This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4229 Views
  • 0 replies
  • 0 Likes

Resolved! How to configure NAT for untagged subinterfaces?

I'm trying to set up a fairly simple configuration where we have our separate wired and wireless networks connecting to the internet via one shared interface eth1/1Basically, I am attempting to replicate the configuration here https://live.paloaltonetworks.com/docs/DOC-1884 (but with only 2 local networks, not 3). This document stresses that exp...

Resolved! ACC 7.0 - App usage by IP

Im not finding the way to see the application usage by IP on the new 7.0 ACC. For example in the old ACC when i click in one of the top App (for example SSL) it send me to a new page that shows me the top sources and top destination for that application. In ACC 7.0 it doesn´t look like that.

aprync by L0 Member
  • 3991 Views
  • 4 replies
  • 0 Likes

Requiring "Continue" to download PE executables?

How have people done this in practise? We would like to prompt people so they have to choose "continue" to download PE executable files. I know this only applies to "web-browsing" but when I test this, a Google Chrome update shows as "web-browsing" and isn't interactive so the user doesn't get the prompt to continue, nor does the update down...

Panorama admin authentication and Admin Roles

Hello, Is there a best practices guide regarding Panorama Admin roles that includes the pros and cons of using Radius vs Active Directory or even TACACS+ to authenticate Firewall/Network admins. What are other large Enterprise environments doing? Goals: 1. Minimize account administration in multiple locations 2. As we already have strong A...

Best 7 OS version

I am planning on moving to the best version of the 7 OS next month any one have a preferred version or any gotcha's to avoid?

jdprovine by L4 Transporter
  • 3105 Views
  • 4 replies
  • 0 Likes

About throughput performance with only url filtering

Hello, I have questions. I know throuhput performance is half when using Threat Prevention. If we would use only url filtering, how is PA's throughput performance? Is it same when using TP or only using application? And If we would use only file blocking, how about? I think if url-filtering and file-blocking use signature-match-chip, it wo...

Resolved! DBL Formatting

We're having an issue getting firewalls running PANOS 6.1 and 7.0 to consume the DBL's created by Minemeld output nodes. None of the output node URL's end with .txt, which appears to be a requirement according to the live documents below. However, .txt cannot be added to the output node name in Minemeld. Is there some configuration we're missing...

nbilal by L3 Networker
  • 32498 Views
  • 14 replies
  • 0 Likes

Resolved! Complex User-ID Scenario... Ideas? Solutions?

Hey all -I work for a very large global organization. Our design for User-ID is such that some locations can use the UID Agent, others can't - and so they use the Agentless, on-box UID. One issue we have is that we have thousands of what we call "common" and "job" (or, process) accounts that some people use to access remote machines from their...

Error updating Panorama to 5.1.0

Hi, we have installed the version 5.1.0 in Panorama and changed the values (LSI,RAM,SO) in VM, but when we restart the VM the panorama is not going up. CMS withouth credentials is not working. Maintenance mode shows this: What could we do???

panorama.jpg

Captive portal issue

I have a url catogery named office365 . I have configured it for no portal for http and https services. But when I check the monitoring logs it shows captive portal yes for this catogery.

Resolved! Multiple IP's on a single interface

This may seem like a silly question but hope someone will be able to answer for clarification. I have inherited a less then stellar network IP Scheme where the second octet is the same as the vlan id. However they started this in the 172. address space so I have things such as 172.111.0.0/16 as a adress range with multiple devices all assigned w...

jonkuzma by L0 Member
  • 12786 Views
  • 3 replies
  • 0 Likes

Resolved! Deactivate Url-filtering

Hello all,I have problem with deactivation of URL-filtering on my PAN-500.My license had expired on 30.04 and I still receive system alert:opaque: License for feature url-filtering expired on 2016/04/30I tried to use:set deviceconfig setting url dynamic-url nobut it doesn't work.

ITBT by L1 Bithead
  • 2924 Views
  • 1 replies
  • 0 Likes

Firewall Interface Not Responding to Pings

Hello Community, My firewall won't respond to pings. My Palo Alto sits within a VM. At first I thought it was because the mac address in my ESXi didn't match the mac address on the interface, but then I noticed none of my other interfaes match with my ESXi, but they all seem to work. see image Its just ethernet interface 1/4 that doesn...

mac.png
outside.png
ethernet1-4.png
ethernet1-4mac.png

Global Protect does not Work after transfering licences from PA-500 to OSS SPARE

Hello To All, I'm facing an issue after doing a migration. We'd an issue with a FAN on PA-500, so RMA works fine We decided to transfer licences from PA-500 fan error to OSS Spare. Everything went well until we do realize that Global Protect is not working anymore. The Synch between AD/LDAP and PALO is OK When we try to log-in to Global p...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks