This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4122 Views
  • 0 replies
  • 0 Likes

Resolved! Can't remove vsys specific SSL TLS Service Profile

This is a strange issue. PA-3020 recently upgraded to 7.0.4. The firewall is in single vsys mode. I installed new SSL certificates for Global Protect. Somewhere during the process of installing the new certificate and upgrading to 7.0.4, an ssl-tls service profile was automatically created. I didn't create it. I'm trying to delete that c...

ESM service account rights

When I try to install the ESM core and console with a service account that does have the logon as a service rights but not administrator rights, I keep running into issues. As I don't like to grant full admin rights to a service account on a box I'd like to know the exact rights needed for this service account. Can someone provide them?

Resolved! How do I identify which PC made a suspicious DNS query?

Hello I have setup the Anti-Spyware Profile in our firewall and I have a lot of threat logs of type spyware suspicious DNS queries from a domain controller machine and this is cleansed. Monitor > Logs > Threat list As you can see I have configured the sinkhole method. But I woluld like to know how could I identify which PC are making t...

sinkhole.jpg
SOC_CSG by L4 Transporter
  • 8445 Views
  • 3 replies
  • 0 Likes

Resolved! Cisco VPN traffic

If a vpn tunnel has been successfully established from a cisco device and passing through the PA firewall, is it possible for the PA to still drop the traffic destined for the established tunnel?

jdprovine by L4 Transporter
  • 4610 Views
  • 4 replies
  • 0 Likes

Resolved! URL Filtering - Exception Policy based on Machine

Need a way to except a machine from the URL policy. Currently I can only find a way to except a user level however, I have one machine that is not on the domain that is used to communicate to several external services.

jharlow by L3 Networker
  • 3444 Views
  • 3 replies
  • 0 Likes

Shadow rule warning messages

Hi All, I have PA-5050 with version 6.0.9 with multi Vsys. I am migrating from perticular Vsys configuration from PA-5050 to PA-3050 physical box. I exported the config from one Vsys from PA-5050 to PA-3050. While committing on PA-3050 I can see shadow rule warning messages .. but where as same rules on perticular Vsys on PA-5050 , I am not se...

HA Preemption and Session Syncronization - you need HA2

For whatever reason I didn't see the need to configure HA2. But while testing HA I could not get preemption to work. I read everything I could find online and got frustrated that it would not let the designated firewall take back control automatically. I read the system log and bit more closely and found this entry: "HA Group 1: Ignoring session...

DTG123 by L1 Bithead
  • 2899 Views
  • 2 replies
  • 0 Likes

Christmas wishlist (DNS ALG, address space overlap, IPv6, alow nothing)

Dear all, To start with, i like to say i love working with aploalto, really nice platform. We are useing the paloalto as an sort of advance VPN concentrator with all the bells and whistles. I want to share some of the features i desperately lack that i never new i would need in my project. The reason i'm sharing is i would love to know who als...

Panorama local logging

Hi, we have a panorama which is not logging anything about system/data related to itself or the managed devices. Can you please let me know why this could be the case? I have logged into to the console SSH and typed show logging-status device * and I cannot see any counters or stats for any last log received, last log generated or last s...

Error downloading 7.0.4, with 7.0.0 previously downloaded

Hi, im thinking to go to PanOS 7.0.4 from 6.1.2. I have downloaded PanOS 7.0.0 correctly, but when i try to download 7.0.4 i get this error. I have downloaded the 7.0.0 version when i launch 7.0.4 to download. DetailsSuccessfully downloadedTransferring a copy of image to HA peerPreloading into software managerThe required '7.0' base image m...

ipsec

Hi Internet edge firewall is cisco asa .Behind Palo alto running in virtual vire mode. for some reason ipsec users cannot connet to outside . What we need to be done at palo alto side ?Thanks

sib2017 by L4 Transporter
  • 5610 Views
  • 9 replies
  • 0 Likes

You tube filtration issues

I'm at a bit of a losst and am writing to see if anyone else has experienced anything like this: I have a policy that allows unrestricted access to youtube.com via http/https. Accessing this rule is only allowed based on membership in an AD group. And in testing, it seems to work, when i add my user object to the policy itself. I don't access ...

bwsaloum by L2 Linker
  • 4071 Views
  • 4 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks