This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4245 Views
  • 0 replies
  • 0 Likes

Resolved! POP3, SMTP and IMAP setup

Hello, Our POP3, SMTP and IMAP is currently set to Default (Alert) in the AV profile. We have noticed malicious emails coming through and identified via Wildfire for staff using personal email addresses/computers using POP3 protocols? These personal computers are allowed on some of our remote sites. Should POP3/SMTP and IMAP be set to Drop-reset...

Antivirus.png
Farzana by L4 Transporter
  • 10502 Views
  • 4 replies
  • 0 Likes

Custom App-ID vs "Unknown-UDP"

If I create a custom app-id for an application we use, will it no longer match the "unknown-udp" (which we block)? Or do I need to do an application override as well?

Global Protect on MAC - How to Clear Cookie?

I'm running Global Protect on my Macbook. I have the gateway configured to accept cookie and set to 24 hours.For troubleshooting purposes I'm trying to figure out how to clear my cookie on my Macbook so it does not automatically connect.

craigkp by L0 Member
  • 5133 Views
  • 1 replies
  • 0 Likes

SKYPE

Why would a rule with app-id of skype show up in logs as ms-lync when Lync is not part of rule

Resolved! A little help with Subinterfaces and intraVLAN routing

I have a PA-3020 with fairly typcial config with a L3 untrusted interface and several trusted sub interfaces. I have a couple questions. Prior to this, I was doing my intravlan routing on my core HP2920 switch. My 192.168.123.0/24 network is the native vlan 1 which I understand to be always untagged. The .123 is my "original" network before I ou...

firefox_2017-03-22_06-35-32.png
Raland by L1 Bithead
  • 5247 Views
  • 4 replies
  • 0 Likes

User-ID agent upgrade consideration

Hello, I have two Palo Alto Firewalls, each running different software version, 7.1.5 and 7.0.7.Both firewalls connected to the same User-ID agent server. The User-ID agent version is 7.0.5-3 I am planning to upgrade one of the firewall from 7.1.5 to 8.0.1.Can I keep the User-ID agent 7.0.5.-3 or should I upgrade the User-ID Agent version to 8.0...

qafcopa by L1 Bithead
  • 3584 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect Agent captive portal Graceperiod timeout

Hello, When the Enforce GlobalProtect Connection for Network Access feature is enabled, we can define a Gaceperiod to allow users to temporary connect through a captive portal ( hotel proxy...) Maximum timeout, i can see is 3600 seconds (1 hour)... Which mean that users have 1 hour to connect through the proxy after which the Network Access will...

Issues with both client and clientless VPN on 220 running 8.0.1

Full disclosure: up until now, I've had zero practical experience with GlobalProtect. I've only worked with Pulse, Cisco and OpenVPN. I just deployed a 220 yesterday with 8.0.1 and am having a heck of a time getting GlobalProtect to work in either scenario. The Clientless lets me log in, but anytime I try to launch a published app or manually en...

bradk14 by L3 Networker
  • 7663 Views
  • 8 replies
  • 0 Likes

Response page are not display when using explicit proxy.

Hi everyone, I found the issue the response page not display when the client acccess ssl websites and using a web proxy via explicit mode.I already enabled policy decryption for all ssl websites.On a browser will display "page not found!" or "This site can’t be reached" when that traffic is blocked or drop by a firewall such as deny applications...

Kanitin by L1 Bithead
  • 3333 Views
  • 2 replies
  • 0 Likes

Decrypt-Error (SSL In bound inspection)

Dear Team , i am using PA 5020 BOX With PAN OS 7.1.5 when i am configure the SSL Inspection Inbound and create the Decrypt policy on the firewall so i am getting this error , could you please share the solutions to fix this error and share the configuratioin as well if you guys have . Thanks

Fahadvu by L1 Bithead
  • 3338 Views
  • 1 replies
  • 0 Likes

Exclude YouTube from Safesearch

Hi All, I have an issue with getting my PA to work in conjunction with Google Apps ( or G Suite) as it is now known. A little about the enviroment: Two group of users: Group 1SSL decryption enabledSafe Search disabledAllowed to approve videos in YouTube (see https://support.google.com/a/answer/6245597?hl=en) Group 2SSL decryption enablesSafe Sea...

stuart.l by L2 Linker
  • 2904 Views
  • 1 replies
  • 0 Likes

Resolved! PA200 - Configuring a static internet address

Hi there, This may seem like a stupid question, but we are switching ISP and they have given us a static IP because we use VPN etc. I'm configuring a PA200 and for the life of me cant figure out how to add the ISP gateway. Ive added the IP address and subnet to the interface socket (1/4) and DNS address (DNS PROXY) but i cant find where to add t...

can not install and not remove globalprotect

I work on a Vista machine and after using it succesfully for a long time, I had a problem with my GlobalProtect (it did not connect). I read somewhere it might help to uninstall it and then re-installing again, which I did. The uninstall was succesfull but something went wrong when I then tried to install it. Now I have a situation in which I ca...

Mister34 by L0 Member
  • 7534 Views
  • 3 replies
  • 0 Likes

Resolved! Configure NAT with multiple ports

Hello ocmmunity, Do you know if it is possible to do this in the firewall ?Name: NAT 1Source Zone: INTERNETDestination Zone: INTERNETSource Address: IP_PublicDestination Address: 1.1.1.1Service: icmp, tcp/5551, tcp/22, tcp/4443, udp/500, udp/4500Destination Translation:Device (10.140.2.1)+++++++++++++++++++++++++++++++++++++++++++++++++++++++++...

Apadilla by L3 Networker
  • 7936 Views
  • 3 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks