This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4450 Views
  • 0 replies
  • 0 Likes

Resolved! "LAN" Interface Failover configuration - Primary: dedicated Line, Secondary: VPN

Hi there, maybe it's not that complicated but I didn't find a post for this scenario: The LAN of our Clients are in Location1 (~ 200 km) The LAN of our Servers are in Location2 Location1 and 2 are using the same firewall which is stored in Location 2 because Location 1 has a dedicated line to Location 2. The Primary connection between Loca...

Resolved! global protect client

Connect option grayed out under status tab on global protect client? Anyone know what the cause is and the fix?

jdprovine by L4 Transporter
  • 4670 Views
  • 6 replies
  • 0 Likes

Cannot Change Application Risk Category Customization

I'm running 7.1.2, but the problem started after 7.1 beta update, I believe. Setting an applicaiton risk category manually results in it showing up correctly in the application's open window details; however, the firewall will only recognize the default risk category. This has effectively rendered my applcation filter rule useless. I have trie...

rrubino by L0 Member
  • 3321 Views
  • 3 replies
  • 0 Likes

Rule to block TOR Application blocks all traffic directed to Internet

Hello Community, we have an issue when we try to block TOR application. We do a rule like the image reported below and put it on top of the rulebase: But it seems that all Internet traffic is dropped by the rule named "Tor_Blocking". We see the Application is "Not-Applicable" on all log files. It seems PaloAlto cannot resolve properly th...

Rule_TOR.png
LOG_TOR.png

Sample configurations and logs for PAN-OS and Panorama for VM-Series Base Images

Dear PA, In order to enhance my learning effect with PA products, I installed VM workstation 12 Player and downloaded and ran the PA-VM-ESX-7.1.0 Base Images in it. The PAN-OS (Play virtual machine) runs fantastic on windows 7. I enjoyed playing around in the VM, but I missed the sample configuration and logs in order to understand the outcome...

Captive portal user-id for all services

Hi, I have set up a captive portal for services http and https. The captive portal works well and I get user-id/IP mapping in the logs. The rules are then applied based on the user group membership (AD). However, this user-id mapping does not work for all services and therefore some rules are not applied based on the user-id... The sessions ar...

Screen Shot 2016-05-21 at 6.45.36 PM.png
Screen Shot 2016-05-21 at 6.43.42 PM.png
JBOURDON by L0 Member
  • 3414 Views
  • 3 replies
  • 0 Likes

Terminal Server Agent service account issue.

Configured a new TS on palo alto and installed agent on the server. Already have 2 TS configured on the PA and running fine.This new server has 2 service accounts with both needing internet access. These are adsync and centrify service accounts. I can see mapping of the users who are logging to TS server but service accounts are having issues. c...

Resolved! NSX Tags IP information gets lost between Panorama and 5060's

Hello, We are sending NSX Tags with IP's to Panorama, in Panorama everything shows up great, then when we go to our Physical 5060's Edge Firewalls we see the Tags but the IP information is missing. This makes it hard to build North/South Rules if it dosn't know what the IP addresses are for the Tags. Anyone know what we might be missing? How ...

dschmidt by L0 Member
  • 2797 Views
  • 2 replies
  • 0 Likes

Resolved! Many-to-One Destination NAT

Hi, We currently have a problem on site where our windows domain name matches the website name so the naked domain DNS configuration contains an A record for a web server and not the domain controllers. As a short term workaround (because it could take 2-3 years to plan and change the domain name) I'm using the destination NAT feature. In my tes...

panos_screenshot_campusmsdcsuat.png

Url category unknown for dropbox and msn

Hello I'm using BrightCloud URL Filtering (at the moment I have 4792 version on my device). I'm started testing this functionality (security policy with url filtering in monitor mode). In Monitor tab in URL filtering section I see: How it's possible that DropBOX and MSN are in unknown url category? Regards SLawek

2016-05-19_095625.jpg
_slv_ by L4 Transporter
  • 2326 Views
  • 2 replies
  • 0 Likes

Resolved! Question about HA 2 link

Hi Team, Good day!My questions is in regards to the HA 2 link. It is a l2 link. However, we can have an IP address on it. However, lets say that we have no IP address on dedicated HA 2 link on both sides. Now, If I have a L2 switch in between How will one side come to know about other's MAC address? Thanks in advance. Regards.

yadsingh by L2 Linker
  • 3152 Views
  • 1 replies
  • 0 Likes

Resolved! PPS Report

Has anyone built a custom report to get packets per second for a destination? I see we can get total packets transmitted/received over a given period of time, but nothing for calculating pps right in the report. Any suggestions? Thanks!

AmyTyler by L2 Linker
  • 4778 Views
  • 4 replies
  • 0 Likes
  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks