This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Resolved! Parent Application Subtypes automatically allowed?

Hi All, In a security policy, if I allow Application "ipsec" with service as "application-default" then will the firewall also allow- ipsec-esp- ipsec-esp-udp- ipsec-ah- ike ? If you see applipedia, and if you search "ipsec" then you see the above mentioned 4 applications as sub-types of the application "ipsec". Hence the question. Same is also ...

Issue after Internet Upgrade

We recently installed a new 300/300 circuit and MIS router at my workplace. No IPs have been changed, but since the upgrade we cannot ping internet addresses, and our latency and speed results from speedtest.net are horrific (like 1000+ and less than 1/1 at times.) Strangley, the network isn't crippled, but it should be performing faster than ...

Lmg412 by L0 Member
  • 3034 Views
  • 3 replies
  • 0 Likes

Service settings in a NAT

I ran across this setting this morning- when setting up a NAT rule, you can specify a service or service group. Cool, but is there a reason to do that when a policy is necessary to open a service port?

cloughr by L2 Linker
  • 3877 Views
  • 3 replies
  • 0 Likes

Error Checking credentials - Gateway Timed out

Hi There, I have installed Minemeld on my Ubuntu Server 14.04.. And the service is up and running.. Wheneve I use the default Username and Password to logon to the console, it gives me an error "Error Checking credentials - gateway timed out".. I have also checked the file opt/minemeld/log/minemeld-web.log for errors ? but could not find ...

maltwist by L2 Linker
  • 24524 Views
  • 15 replies
  • 0 Likes

Resolved! Cannot find pan_packet_diag.log on PA VM

Hello, I am new to this forum so please bear with me. I would like to use debug log feature on my PA VM. I am able to turn the logging on with the following commands:debug dataplane packet-diag set logdebug dataplane packet-diag set log feature flow basic But I am unable to localize the pan_packet_diag.log file to view the logs. dp0-log does not...

HAL9000 by L1 Bithead
  • 6027 Views
  • 4 replies
  • 0 Likes

Global protect authentication LDAP not working fine

Hi, we have GlobalProtect configured using a LDAP group for authentication in the VPN "cn=groupvpnusers,ou=_generic_groups,dc=it,dc=xxxx,dc=local" When we commit this new config using vpn group in Auth profile, the GP authenticacion is working fine but 2-3 hours later it starts to fail and we get this error in all users in this group "failed aut...

Discussion on most stable PAN-OS image as of July 2016

I am going through some cleanup of our PAN firewalls. We have 8 sites with active/standby pairs of PAN's. The sites are connected with IPSEC VPN's. The code varies from 6.0.3 to 7.0.4 versions. What's your feeling on the most stable 7.X code as of now? Requirements: 1. I want to get to the newer/later code for encryption enhancements (Suite B ...

rpugh1 by L0 Member
  • 5340 Views
  • 7 replies
  • 0 Likes

VPN question

Hey there, I was curious if anyone successfully used another VPN client on their IOS or Andriod device that works. I was told that with X-Auth/IP-Sec the Cisco Anyconnect client worked but it appears that the new 4.0 client does not (am I wrong?). If anyone has had any success with another client I would love some input or feedback.Thanks,Matt

mjillson by L0 Member
  • 2016 Views
  • 1 replies
  • 0 Likes

Resolved! Blocking .docm files

Hi, we see a lot of files with extension docm attacking the mailserver via smtp and identified as malicious by wildfire. is there a way to simply block those files via File Blocking profile like we are doing for pe and other file types. The point is that there is no possibility to choose such file type in File Blocking profile. Any other idea? ...

Skype Enterprise

Hi,I need to create a rule to make run Skype enterprise. I don't find an app for skype enterprise so i tried to create a rule with only skype and ms-lync-online but it's deny with the destination port 5061...I don't understand. does someone has an idea about this subject ?Thks,

ALC_Palo by L0 Member
  • 2698 Views
  • 1 replies
  • 0 Likes

TRAPS and Reverse Proxy

Hello Folks, I have recently installed a ESM core and console server. I have added a URL re-write rule to allow my traffic to be proxied through this server. The issus is that the web based traffic is rewriting no problem. Its the communication on port 2125 that is being hindered through the reverse proxy. So I tried to specify a different port ...

Pokemon-go

The following custom application can be created on the Palo Alto Firewall to identify Pokemon-go traffic <application version="7.1.0"> <entry name="pokemon-go"> <default> <port> <member>tcp/443</member> </port> </default> <signature> <entry name="pok...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks