This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Global Protect Limitations

Is there a way to stop disabled AD computer accounts from connecting to GP? We have a HIP profile attached to the GP rules which force the user to be compliant (ie. member of domain and have AntiVirus). however, when we disable their computer account, they are still able to connect. We can stop them from connecting by removing their user acco...

rrau by L3 Networker
  • 4184 Views
  • 5 replies
  • 0 Likes

Resolved! Issue with CPUID with PA-VM-100 on Vitualbox

Hi Guys!! I have installed a PA-VM -100 on my VirtualBox but the problem i m currently facing is as follows: - The CPUID does not appear on the dashboard (general info) i m only able to retrieve the UUID any idea why ? - Can I disconnect The VM i have already installed and registered without losing my licenses ? because i wanna re-u...

big_Gilo by L2 Linker
  • 3110 Views
  • 2 replies
  • 0 Likes

data filter on comment

Hi community , is there any way to filter comment contained some bad words (f**ck , so on) that is written by our employers to add any website(often use http) ?

Resolved! Policy Configuration App-ID

Dear colleagues.I do not have much experience in PA and I would like to help me with a configuration that is very basic for some.I wish to make is a policy in which App where certain app block p2p (torrent, Tor, ultrasurf) and allow other applications.I could help, thank you very much Ed

Edluna by L1 Bithead
  • 2791 Views
  • 1 replies
  • 0 Likes

Resolved! ACE Labs? Cannot access "Firewall Configuration Essentials 101"

Hi All, Have a question on the ACE 101 course labs that I was hoping someone could answer. I have a partner account and was able to access and complete the 101 coursework just fine. However, when trying to access the Labs, I am able to register, but all I get is a confirmation with a location link which takes to a map of Denver? I cannot fi...

Gipper by L1 Bithead
  • 4244 Views
  • 4 replies
  • 0 Likes

Best practiecs

Is anyone using these recommended settings? set deviceconfig setting tcp urgent-data clear set deviceconfig setting tcp drop-zero-flag yes set deviceconfig setting application bypass-exceed-queue no set deviceconfig setting tcp bypass-exceed-oo-queue no set deviceconfig setting ctd tcp-bypass-exceed-queue no set deviceconfig setting ctd udp-by...

jdprovine by L4 Transporter
  • 7258 Views
  • 11 replies
  • 0 Likes

PANOS 7.0 SNMP logical interface counters

I tried the feature and the RX and TX counters are a way off from the physical interface (Tested on 5060 using e1/21 and e1/22 for AE1). I opened a case with TAC, and this is the explaination from TAC, For hardware interfaces (ethernet1/21 and ethernet1/22), we only populate ""Physical port counters read from MAC" in the SMNP MIB.These are ...

When will a new GlobalProtectClient GUI/UI be written?

We've been holding off replacing our Cisco Anyconnect clients as the interface of GlobalProtect is a big downgrade for us. Any idea when/if there will be improvements made to the GP UI? At the moment it looks like it was developed by engineers with no UI team. Why do you have to go into a menu to connect to the VPN? It's the sole/single purpose ...

GPforWin7.png
anyconnectwin_reconnect2.png
pmc by L2 Linker
  • 7963 Views
  • 4 replies
  • 6 Likes

Resolved! cli: traceroute host, ping host use connected interface

Is it possible to have traceroute host and ping host default to using the interface the cli was connected to? We have the Management Interface of our PA 500 set to an internal address, like 192.168.129.11. We can connect to it from our mpls network using the IP assigned to that interface, example: 10.129.1.11,When we try a traceroute host or ...

Crazy policies needed for BGP and VPN

Hi, first read this article: https://live.paloaltonetworks.com/t5/Learning-Arti​cles/Any-Any-Deny-Security-Rule-Changes-Default-Be​... then I have this exactly behavor but I don't have wrote any/any/deny rules! In my enviroment both intrazone-default and interzone-default are blocked. It's that the problem ? Bho? To build a VPN with BGP pro...

Vulnerability exemption

Hi what is actually simple-client-critical simple-client-medium I I want to change the default action from alert to block . the rule is under simple-client-medium , but the search result shows it is under simple-client-high Thanks

36029.png
sib2017 by L4 Transporter
  • 2387 Views
  • 2 replies
  • 0 Likes

URL White Listing

Hi all, First of all, we are impressed about MineMeld, thanks Luigi for your ideas and work. We have just started to play with MineMeld and wandering the format to whitelist domains and network ranges using stdlib.listURLGeneric (as wlURL) We would like to allow web access to any host at 192.168.0.0/16 and any URL to *.somedomain.com We tried se...

Resolved! CLI checking licenses

Hi everyone! 2 quick questions in 1: -To be able to include a URL as destination in a policy, do I need to have license for URL filtering?-How can I check what licenses do I have in the CLI? Thank you!

No Email protection for SaaS

The closest way to protect a SaaS email soltuion I have found is Proofpoint which has a wildfire API hook option. I am supprised there is no SaaS service for forwarding attechments or inline scanning of email directly from paloalto networks.

Tech101 by L1 Bithead
  • 2919 Views
  • 3 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks