This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4147 Views
  • 0 replies
  • 0 Likes

Question to app dependencies

Hi guys!I'm new to Palo Alto.Scneario:I make a new rule from an inside zone to the internet with the app gmx-mail.gmx-mail depends on web-browsing and ssl.Do I have to add web-browsing and ssl to this rule to make gmx-mail work?Or could I make another separate rule where I'm allowing web-browsing and ssl?Thanks, Alex

MPI-AE by L4 Transporter
  • 3008 Views
  • 5 replies
  • 0 Likes

Resolved! Layer 2 and Layer 3 interfaces connected to the same switch?

I'm currently working on a migration project from Sonicwall (SW) to Palo Alto 3020 (PA) and I need to buy myself some time. For now, I'd like to place the SW inside of the PA so that LAN-WAN traffic will enjoy the benefits of Wildfire, Antivirus, App-ID, and threat detection. Things get a bit complicated, though, due to the SW doing NAT, Ipsec s...

Can't seem to connect to Cisco ASA

Using the following Phase 1 settings: I keep getting this error:Received unencrypted notify payload (no proposal chosen) from IP x.x.x.x[500] to y.y.y.y[500], ignored...orIKE phase-1 negotiation is failed. Unable to process peer’s SA payload.Check the IKE Crypto profile configuration to verify that the proposals on both sides have a common encry...

Capture.PNG
dclaro by L0 Member
  • 4393 Views
  • 3 replies
  • 0 Likes

Surveillance system

Has anyone here used a surveillance system?? I'm in need of a security system, but I don't have any idea on how to select the best one. I recently happened to read an article http://www.fire-monitoring.com/ip-cctv-moving-future/ and thought it will be perfect? Has anyone here used it before?? Any first hand experiences with them??

ConMac by L0 Member
  • 2407 Views
  • 2 replies
  • 0 Likes

Skype for Business using App-ID?

Does anyone have a definitive list of which applications are required for 365 hosted Skype for Business to work please? I'm using MineMeld to product a dynamic block list of the 365 Skype for Business IP ranges published by Microsoft and I've settled on simply allowing any application to that IP range (which to be fair isn't a huge concern to me...

Multiple WAN Interface Setup, different zones

Hi all I'm struggling to configure a VM-200 with multiple WAN interfaces. I've read a few forum posts on the subject and I understand the suggestions (PBF, 1:1 vs 1:Many NAT, etc) but the situation I'm in is a little different. We are running the VM-200 on a cloud platform, which has provided us two WAN IP addresses. These addresses are contiguo...

Send OSPF default route with PBR

I have a network were what I would like to have happen is that the PAN device tracks its connection to the internet and as long as that is alive send a default route to its neighbor. If that fails i would like it to stop sending that default route since the neighbor also has a default route that goes out an mpls link

Redundant IPSEC VPN with cisco and VPN monitor

Hello Experts I have PA on hub site and Cisco ASA at spoke site. At hub site, I have two ISP links, and ASA establish two IPSEC VPN with hub PA through both ISP, one IPSEC is primary and other is backup Now to failover, I am thinking to use VPN monitor on PA but what about I will do on Cisco ASA?

Resolved! IPSEC VPN negotiation without traffic

Hello Experts Is there any option to initiate a IPSEC VPN without passing actual traffic. Like in Juniper SRX, there is option "establish-immediately" or in Juniper Netscreen "rekey" option Regards, GR

Rule too allow access to group of URLs?

PANOS 7.0.4 and I'm struggling to do something that feels basic 🙂 I need to allow anything on the LAN access to *.sophos.com *.sophosupd.com*.sophosupd.net*.sophosxl.netocsp2.globalsign.comcrl.globalsign.comas per https://community.sophos.com/kb/en-us/121936 Right now we use captive portal but of course machines might try to update when nobody ...

Regex

Is there any specific regex pattern for Palo Alto ?i am trying to create a Regex that matches SSN but it doesnt seem to like it.It either errors out as it should be 7 bytes long or it is invalid.

Resolved! Order of different NAT

Hello Experts I am just wondering, what is the order of different NAT on same packet. Lets say I want to do destination NAT and source NAT for the same packet. What NAT will happen first destination NAT or source NAT?

Resolved! Destination NAT or Static NAT

Hello If I configured static NAT and destination NAT for one public service to be accessible from Internet. What type of NAT rule will be utilized by PA, I mean static NAT or destination NAT or it soley depends upon the order of rules?

Resolved! Proxy ID in SA?

Hello Experts I have site to site VPN between HQ PA and branch PA. I used the proxy id on HQ as Local: 172.16.110.0/24 remote: 10.10.10.0/24 and everything is working. Now brach office need to access another subnet in HQ that is 172.16.111.0/24. In this case I have to create one more proxy id on both side or just allowing this new subnet in appr...

  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks