies
  • 0 Likes

Resolved! Deny Facebook Posting

I've been playing around with trying to block Facebook posting but allow all other access to Facebook. I setup a deny rule for the 'facebook-posting' app and then setup a rule below it allowing 'facebook' but, this doesn't seem to stop posting. The l

...

Ash2k by L2 Linker
  • 5329 Views
  • 3 replies
  • 0 Likes

Resolved! Two ISP connections - one primary / one guest network

Hello,

Today we have one interface designated as a WAN interface that manages our IPsec tunnels, GP Portal/Gateway, NAT for Websites, and business web browsing and needs.  We have a second internet connection that we use for a guest network that goes

...

cmateam by L3 Networker
  • 8250 Views
  • 8 replies
  • 0 Likes

Resolved! Transparent IP Mode Splice L3 Subnet possible?

I have a client that is currently using Sonicwall and wants to migrate to Palo Alto.  

Sonicwall supports Transparent IP Mode (Splice L3 Subnet) that basically can bridge the WAN subnet onto the DMZ interface.

Let say for example,

WAN Interface - 100.1

...

Resolved! cannot find matching phase-2 tunnel for received proxy ID

We have a site to site VPN setup that was allowing one IP. On the ipsec tunnel sec proxy-id allow local (10.1.2.1/32)  which was working just fine.

We had to recently allow two more IP's 10.1.2.20 and 10.1.2.75. I Changed the ipsec tunnel sec proxy-id

...

bino150 by Not applicable
  • 26572 Views
  • 7 replies
  • 1 Likes

ICMP Timestamps

Hi,

Can anyone please tell me if there is a way to stop my PA from responding to ICMP type 13 and 14 timestamp requests/replies?

Cheers

tezza by L2 Linker
  • 9652 Views
  • 8 replies
  • 0 Likes

Resolved! Aboute ACE exam and about the trainings!

Guys, I wanna to take an ACE exam and should to attand to the training courses. i've been told to attaend to the firewall configuration essentials Firewall Configuration Essentials 101 PAN-OS v.6.0 RevC training course, but i noticed also the follwoi

...

Resolved! dropbox - ssl decryption

Hey all,

I am using dropbox on my PC and ssl decryption has been enabled on my Palo Alto. I added my PA root cert to my trusted certificates on my computer and am not getting any complains from my browser when surfing to https websites.

However, my dro

...

bdeschut by L4 Transporter
  • 10095 Views
  • 6 replies
  • 0 Likes

Resolved! BGP Graceful restart in an Active/Passive cluster?

All,

Quick query, we are in the process of implementing a HA cluster that will be BGP peering with several upstream routers, both route import and export, and in trying to reduce the interruption due to a failover we are looking to implement the Grac

...

6.1.3 update issue: Threat database handler failed

Hey all-

I tried updating a test box to 6.1.3 and encountered the error in the title. Per other threads, I tried manually downloading the latest content version and installing but it resulted in an error during install.

Has anyone else encountered thi

...

SDorsey by L4 Transporter
  • 4816 Views
  • 3 replies
  • 0 Likes
Labels