This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

security policy order not working.

I have a policy from trust to untrust any any allowed. I have cloned this policy and put on top of this with address -test and deny 2 applications. This address is an ip for eg. 192.168.1.26 which is reserved in dhcp. But I can see apps being access via any any policy. Should the address be blocked using block policy.

No direct access to local network

Hi team, Good day!As I have understood, this feature will provide compulsary full tunnel and all my traffic will be set to inspection by firewall. I won't be able to access anything local. Can anyone confirm.

yadsingh by L2 Linker
  • 5088 Views
  • 2 replies
  • 0 Likes

CLI question - What's the difference between: "receive errors" and "receive incoming errors"

Hi There, We haev aggrgate interface called ae2, and we have some problems with the traffic related to this interface so we run the commnand show interface ae2and show interface ethernet1/3 (which is one of the interfaces inside ae2)(the ouput is down) can someone please tell me the difference between: "receive errors" and "receive incoming erro...

reshef by L1 Bithead
  • 8899 Views
  • 5 replies
  • 0 Likes

best design for a small network

Good morning, We just got a Palo Alto Firewall for a small testing lab with several virtual servers and clients. The firewall will be then connected between the lab and our ISP gateway. Most of the network traffic will be internal, since the clients will be connecting to the servers with a switch, and the switch will then be connected to the FW....

Perseus by L1 Bithead
  • 4044 Views
  • 4 replies
  • 0 Likes

VRRP other devices

Hello Guys,I´m new in the world Palo Alto, my company partner is now Palo Alto. I have not found documentation, but it is possible to utilize protocol VRRP in PA-5050 with equipment other manufacturers? Thank you.

Default Management Ports in PAN OS 7.1

Hi all The standard guide for configuring a PANW Firewall to allow access to HTTPS/SSH etc from the outside has been this link: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Change-the-Default-Management-Port/ta-p/62333 But with the release of PAN OS 7, the provided instructions no longer work. A loopback interface cannot sh...

Resolved! www.myhomeenergy.org.uk

Hi guys, Can anyone do me a favour and navigate to http://www.myhomeenergy.org.uk on IE through a Palo. Does this work for anyone, or do you get a "Page not displayed"? Kind regardsJack

DNS Sinkhole Intended Destination

I've configured a DNS sinkhole in our PAN firewall, and it's helped our department identify machines that are trying to reach out to malicious domains and such. Is it possible to identify the original, intended, destination that the user was attempting to reach when they became innfected?

Resolved! Scanning AntiVirus through SMB

Hi guys, As a "test" I have isolated one of my test servers so that all traffic flows through the PA-500.On this test machine I installed IIS and set-up a simple ftp and websiteThis website folder is also accessible via a share. The policy rules to and from this test server hold the AntiVirus Security Profile with both http, ftp and SMB to "def...

Lync (Skype for Business) Across Organisations

Hi guys, Is anyone else having issues using Lync (Skype for Business) when messaging, or sending file transfers, to someone in a separate Skype Organisation in an external network? Not sure if this is a bug or not, as the application is being seen as Incomplete, and looking at Packet Captures the SYN ACK isn't being received. Kind regardsJack

VPN between 2 Palo Alto Firewalls

Hi there, I am trying to setup VPN between 2 Palo Alto Firewalls. On one side I have public address but on the other side I am using a private ip address as this Palo Alto is behind a router. The VPN is not coming up. I also tried to do port forward from the router to the Palo Alto but still no success. What am I doing wrong here guys or will it...

Active/Active HA managed by Panorama

In the Active/Active HA setup, there is an option to "Enable Config Sync". In the past I have used this because I didn't have Panorama. Now I have a new set of PA5050s that are running in Active/Active mode and we purchased Panorama to go with it. My question is should I enable the config sync? Or should I disable it since Panorama pushes to...

Resolved! Application Block Page

I have a question. How does application block page work? I have it enabled but it doesnt seem to work. User gets app denied by certain policy, it shows Monitor/Traffic that he is indeed denied but instead of getting app block response page he gets a blank page. Does application block page work only with http and not https traffic?

Marcin by L0 Member
  • 5131 Views
  • 3 replies
  • 0 Likes

Large Scale VPN (LSVPN) - Opinions from end users?

I'm looking for feedback from customers who have deployed LSVPN on PAN-OS firewalls. I'm getting ready to rebuild a highly manual, semi-fullmesh VPN infrastructure of abotu 10 sites. Yes, I have a mess on my hands. I am planning on a dual-hub and spoke model. The dual-hubs are two datacenters that are connected via IPSEC between them. Each of th...

rpugh1 by L0 Member
  • 2984 Views
  • 2 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks