This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4477 Views
  • 0 replies
  • 0 Likes

PA blocks outbound port 10443, doesn't show up in logs

I have and external website that I need to access on port 10443: https://<public IP>:10443. The connection never completes and times out. If I pull the PA FW out and throw in an ASA, works just fine. The logs on PA don't even show port 10443 being accessed or logged. No matter what log I check, I find nothing. Any idea? Thx

dclark1 by L1 Bithead
  • 5284 Views
  • 8 replies
  • 0 Likes

SMTP weird characters

Hi everyone!My client's SMTP traffic goes through ASA and Palo Alto and some other network application devices such as proxies and stuff.At some point, the SMTP message gets some SMTP characters added. I removed ASA ESMTP inspection just in case, and still the characters appear.Is there any kind of inspection such as the one in ASA to disable in...

incomplete and ddos drops

Hi The following report shows incomplete Database: Traffic LogColumns: Source Zone, Source Address, Source Port, Destination Zone, Destination Address, Destination Port,Application, BytesQuery Builder: (app eq incomplete) and (port.dst leq 1023) but the " show counter global filter category flow aspect dos " does not give any indication of drops...

sib2017 by L4 Transporter
  • 2199 Views
  • 1 replies
  • 0 Likes

Importing device into Panorama with shared objects

Hello I would like to import device into Panorama with all objects as shared into Panorama. I read the below line from PA documentation Import devices' shared objects into Panorama's shared context is enabled by default, which means Panorama imports objects that belong to Shared in the firewall to Shared in Panorama Now the question is the how t...

Is it possible to set Log Forwarding profile on ALL existing policies

So, we have been handed down a new requirement that ALL traffic logs must be forwarded to a new syslog server. I've created the server profile and log forwarding profile on my firewalls. My question is: Is there an easy way to add the log forwarding profile to ALL of my exixting policies? Or, am I going to have to do this one policy at a time?...

Image 1.png
rpainter by L1 Bithead
  • 2802 Views
  • 2 replies
  • 0 Likes

Download of Panorama for VM-Series Base Images

Dear PA, Is there any release of Panorama for VM-Series Base Images available to download? If yes, where and how. I need it to run in the VMware workstation player to test. I didn't see the in the software Updates of my account. thank you. regards Enyuan

Resolved! Aperture use

HI, anyone out there use Aperture yet? I have trial license which I have setup and added polices. Now what is suppose to happen? I see it show me Im now monitoring Salesforce and box.com but as show below everyting is showing "0's after a week of running. Whats suppose to happen? Should I try to upload a file or something? I did try to upload ...

Screen Shot 2016-04-20 at 8.59.12 AM.png

Source IP address is set to "none"

Hello All, Lately I am noticing some polices that the Source IP address set to none as shown below can anyone let me know if none act like any or not? I think yes as I created policy from Noc_OSS zone with IP add 192.168.*.* toward Default zone with IP add 192.168.*.* after I commit showed me Warnings that the below policy shadow the new one. ...

none.PNG
M.Hafi by L1 Bithead
  • 5972 Views
  • 6 replies
  • 0 Likes

Ethernet interfaces randomly resets

Hi, I have an issue, I'm running PA-200 with PAN-OS ver. 6.0.12 I'm running Palo in Virtual Wire mode Eth1/1 is untrusted zone and Eth1/2 is trusted zone. My problem is that from unknown reason the interfaces randomly just freeze (LEDs are going off) and after few seconds interfaces are back. But the problem the traffic in network is already...

ScreenShot412.png
jac_nor by L0 Member
  • 2734 Views
  • 3 replies
  • 0 Likes

Restart UserID will affect to the service?

Hi, If i run these commands in FW will affcet to the service??? Please try restarting the User-ID >Debug software restart process user-id >Debug user-id reset user-id-agent all How log affect to the users? Should i ask for a window maintenance? Thanks a lot.

Best practice for blacklisting App-IDs

What is the best practice for blacklisting potentially harmful Application ID's(from "trust" to "untrust" over 80/443)? I started blocking on specific App-ID's, but maintaining this blacklist per App-ID will be kind of cumbersome. I'm thinking about using Application Filters to block based on Application subcategory. The only issue here is ...

jambulo by L4 Transporter
  • 5987 Views
  • 4 replies
  • 0 Likes

Question/FR for mining rDNS zones?

I have a environment that is currently using rDNS to identify host security policies, and it has older Checkpoint firewalls use this data dynamically via CP Domain Objects to tie rDNS lookups to security policies. This obviously has some challenges and scaling limitations, but fundamentally allows system owners to classify common devices into pr...

mpetzold by L0 Member
  • 3346 Views
  • 1 replies
  • 0 Likes

Feature Request Policy Export

Hi paloalto community I really don't knwo where I should place my feature request. I hope it's the right place and somebody notice my request. I would appreciate an export button for policies and objects directly to csv. It should be possible to filter rules like the traffic log and then export the view (like the log export). I would be fine t...

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks