This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4254 Views
  • 0 replies
  • 0 Likes

What is the "Allow" action in Data Filtering log for Wildfire?

Hello, I understand what forward, upload, and upload skip mean in the Data Filtering logs for wildfire. But some files I see the Action listed as "Allow". What does this mean exactly? I've been searching for an hour and can't find any reference to that action. Thanks, Elliott

epeeler by L2 Linker
  • 2666 Views
  • 2 replies
  • 0 Likes

Resolved! Configuration Migration between same series appliances

Hello PAN Community. I would like to read your opinions/comments about the following situation: we currently have a HA Scenario deployed in production with 2 PA-3050 in active-pasive mode, both of them with PAN-0S 6.0.4. We plan to replace the scenario with PA-3020 appliances and both of them with PAN-OS 6.0.6 installed. How should we proceed? I...

Resolved! SSL Decryption - log for SSL certificate errors?

Hi all, We are using PANOS URL Filtering and SSL Decryption, and we reject a variety of SSL certificate problems such as expired certificates, SHA-1 signing, etc. When one of our users hits one of these web sites, they get a "block" page. This invariably leads them to submit a request to have the site unblocked, without any additional inform...

RSKadish by L2 Linker
  • 8870 Views
  • 3 replies
  • 0 Likes

Resolved! Proxy IDs help

HelloI have a Palo Alto Firewall which wants to have IPsec Tunnel with a peer firewall which is a Checkpoint Firewall. Any of the firewalls can initiate VPN Traffic. Can someone kindly let me know, what proxy IDs can be set on my Palo alto firewall for the following 2 cases.Case 1:My internal networks for VPN (Palo Alto Firewall) : 172.16.10.0/2...

way to do site-to-site with single tunnel and preserve security rules for intra and interzone?

hello all, I've got to add a new satellite office into our network and I was hoping to do this with a single tunnel. If that were all that was required I'd probably be fine, but it's complicated by the fact that several years ago when our network was built it was decided, presumably for budget reasons, to use our PA hardware as router, firewal...

Domain-map showing no result

What can be the possible reason for debug user-id dump domain-map showing no result. I have a domain with netbios name as test where in the actual domain is test.abc.def.com. I am using user-id agent. I am pulling mapping from the user-id agent as test\usernamewhere as group mapping as test.abc.def.com\group.when I tried to use domain-map comman...

Westcon2 by L3 Networker
  • 2718 Views
  • 1 replies
  • 0 Likes

Wildfire signature

Hi folks, After Wildfire detect that file is malicious , how can i block this file or how can i find this malicious file signature ?

User-ID domain-map

Hi guys. I have a problem with a user-id setup in a large multi domain envoirment. User-ID agentd are working fine, but the user did not match against the group mapping. It looks like we have a problem with the domain map. The command debug user-id dump domain-map delivers only a empty result. We setup the group maping against the Global Catal...

Routing Multicast PIM SSM

Hi guys, I have Palo Alto cluster A/P with PIM SSM, I would like to know how is manage the multicast routing if i lost the active member ? Regards

Zacre by L0 Member
  • 2583 Views
  • 1 replies
  • 0 Likes

Resolved! How to find out the right app-id

Hi all, I started studying PA firewall recently and am struggling with finding out the APP-ID for some traffic. I can easily find out the services(or ports for CISCO ASA) and create the rules based on services/ports, but by doing this we will lose the visibility of application which is the reason we use PA in the first place. So, use as much ...

Firewall rule optimization

Anyone know of any good firewall optimization software for PA. One that can review the rules and make good suggestion to improve the rule order, removal etc?

jdprovine by L4 Transporter
  • 4788 Views
  • 6 replies
  • 0 Likes

PA Bypass Question - McAfee Evader

Does anyone have any information on the latest posted PA bypass? The youtube video shows some of the FW features being bypassed using McAfee Evader. It appears to require an IP of the firewall to execute - the example also shows most of the evasions relating to protocols not likely to be exposed over the firewall (NetBIOS, RPC, SMB) so I'm no...

Demast by L2 Linker
  • 2637 Views
  • 1 replies
  • 0 Likes

Custome report

Hi How to generate trafficreport for webmail usage like gmailyoutube -education? Thanks

sib2017 by L4 Transporter
  • 1992 Views
  • 1 replies
  • 0 Likes

Block facebook by URL instead of category. Not doing SSL Decryption

Hey everyone! I have a request from one of my other offices to block access to facebook. The users there are already covered by a policy using a URL Profile that blocks the social networking category. I also added facebook.com/ and *.facebook.com/ to the block list for that URL profile. Users are blocked when going to http://www.facebook.com...

  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks