General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 195 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 878 Views
  • 0 replies
  • 0 Likes

Tool to help map out your PA configuration

I need to go through my PA and map out the security zones, NAT rules, and so on that have accumulated over the years and I need a tool to help me scrub through the configution and sort out what is going on.  I heard there was a tool called Clikr or C

...

RustyPA by L1 Bithead
  • 4401 Views
  • 4 replies
  • 0 Likes

Palo Alto as a DNS Server

I have a very small network without a DNS server and I'd like to if possible use a PA200 as a DNS server.  I want to try to create static DNS entries for a few hosts on the PA, then point those hosts to the PA as their DNS server.  Does this work?  A

...

RustyPA by L1 Bithead
  • 3336 Views
  • 3 replies
  • 0 Likes

scp export with unexported-only option

Hi,

I would like to know how to use the unexported-only feature with this command:

scp export log traffic to user@ip:/path/test.csv start-time equal 2016/08/14@00:00:00 end-time equal 2016/08/14@23:59:59

 

Also is it possible to invoke it through the API

...

amagri by L1 Bithead
  • 4103 Views
  • 4 replies
  • 0 Likes

Static Routes not Working

I have a network with in my network that I am trying to control access with user-id in the palo alto.  Before I can do this I need to get routing working.  The routing works just fine up to the palo alto in my test environment.  Each interface can ta

...

trees by L1 Bithead
  • 7765 Views
  • 4 replies
  • 0 Likes

application not working.

I had a customer connecting to an application from trust to untrust. It was working and then suddenly stopped working.

I could see in the logs it was coming as port 443 and application -incomplete and then next day it started working with port 443 and

...

about mtu

Hello all,

 

There is a problem with a smb traffic(very very slow)

For the related source and dest. ip address 2 filter is configured and show counter output has :

 

flow_fwd_mtu_exceeded 9 3 info flow forward Packets lengths exceeded MTU
flow_ipfrag_frag

...

PanIst by L3 Networker
  • 2154 Views
  • 1 replies
  • 0 Likes

Resolved! Blocking macro-enabled Office files (docm, xlsm, etc)

The available file types that can be filtered doesn't include Office documents with macros (docm, xlsm, etc).  These are being used now to sneak garbage into the network.  Is there a way to ID them or are they on the horizon for inclusion in the file

...

gleduc by L1 Bithead
  • 10415 Views
  • 4 replies
  • 0 Likes

Resolved! Domain names in Security Policy

Does anyone know if it's possible to use a domain in a security policy? I know that I can use FQDN but what happens if I need to allow a wider range, such as *.zoom.us? Can this be done or am I out of luck?

BPry by Cyber Elite
  • 4643 Views
  • 4 replies
  • 0 Likes

GlobalProtect - Client Certificates Deployment

Greetings,

 

I have used the following article to distribute client certificates for GlobalProtect:

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Issue-Certificates-to-GlobalProtect-Devices/ta-p/53642

 

My understanding is that with

...

Creid by L0 Member
  • 2168 Views
  • 2 replies
  • 0 Likes

QoS and interfaces - some conception advice needed

Hello

 

I will migrate fom PA200 to PA500. I have some local networks (DMZ, Wifi for students, Wifi for stuff, LANs)

I need to use QoS but I need some advice with that.

 

I know that I can controll only on outgoing interfaces but I have no idea how to get

...

_slv_ by L4 Transporter
  • 3264 Views
  • 6 replies
  • 0 Likes
  • 24011 Posts
  • 115 Subscriptions
Top Solution Authors
Top Liked Authors
Labels