This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Resolved! Best practice for assigning IP addresses to HA1 and HA2 on directly connected PA3050's

I am setting up HA on two PA3050's. They are racked one above the other and will be directly connected HA1 to HA1 as well as HA2 to HA2. However, the management ports are connected into a pair of Cisco 3750's stacked. My question is, what is the best practice for assigning IP addresses to these interfaces? My thoughts are to allocate two addr...

fcrooks by L1 Bithead
  • 7945 Views
  • 3 replies
  • 0 Likes

Management Profile and Security rules

Hi There,I got a question, on non-mgmt interface firewall, I configured a management profile to access SSH and HTTPS do I need to allow the security policy explictly to access firewall ?

Rokkam by L0 Member
  • 4116 Views
  • 2 replies
  • 0 Likes

Resolved! Check software update failed

Hi all! I have this problem: when i check new software updates, clicking "check now" button, this error appears: "Failed to check upgrade info due to generic communication error. Please check network connectivity and try again." Doing a traceroute we see that after the 17th hops the trace stops, all the ping are unsuccesful17 * paloaltonetit-5....

DKanta by L2 Linker
  • 27853 Views
  • 16 replies
  • 0 Likes

Resolved! How To Best Control Access to SFTP Server in DMZ

I have an interesting problem. There is a requirement for moblie devices (Throughout the Us and Canda) to access an SFTP Server from the Internet and upload files to it. No other devices are allowed access, from the Internet, to the SFTP server. The mobile devices will not have stat IPs but dynamic ones. The will of course not be part of our Win...

vsys CPU utilization

Just wondering if the more vsys you add, how much more CPU utilization or resource utilization will be used? Does the more you add degrade the system at all? I'm looking at a 5060 or a 5560 with at least 7.0 OS. Is there any documentation that states this?

Anyway to block Webex plugin?

After hearing the news that the Webex extension in Chrome has a serious vulnerability is it possible to block this at the Palo Alto? http://arstechnica.com/security/2017/01/ciscos-webex-chrome-plugin-opens-20-million-users-to-drive-by-attacks/?comments=1 Either through an App policy or even better a threat signature? Thanks

pmc by L2 Linker
  • 5645 Views
  • 4 replies
  • 1 Likes

Use wildcard in user/group based policy

Hi,We have a Splunk Server that sends to your id-agent (on a windows server) the information of guest users.Now on PA We can se user@acme.com in the logs, is possbile for us create a rule for all users from acme, without define each user? So a group policy without LDAP group.We want to set in the field "source user", something like *@acme.com.It...

Resolved! ssh problem on mac os x

Hey guys, I have such a weird problem. A user has to connect to a samba server. He does it on his mac with cyberduck, Port 999 and ssh. in the monitor, the application is "incomplete", the action is "allow", and session end reason is "aged-out". Currently, the concerning firewall policy to this public server is any app and any service. However, ...

MPI-AE by L4 Transporter
  • 8502 Views
  • 12 replies
  • 0 Likes

Netflow bandwidth usage and link-aggregation

We've added a netflow server profile to 4 sub-interfaces on ae1 that connects ISP. The netflow is then reported to Solarwinds where we have poll and collect netflow from these sub-interfaces. But we are also seeing notifications i Solarwinds that all the other sub-interfaces on ae1 (and an additional link-aggregation ae2) sends unmonitored netfl...

one globalprotect client two portals

I have two global protect portals one for staff and one for contractors. I regularly have to test both and the only way I have found to do it so far it to change the portal name on the client. Is there anyway to add both portals and toggle between the two like you can to on the cisco vpn client?

jdprovine by L4 Transporter
  • 3664 Views
  • 5 replies
  • 0 Likes

Virus/OSX.WGeneric.lcwwz

IP address (IP: 4.35.21.146) is pushing out a Google update (url:GoogleSoftwareUpdate-1.2.7.43.dmg) but Palo Alto show it as Virus (Virus/OSX.WGeneris.Icwwz)

shekeba by L0 Member
  • 2105 Views
  • 1 replies
  • 0 Likes

Firewall optimizer

Any one out there using firemon or algosec to optimize your firewall? I am interested in your opinions whether you like it or not and which one is better or if there are other options

jdprovine by L4 Transporter
  • 3546 Views
  • 6 replies
  • 0 Likes

Packet Routed to Different Zone counter incrementing

I"ve been seeing on untrust interface count of Packet Routed to Differenet zone increasing.I've been facing issue with browsing for few minutes. When i browse websites it shows "connecting" n browsing will be slow.After 2 minutes browsin will be fine. I'm not able to trace the issue.When i see count on interface of untrust " packet routed to di...

Does Global Protect check connection quality and switch portals if needed?

Is it possible to make Global Protect check someone's connection quality and if the quality is better to another portal, then switch to that one seamlessly? Say we have users connected to a portal in Los Angeles and the connection becomes less than acceptable, is it possible to make the GP client automatically connect to our NY portal if it has...

abrrymn by L0 Member
  • 2876 Views
  • 3 replies
  • 1 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks