This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4140 Views
  • 0 replies
  • 0 Likes

Resolved! URL Filtering vs. Dynamic Block Lists

Does URL Filtering override Dynamic Block Lists? Say an IP address is listed in the Dynamic Block Lists but I want to allow access to a specific URL that resolves to that IP address. Will whitelisting the URL allow access or will it still be blocked until it's removed from the Dynamic Block List? What get's applied first?

Rate Limit Per user on PA200.

I have PA200 runing PANOS-7.0.6 . Is it possible to rate limit per user. One of the user downloaded 4x1gb files and caused net congestion for other users.

Resolved! Use Google translate to uncover a world of porn you would have otherwise never seen

I got a ticket sent to me from my help desk in regards to students being able to get to pornographic pictures by using Google Translate. I did some search and I came across this article on Reddit. Has anybody come across this? It looks like some schools have blocked Google Translate for this reason. I hope there are other options, but it may com...

bbilut by L3 Networker
  • 17926 Views
  • 4 replies
  • 0 Likes

Sort ascending or descending in Custom Reports

I am trying to write a Report that shows the least number (e.g. 50) of used rules in my firewall. The sort feature in the custom report builder only is sorting from largest to smallest. I can't see how to reverse this. Anyone know?

merrick by L1 Bithead
  • 2679 Views
  • 1 replies
  • 0 Likes

Best Way For Configuration of 5 PA-200 Before Shipping To Remote Location

The next big project, regarding Palo Alto, is deploying a total of 5 PA-200’s. 4 will be located in 3 different locations in Mexico. 1 Mexican location will have 2 PA-200’s setup in HA mode. The remaining PA-200 will be deployed in Managua, Nicaragua. They all will be configured with Wildfire, Threat Protection, URL Filtering and Global Protect....

Can't access management when PA200 is in line

I have a PA200 and when I only have the management port plugged in, I can access the management interface. When I put it inline and have production traffic running through it, I'm no longer able to access the management interface. I have two NAT rules: one for a Playstation and one for general outbound using DIPP. I need to do some troubleshooti...

kbreit by L1 Bithead
  • 3201 Views
  • 3 replies
  • 0 Likes

Resolved! OSPF Link State Database Overload Protection for Palo Alto Firewall

Hi, We're migrating from a Cisco ASA to a Palo Alto firewall device. I had a query about the OSPF Link State Database Overload Protection for the Palo Alto Firewall The Cisco ASA firewall provides OSPF Link State Database Overload Protection using the max-lsa commandHere is the Cisco reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feat...

mskpalo by L1 Bithead
  • 4246 Views
  • 4 replies
  • 0 Likes

Active Directory group naming scheme

Hi all,I'd be interested to here is anyone has come up with interesting naming schemes for AD groups used within Palo Alto firewall policies.I'm looking for inspiration as I'm looking to come up with a logical scheme on our end. Cheers.

Local admin account locked

I have a cluster of two Panorama systems. When I try the local admin account on the primary-active node the system generates a log entry saying that 'failed authentication for user admin. Reason: User is in locked users list. The same account name and password works on the secondary-passive node though. Any idea what's going on the admin acc...

Resolved! test custom-url command with Panorama deployed rules.

I'm trying to test a few urls in a custom url category I have deployed on my FW, but am unable to get to work. All my rules/objects are pushed out via Panorama and it seems as though the command only allows you to test locally defined rules (i get an error when specifying the rule name unless i use a local one). I don't see this test custom-ur...

chrisp by L3 Networker
  • 5092 Views
  • 5 replies
  • 0 Likes

SSL Inbound Inspection

Hi,I have setup a decryption policy to decrypt inbound SSL traffic for the Exchange web mail server. However, when I check the logs I see only some traffic as decrypted and some arnn't. Refer below screenshots,Why isn't the policy not decrypting all the traffic?I'm trying to decommission the Microsoft ISA server used as reverse proxy for Exchnag...

Shayan by L1 Bithead
  • 7248 Views
  • 6 replies
  • 0 Likes

GlobalProtect with X-Auth split tunnelling

Hi guys,I'm working on a GP portal and gateway configuration, in order to provide to the customer full compatibility with the old vpn clients (ex: cisco) I enabled X-Auth support on it. The client with a third party software authenticates but it always gets a default route 0.0.0.0 and not the single networks specified in the GP Gateway-->Clie...

  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks