This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

Custom DNS name

We have a DNS name genieo that is not being recognized and is not included in the signatures. Two things first is there a way to identify it with a custome signature with the object/anti-spyware and then be able to send it to a sinkhole?

jdprovine by L4 Transporter
  • 5158 Views
  • 10 replies
  • 0 Likes

Related with QoS...

Hi,I'm trying to understand a QoS functionality, let's see if anyone can help on this case.I have a webserver on a DMZ and want to asure 15Mb from inside to outside, that is, in case of congestion in DMZ, priorize the Http traffic (respond http request).So, in this case, the server doesn't start the session, so, it,s possible priorize this traff...

ilnanu by L1 Bithead
  • 7176 Views
  • 8 replies
  • 0 Likes

FTP connections jumping rule

Hi, we have 2 rules. the first one filtering by application FTP and the second one with the same source/destination like the rule above and using any/any permit. We run ftp connections. all these FTP connections should match in the first rule filtering by FTP, but we see matches in the any/any rule too. In this rule should be match all t...

Captura1.JPG
Capturasegunda.JPG

Policy for AD authentication across zones

Trying to narrow it down and determine the minimum set of applications/services that need to be allowed for a user to login into a Windows 7 client in one zone and authenticate against a Server 2008R2 AD Domain Controller in a different zone? The Windows 7 client is a member of the domain. Need the ability for users to change passwords, access a...

MDM GP-100-MDM(vsys1): details: certificate chain has expired

We are receving this alert for the certificate expiration we have configured MDM with one of trusted root certificate (this got expired and we renewed that recently) MDM---->created with root-CA certificate certificate: --root-CA (this was expired but nenewed now) Another certificate( this is expired) but still we are getting th...

Port 4443

It has been noted that our global protect portal is reachable from the internet using port 4443 and is presenting a self signed cert which is seen as a security vulnerability. Can you let me know if port 4443 is necessary in terms of GlobalProtect connectivity? The below comes to mind, but does anyone have any suggestions? https://live.paloa...

Resolved! Changing Profiles assigned to security Rule

just in the process of switching to a vulnerability profile which is not shared to vsys specific vulneability profile. Is there an easy way to change a vulnerability profile in 250 security rules without having to manually visist every rule?

clewis1 by L3 Networker
  • 7881 Views
  • 3 replies
  • 0 Likes

Resolved! PAN-DB License not active

Hi guys, Applied two licenses to my devices in HA for a one months extension for PAN-DB URL filtering. I applied it to the passive first successfully (shows as active), but now the current active doesn't have an active URL license. I have followed the document below which is mainly to do with migrating databases, however we moved off of Brig...

What file type in the file blocking profile can be uploaded to wildfire?

Hi, I would like to don't upload email-link to wildfire cloud. Usually I choosed "any" for file types in file blocking profile. But I have to check each file types for except "email-link". What file type I should choose? Currentlly, there are 81 file types in pull-down menu.. apkaviavi-divxavi-xvidbatbmp-uploadcabcdrclasscmddlldocdocxdpxdsnd...

Mt_103 by L2 Linker
  • 4460 Views
  • 1 replies
  • 0 Likes

Palo Alto Training Partner

Hello Community, We're thinking of becoming a Palo Alto Training Partner. Can someone please let know the process in becoming a training and partner and any links. Regards

Manage users connected to wire from layer 3

Hello i need for you help. The client has device connected in virtual wire mode and wants to configure another interface on the device that will connect to your LAN where their servers are and can see users who connect to the virtual wire mode. The virtual network wire is connected only to mobile users ..Since the other network want to manag...

Resolved! ECMP and circuit load

I have not been able to find an answer to this in the searching I have done. Does ECMP take into account the current load on the paths before choosing a path? We are using 'balanced round robin' on our metro-e links between locations, we have two providers with identical bandwidth at each location. My question is this: lets say a backup session ...

ldavie by L2 Linker
  • 3488 Views
  • 2 replies
  • 0 Likes

Resolved! Unable to access a site, please try for me

I am unable to access this site in any way throuth my PA 3020 With Pan Os 7.1Obviously is possible through a direct connectionCan someone try and temm me if is the same ?https://www.spcconnect.com/

nicolap by L1 Bithead
  • 7104 Views
  • 10 replies
  • 0 Likes

PA-200 Not Showing "Source User" in Monitor logs. Any Ideas?

Software Version: 7.1.2 User ID Agent: 7.0.4-5 After upgrading the PA and the UIA, the monitor logs are not showing "Source Users". I've also looked in the Reports section and it's not showing up there either. I've also tried to re-configure the Group Mappings again, but no luck. Any ideas would be greatly appeciated.

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks