This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4124 Views
  • 0 replies
  • 0 Likes

Some Applications not being submitted to wildfire

HelloI am testing my wildfire configuration .1- When I download wildfire test PE file , I get an entry under Wildfire submission log & data filtering log.2- I intend to test if copying the PE file is also caught by wildfire , so I download a new PE file from wildfire site on a machine that is not protected by wildfire , then copy it across...

Resolved! VPN clients IPsec vendors

Hi, We realised after upgrading to 7.1.8 when we access to VPN GP using CISCO VPN CLIENT (IPsec) is not working. In previous version was working. This is the error ikemgrlog: 2017-03-30 13:11:52 [PROTO_ERR]: isakmp_inf.c:1362:isakmp_info_recv_d(): delete payload with invalid doi:0.2017-03-30 13:11:52 [INFO]: isakmp_inf.c:1411:isakmp_info_recv_...

Map any TACACS+ user to local account

Anyone aware of how to map TACACS+ accounts to a single local account? For instance, I have my ACS server using AD for its user database. I created a policy in ACS to allow access to the PA if they are in a certain group. When I want to give someone access to the PA, I need to add them to AD and then create an account with the Auth-profile on th...

ddaloia by L0 Member
  • 4256 Views
  • 5 replies
  • 0 Likes

Resolved! DoS Protection

How do I go about triggering and monitoring DoS Protection in 7.1.5? I cannot find anywhere in the GUI to help me with this.

How to Safely Enable/allow Skype (URL filtering)

To allow skype you need to allow next applications in security rule:Next step you need to make URL filtering profile. Deny any categories. But allow next URLs:mobile.pipe.aria.microsoft.com*.microsoft.com*.skype.comocsp.msocsp.comlogin.live.comauth.gfx.ms*.skypeassets.comskype-m.hotmail.com*.messenger.live.comI hope it will usefull.

Снимок.PNG
Снимок.PNG

Resolved! Migrate Config between PA-500 and PA-2050

Hello, we own a PA-500 Firewall but are some Versions behind in the OS. Now we want to update it but got an downtime estmiate from our local Palo-Alto vendor from 8 hours. (From Version 5 to 😎 Since we have some 24/7 Callcenters in house that's not an option to have such a long downtime. We have the option to get a used PA-2050 for pretty cheap...

lenmar by L1 Bithead
  • 5018 Views
  • 7 replies
  • 0 Likes

Resolved! OCSP is incorrectly spelled OSCP in the documentation

C'mon guys, really? https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/authentication/deploy-shared-client-certificates-for-authentication https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/authentication/deploy-machine-certificates-for-authentication https://www.paloa...

DFrauzel by L0 Member
  • 4345 Views
  • 6 replies
  • 0 Likes

Considering Buying Palo Alto 800 Series

Hi All, I would like to request assistance from anyone who has had experience with different firewall vendors and currently is a Palo Alto firewall user as I'm not a firewall expert whatsoever. I'm considering buying a Palo Alto 850 Series firewall over a Fortigate 200E firewall to handle up to 1 Gbps of traffic with any and eventually all secur...

Techlove by L0 Member
  • 4030 Views
  • 2 replies
  • 0 Likes

GP upgrade beyond 2.2.x

Hi, I'm running GlobalProtect 2.2.1 on PANOS 7.0.7. I'm preparing to upgrade to 2.3 (and beyond) to finally support some newer client devices. This caveat in the 2.3 release notes made me pause: If your GlobalProtect 2.2 or earlier release configuration uses a gateway server certificate that is not issued by a CA that is trusted by your endpoin...

gateway.png
blankprofile.png
portal.png
portalagent.png
MCmgt by L2 Linker
  • 4222 Views
  • 6 replies
  • 0 Likes

Is Decryption needed without URL filtering?

Hello. We currenly have a Palo-5050 v7.18 doing firewalling and URL filtering.We have SSL decryption enabled. Because Palo does not support transparent authentication using Chromebooks and because we do not like the Palo URL reporting, we are looking at getting rid of the URL filtering part. Do we still need to have SSL decryption enabled for no...

dannon by L3 Networker
  • 2928 Views
  • 2 replies
  • 0 Likes

Captive Portal & Identifying Guests?

Hello,We have a guest network with a constant rotation of mobile phone users. Is there a way to collect some information about who these devices belong to, such as forcing the user to enter their e-mail or company name? Perhaps using the Captive portal? We need some way of identifying unauthenticated users.

Configure DNS Sinkhole with multiple IPs

Hello, I found this instruction https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891 which is great but how do I create the Anti-spyware profile for multiple IPs? I'm hoping I don't have to create one profile for each IP. Thank you in advance.

rullyk by L0 Member
  • 2775 Views
  • 2 replies
  • 0 Likes

Resolved! Flow basic

Will a debug flow flow basic show me if Im actually raching destination server? What I mean is if I have a server that is used for BAS_Filer mounts will it show me that Im not mounting to destiantion server that does the actaul mount? I know the pack captuer drop will show me but curious if flow basic will show it? I dont want ot set it up if ...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks