This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

Automatic attack block

Occaisionally we get an attack from a single IP to one of our external servers where the attacker tries a whole bunch of known exploits. Is there anything like a "Zone Protection" for this type of attack? I'm looking for something where an external bad actor gets blacklisted for a period of time after it tries a number of expolits.

HIP without license

Is it possible to use HIP Profiles with just custom checks without a HIP license? (Sort of the way you can with URL filtering.)

MCmgt by L2 Linker
  • 2707 Views
  • 2 replies
  • 0 Likes

Resolved! How to keep overview on Security Policies

Hello, I´m in a project of migrationg a Juniper SSG to a Palo Alto FW. While migrating the existing policies I find it where confusing to list all policies in one list. Juniper separted the policies by the source an destination security zone. Is there any best practice to keep the security policies not confusing. How to group or filter them? Any...

Setting Up the PA-200 for Home Setup question?

Hey folks, Newbie here. 🙂 I had this going successful before, but after a factory default, not working for me for some reason. I've followed this helpful article before and worked on my first try, but not now for some reason.https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-Up-the-PA-200-for-Home-and-Small-Office/ta-p/61838 ...

PA13.jpg
PA7.jpg
PA1.jpg
PA2.jpg
OMatlock by L4 Transporter
  • 3066 Views
  • 4 replies
  • 1 Likes

VM-100 Virtual Wire doesn't show any sessions

Hi guys, I'm new to PA so I hope this is not a stupid question. I configured my VM-100 with two interfaces (plus manegment), the two interface were setup as Virtual Wire. I can capture traffic going through and everything works from a user perspective. However, I get 0 sessions on the FW and no hits on any of the policies. I even created an univ...

Hwinter by L2 Linker
  • 3753 Views
  • 5 replies
  • 0 Likes

Packets dropped: invalid interface (route to second public network in trust interface)

Hello All,My system is multi vsys environment, I need to route traffic from untrust to trust.My source is internet and destination is my second Public IP subnet in trust interface.I investigate and found log from Global Counters "Packets dropped: invalid interface". I try to add public ip to loopback and secondary ip but could not help. How can...

Capture.JPG
jocjak by L1 Bithead
  • 5197 Views
  • 6 replies
  • 0 Likes

IPv6 Point to Point prefix

Hi, Trying to setup a IPv6 Point to Point link between the PAN and SRX. Does PAN support IPv6 prefix like /127 for point to point connection? (Yes I read RFC 3627 -> RFC 6164 -> RFC 6547 already) Before any one starts about the IPv6 address space is so big, My idea is I can use the first /64 to indicate that is used for point to point and...

Cert key import

What is the best way to import a key for a globalprotect portal? I already have CA installed.

jdprovine by L4 Transporter
  • 6004 Views
  • 14 replies
  • 0 Likes

Some Applications not being submitted to wildfire

HelloI am testing my wildfire configuration .1- When I download wildfire test PE file , I get an entry under Wildfire submission log & data filtering log.2- I intend to test if copying the PE file is also caught by wildfire , so I download a new PE file from wildfire site on a machine that is not protected by wildfire , then copy it across...

Resolved! VPN clients IPsec vendors

Hi, We realised after upgrading to 7.1.8 when we access to VPN GP using CISCO VPN CLIENT (IPsec) is not working. In previous version was working. This is the error ikemgrlog: 2017-03-30 13:11:52 [PROTO_ERR]: isakmp_inf.c:1362:isakmp_info_recv_d(): delete payload with invalid doi:0.2017-03-30 13:11:52 [INFO]: isakmp_inf.c:1411:isakmp_info_recv_...

Map any TACACS+ user to local account

Anyone aware of how to map TACACS+ accounts to a single local account? For instance, I have my ACS server using AD for its user database. I created a policy in ACS to allow access to the PA if they are in a certain group. When I want to give someone access to the PA, I need to add them to AD and then create an account with the Auth-profile on th...

ddaloia by L0 Member
  • 4333 Views
  • 5 replies
  • 0 Likes

Resolved! DoS Protection

How do I go about triggering and monitoring DoS Protection in 7.1.5? I cannot find anywhere in the GUI to help me with this.

How to Safely Enable/allow Skype (URL filtering)

To allow skype you need to allow next applications in security rule:Next step you need to make URL filtering profile. Deny any categories. But allow next URLs:mobile.pipe.aria.microsoft.com*.microsoft.com*.skype.comocsp.msocsp.comlogin.live.comauth.gfx.ms*.skypeassets.comskype-m.hotmail.com*.messenger.live.comI hope it will usefull.

Снимок.PNG
Снимок.PNG

Resolved! Migrate Config between PA-500 and PA-2050

Hello, we own a PA-500 Firewall but are some Versions behind in the OS. Now we want to update it but got an downtime estmiate from our local Palo-Alto vendor from 8 hours. (From Version 5 to 😎 Since we have some 24/7 Callcenters in house that's not an option to have such a long downtime. We have the option to get a used PA-2050 for pretty cheap...

lenmar by L1 Bithead
  • 5147 Views
  • 7 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks