This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4227 Views
  • 0 replies
  • 0 Likes

Vwire design considerations and issues

We recently purchased a pair of PA-5050s, and had a VAR implement the design recommended by our Palo SE. This design has lead to many challenges and issues, and I'm now questioning wether we made the right design choice. Prior to purchasing the Palo, we've been using a Cisco ASA, impletmented in the traditional manner, placed on the perimeter wi...

dbrody by L1 Bithead
  • 5420 Views
  • 5 replies
  • 0 Likes

Application incomplete Site to Site VPN

Greetings, I wish to run an issue that one my sites is experiencing with a site to site VPN. The issue that is experienced is that some applications mainly mail application will show up in the logs as incomplete. I will aim to give you the full picture of this so you can understand the setup and hopefully advise of a solution. (Working Site)SITA...

Resolved! Custom url feeds

Is there any sort of documentation surrounding things like adding a custom url in? I'm thinking I'll have to dig into the file system but was wondering if there is anything documented as to what to do. Say I have an ip list at http://somefancywebsite.com/directory/badiplist.txt I wanted to throw into the mix here. Is there an easy way to do th...

chirss by L3 Networker
  • 5667 Views
  • 3 replies
  • 0 Likes

Misidentification on App-ID

Has anyone experience the App-ID misidentify existing Apps? Here is the problem we are having. I have rules allow SMTP (Application-Default) from the Mail Firewall to Exchange. Since yesterday (9/21), the firewall is identifing all the SMTP traffic as Unknown-TCP (25) and drop the traffic. We are running 614-3540 as the Application and Threats, ...

Remote access to PA box when internet connection is broken (PANOS update failed) - how to?

Hello Since month I have remote branch and PA200 there. Today I decided to upgrade from 7.0.9 to 7.0.10. According to change log 7.0.9 should fix upgrade problem, but something went wrong and I havent acccess to my device.Today I will solve my problem using car and long trip but for the future I'm looking for cheap and resonalble solution. Juni...

_slv_ by L4 Transporter
  • 3516 Views
  • 5 replies
  • 0 Likes

PAN-OS 7.0.9 any issues on PA-5050?

Hi Guys, Looking to upgrade HA pair active/passive from 6.1.12 to the 7.0.9. Anything that l should be aware of. I am checking known issues and release notes. Same for the security advisory. But maybe something from your experience (issues that currently reported but will be fixed in the next release) Thx,Myky

VPN / Proxy Traffic

We can see traffic associated with VPN and Proxy but this information is not included in reporting. (ex. Hotspot Shield)

Resolved! Determine type of data

Minemeld seems very nice, I'm trying it out in a vm. One thing I'm having a problem with is determining if the information retrieved is going to be an IP list or domain list. Does the processor care if it gets multiple kinds of data? Any other tidbits of information would be beneficial. Thanks!

chirss by L3 Networker
  • 3990 Views
  • 3 replies
  • 0 Likes

Netflix iOS tcp-rst-from-client

I'm having an issue with Nexflix not running on an iOS device behind a new PA install. Basically no filtering should happen from the PA at all; Nexflix runs fine with no PA in line. The configuration, which has most other applications and web access working: PA-3020, V7.1.4-h2 with 610 definitionsVirtualwire mode, with allow any, no profiles or ...

stuart.l by L2 Linker
  • 4094 Views
  • 1 replies
  • 0 Likes

Resolved! IKEv2 and PPPoE

Hello, Is there a limitation within the ipsec subsystem on the PA? Not being able to assign the ip address assigned to the unit via PPPOE to the tunnel. As below I have setup a static address on the interface, which is not available above: Thanks in advance.

IKE.png
Farzana by L4 Transporter
  • 5013 Views
  • 3 replies
  • 0 Likes

Resolved! Handling Google Mail (1e100.net)?

So our organization makes use of Google's cloud services as our email provider and it's a nightmare trying to control on the PA's as they don't accept wildcard's for IP's nor FQDN's. Challenge here is Google seems to send emails (SMTP) to every **bleep** *.*.*.26 and *.*.*.27 address on the planet (1e100.net servers) and gets old coming in ever...

PeterT by L2 Linker
  • 12565 Views
  • 11 replies
  • 0 Likes

Validation Error: profiles -> url-filtering -> <profile> -> license-expired Not available for PAN-DB

If during the switch from Brightcloud to PAN-DB the URL categories fail to migrate you will get a commit error on each profile that retains the Brightcloud URL categories. Validation Error:profiles -&gt; url-filtering -&gt; &lt;Profile Name&gt; -&gt; license-expired Not available for PAN-DBprofiles -&gt; url-filtering -&gt; &lt;Profile Name&gt; ...

Walhovd by L0 Member
  • 3940 Views
  • 1 replies
  • 3 Likes

GP Disconnects

Greetings, I am not sure if someone else has come across this issue before with global protect and just wanted to run by some of you guys. The issue that I am having with GP is that it randomly disconnects. The VPN connection perform fines when under relatively light load with no issues or disconnects. The issue arises when you begin to push the...

Traps - Change existing rule ID number

Hello All, It would seem to me that you are unable to modify the rule ID value of an existing policy in traps.Has anyone had any experience with this? I suspect you would be able to export the rule set, modify the XML, then re-import, but I was hoping for a way to just modify the ID number in console. Issue being, that although when new rules ar...

Ronen by L1 Bithead
  • 1997 Views
  • 1 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks