This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

Policy Rules order

Hi there, if we are going to the tab "Policy" we will see 7 different sub tabs. The tabs are: SecurityNATQoSPBFApp OverrideCaptive PortalDoS Protection So I know for example that Security rules are always checked before NAT rules but whats about the rest? I spent planty of time google for this information but without success.

Rboehme by L2 Linker
  • 3537 Views
  • 3 replies
  • 0 Likes

Resolved! SMTP Inbound Decryption

We have decyption turned on for inbound smtp trafffic. It is only decrpyting a portion of the encypted traffic. I have an open ticket with support but still working through it but I wanted to check to see if anyone else is experiencing issues. I do not believe it is something misconfigured on the firewall as it decrpyts as expected sometimes. T...

Capture_decrypt.PNG
clewis1 by L3 Networker
  • 3951 Views
  • 2 replies
  • 0 Likes

Palo alto networks Problem Session out

Hello , I have a problem with my firewall PA-200. When I try to open the GUI , I found an error message with a session out . You can find in the attachement this error message . I read that may be this problem can be related to the disk space. I do a show disk-space command and i found the the result in the attachement . Any one can help me to ...

Session Out.JPG
disk-space.JPG
Mariaa by L1 Bithead
  • 2837 Views
  • 4 replies
  • 0 Likes

Resolved! ARP table cache "incomplete"

Hello All, Need some clarification on ARP table. For some reason, once we swapped the devices from 2020>3020 our ARP table is seen as incomplete but services are working fine withing on that particular external subnet (before they did but we use gratuitous arp) . Also the time out of the "incomplete" entries pretty much a second ( ttl =1): ...

ARP entries_hidden.PNG

Concurrent users cannot connect

Hello, GlobalProtect GW with x-auth is enabled for IPsec VPN client services. However, only one concurrent session per user is allowed and any subsequent sessions disconnects the previous session user. Same issue happens whether the user is a local account or an AD account. We need to have multiple sessions running with the same user account. An...

Farzana by L4 Transporter
  • 7735 Views
  • 13 replies
  • 0 Likes

Issues with enumerating UPN

Does anyone have any experience with configuring VPN to use the UPN instead of sAMAccountName? I'm trying to get a configuration working using a Radius Multifactor system that requires the UPN, and while I can get that part to work, I can't figure out how to control access to the VPN via AD group membership. If I put AD groups in the allow filte...

Resolved! Testing Performance

I would like to get to know which specifc traffic is being checked by specific features of Palo-alto NGFW. To be more precise after enabling all the features on the device which traffic is being checked by URL filtering , IPS Anti- Spyware and other features. The traffic must be using specific ports?

luk by L0 Member
  • 3717 Views
  • 4 replies
  • 0 Likes

Tips & Tricks: Using URL Filtering to Globally Block URLs but Allow Other Traffic

Under the URL category of "educational institutions"(set for alert) we are generating a enormous amount of logs identified with an application of “windows-remote-management”. I currently have modified that category to "allow" which eliminates all logging of that category. What I really would like to do is define the category back to alert, but ...

identify interfaces where mtu is being exceeded

Hi, wondering if someone might know how to see counters for flow_fwd_mtu_exceeded for a specific interface. Our firewall's global counter is increasing using this command: show counter global filter packet-filter yes delta yes but I'd like to know which interface(s) the problem is on. Thanks in advanceMike

Resolved! M-100 default log collector

Hello, in the followind doc, Firgure: Single Default Log Collector per Collector Group.Looks like we can assign Firewalls to send logs to the Primary Panorama, Also it looks like we can assign firewalls to send logs to only the Secondary Panorama.https://www.paloaltonetworks.com/documentation/70/panorama/panorama_adminguide/manage-log-collection...

Kaliman by L2 Linker
  • 3828 Views
  • 3 replies
  • 0 Likes

Resolved! Block YouTube--Allow Google.com

We have 1 user who is abusing Youtube. I need to block this person from YouTube but still allow this person access to google.comI tried a URL filtering policy but it also blocked access to google.com.Is there a document or a video of how to perform this task? I am running PAN OS 7.1 Thank you

Resolved! Active/Passive HA - Technical details: "How does it work?"

I manage our active/passive HA pair of PA-3050 firewalls currently running PAN-OS 7.0.8. These were migrated a few years ago from PA-2020 devices that were put in by a previous network administration regime. Our current network administration team is asking for technical details on how active/passive HA works on the PAN equipment, but I don't k...

Wildfire Alert reporting source and destination NATs that aren't configured on associated firewalls

Greetings, We've had several Wildfire Alerts that show both the source and destination addresses translated yet NAT is not configured. For the subject data flow, the source is an external network for which we have no control. The destination is our client. The Alert shows that that the Source address is being translated to another address tha...

Resolved! Panorama M-100 - Led Red Alert

Hi, I have a Panorama M100, the device lost connection, neither couldn't be access by console, so we don't make any changes. Then we reboot and connect keyboard direct to appliance and we choose option F1, whit that, the device Started working and recover the access, but now the device show up a led red alert. that it means -- System Health Indi...

ERROR INICIAL AL CARGAR PANORAMA M-100.png
sdsadasdsa.jpg
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks