This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

Highlight Unused Rules

HiWe're running 4.0.1 in a test environment. We have a large Checkpoint rulebase that we will export. It ideally needs a rule tidy up to remove unused rules and objects.Can someone describe how the "Highlight Unused Rules" tick box option on the policy page works. Yep, I know it sounds obvious!! But what is it based on - the logs? If so how far ...

fmd by L3 Networker
  • 6663 Views
  • 5 replies
  • 2 Likes

Netflow data - How often is it exported to a collector and..

Our firewall is setup to export Netflow data to Nagios Network Analyzer. We need to know: a) How often is data exported from the Palo Alto to the NNA collector, and b) How large are the packets sent from the Palo to the collector Any ideas on where to find this information?

LShelton by L1 Bithead
  • 5508 Views
  • 7 replies
  • 0 Likes

PAN-OS Bi-Directional NAT and Nintendo Online Gaming

I have a couple of Nintendo consoles on the network which would like to connect for online gaming. I am on a cable connection so am using Dyndns lookup for my external-IP. I have the following Bi-Directional NAT policies configured. Application Group Security Policy NAT Policy It seems to work with the Wii U but not with the 3DS...

screenshot_25.png
screenshot_26.png
screenshot_27.png

Resolved! Decrypting Dropbox

Hi,I want to decrypt Dropbox but it doesn't work. I have a catch-all decrypt policy that decrypts any-any SSL. It works fine except for Dropbox. My understanding is that Dropbox is on the PanOS internal exception list so decryption is supposed to be disabled automatically for DB. Looking at my traffic logs, I can confirm that application dropbox...

Global Protect Routing Table

Currently for Global Protect we route all traffic through the firewall. Is there a way we can add IP’s to the routing table for GP clients only? For instance, add GoToMeeting IPs and have all that traffic go out the Internet. Is this possible?

rrau by L3 Networker
  • 6364 Views
  • 1 replies
  • 0 Likes

K-12 - QOS with PARCC Testing

Has anyone looked into doing any QOS for the PARCC assesment testing? Right now I'm not doing any QOS on our 5050, but think it would be a good idea to do something so the testing gets priority over some staff member watching Netflix during their break period.

bbilut by L3 Networker
  • 2101 Views
  • 2 replies
  • 0 Likes

user to ip mapping with LDAP

I have a pa 3020 running 6.0.8 doing LDAP lookups to multiple edir servers, I have many users that PA shows as unknown but when I look on the server I see they are logged in x.x.x.x Why does this work for some but not all? I have done the following: debug user-id refresh user-id agent all debug software restart user-id show user server-monit...

ccboe by L0 Member
  • 2232 Views
  • 2 replies
  • 0 Likes

Lower fanspeed on PA-500 so it can be used close to a desktop environment (or at home)?

With PA-200 there is a command similar to: set system setting fan-mode auto in order to throttle the onboard fan(s) so it doesnt rev up to max rpm and stays there as it normally might do. But this command doesnt seem to exist for the PA-500 series or am I missing somthing here? All I could find is (output from: show system environmental)...

mikand by L6 Presenter
  • 3380 Views
  • 2 replies
  • 0 Likes

Resolved! Dedicated log collector licensing

How are dedicated M series log collectors licensed. We are planning a deployment with two M-100 appliances in an HA configuration. If we add a third M-100 as a dedicated log collector, do we need a third license for Panorama?

Lepton by L0 Member
  • 4588 Views
  • 1 replies
  • 0 Likes

Resolved! User-ID redistribution SSL error

Hello, I am trying to configure to 2 PA to share their user-id data. I used the following guide: https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/user-id/configure-a-firewall-to-share-user-mapping-data-with-other-firewalls.html#61291 Version is 6.0.10 - Communication is done through mgt interface - Both User-Id and HTTPS are...

Marck.To by L1 Bithead
  • 4528 Views
  • 2 replies
  • 0 Likes

User Activity Reports on Panorama

When we generate a UAR (Using Monitor/PDF Reports/User Activity Report) on Panorama for a particular managed firewall, we do not get any broswing summary sections in the report. If the same report is run on the firewall itself, we do get that information. What do we need to do get that information showing up in the Panorama reports? We do run ...

Nig by L1 Bithead
  • 2585 Views
  • 2 replies
  • 0 Likes

Resolved! Site which should be blocked URLF not being blocked after SSL decryption

We are blocking a particular category of URLs (say gambling). When we access the unecrypted site it is blocked as expected. When we add https to the URL and browse we are not blocked. I can see in the logs that access is allowed by the FW, even though it hits a rule with a URLF profile that should block the category. The category for the SSL c...

ISP failover in PanOS 7.0.4

Hi, We are moving from Juniper ScreenOS SSG firewalls to PanOS 7.0.4, 3020 clustered firewalls. On our Junipers we make use of a feature called track-ip for Interface failover between ISP's...This basically works by pinging a far device on the primary link, and after the PING failure limits being exceeded, the default route changes to that...

  • 24340 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks