This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

Resolved! Debug TAC commmand

Hi I have a pair of lab boxes and looking to test the debug TAC -login and TAC-response commmands. My understanding ia usually TAC provided a password to unlock the data is it possible to get a test password for my company to use? We do not require TAC support but just looking around at different feature and what's there to view.

Resolved! Difference between Aggregate and Classified DoS Protection

Hi Folks,I tried a lot to get my head around Aggregate and Classified DoS Protection. For some reason, i haven't been able to understand the difference. Tried looking into the knowledge base, but nothing helped me. Could someone please explain in short what the difference is.Thanks in advance.Regards,

Resolved! External email attachments

Hi everyone,We allow our users to check personal email externally(gmail/yahoo/etc). I'd like to prevent them from downloading attachments from these external emails if possible. Can this be done and how? Reason being, downloading attachments directly to the desktop bypasses our other lines of defense. We'd like to force them to forward said mess...

Crash28 by L1 Bithead
  • 4929 Views
  • 4 replies
  • 0 Likes

Idea to use Palo Alto for IDS replacement

I have a idea to use the Palo Alto Firewall Vulnerability Protection Profile has a IDS sensor. Here is the idea I have what to run this by anyone. Also need help to know if this will work. Vulnerabilityvulenerability Protection ProfileCreate a RuleRule Name: IDS TestThreat Name: anyAction: AlertHost Type: ?Category: brute-force, DOS, scancreate...

Intermittent SSL

SSL traffic stops after about 45 minutes and is restored in about the same time frame (maybe longer). Firewall is not configured to decrypt. HTTP traffic has no problems. Just deployed (test network) low use firewall (3050) running 7.1.7.

Tom-T by L1 Bithead
  • 5222 Views
  • 9 replies
  • 0 Likes

Drop_update

Hi, I've just created a new node and I'm seeing events such us: DROP_UPDATE on aggregator type. My miner has all domain list but the aggregator has this meessge with "drop_update", do you know it??? Why??? Thanks a lot

SantiBT by L2 Linker
  • 5825 Views
  • 5 replies
  • 0 Likes

Resolved! Proper procedure for updating an extension

I tried this and it seemed to work, just want to be sure it is the right procedure. 1. Disable/delete existing extension wheel 2. Upload/activate updated extension wheel Is there any negative impact on the nodes using the prototypes and classes of the removed extension between steps 1 and 2?

MineMeld not updating Office 365 IPs or URLs

Hello Everyone, Two days ago I installed MineMeld so that we could use it to "mine" the Microsoft maintained XML for the latest Office 365 IP addresses and URLs. The first night It appears it worked as expected. However, I have not been able to get it to run again. When I try to do a run now, I get an error that states: Error Hupping Node:...

NickD. by L0 Member
  • 4900 Views
  • 1 replies
  • 0 Likes

Upgrading Panorama

Hi Guys, I'm planning my panorama upgrade from 6.1.8 to 7.1.x, before starting with process, i want few doubts to be cleared. 1. My firewalls are still on 6.1.8, as per the PaloAlto documentation, after upgrading Panorama, it won't effect firewalls and keeps collecting logs. 2. While upgrading, during upgrading activity my firewalls will lost co...

Resolved! Firewall bypass due to Java/Python FTP Injections

Hi. Reading the article below on firewall bypass I was wondering if Palo Alto Networks by default blocks active FTP connections. http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html That would mitigate the threat. Anyone an idea?

quizizz.com mobile website will not display pictures - app-id blocked as snapchat

We have teachers trying to use the website quizizz.com and the kids can't view the pictures on their phones, the questions come through but not the images. The desktop version works fine. When I check the firewall logs, it shows an app-id block for snapchat. I am not using snapchat on any of the test devices. Has anyone else had this issue w...

pko by L1 Bithead
  • 3156 Views
  • 1 replies
  • 0 Likes

Configuring multiple OSPF areas with a single L3 interface

I am trying to redistribute EIGRP routes from two AS numbers into OSPF so that my PA can learn the proper routes to the rest of the network, but I am running into a stumbling block since I only have one L3 interface connected to my internal network and the PA firewall will only allow a single OSPF area per interface. The PA is at a remote, unma...

breedend by L1 Bithead
  • 4639 Views
  • 2 replies
  • 0 Likes

BGP routing question.

I have multiple sites (50+ tunnels) doing ebgp with palo alto(VM-100). So PA is learning smaller subnets from all sites which are known to each other by bgp.Additionally connected aws doing ebgp which is all good. But number of bgp routes advertised to aws goes above 100 bgp drops( aws can’t accept more than 100 routes).aws can’t accept default ...

Skype, teamviewer and file transfers

Hello community,I know that this topic was discussed many times, but the issue is still relevant.Is there any possibilties to block only file transfers in applications like Skype or Teamviewer?APP-ID don't have these specific subapps and file blocking profiles is useless for this task.How are you fulfilling this task?

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks