This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Resolved! Unblocking ninite.com

I created a URL filter to block shareware sites; however I need to unblock one that I use. ninite.com. I have had no success getting this site to work. Adding the url ninite.com to the allow list, I am given an SSL error (enable TLS 1.0, 1.1, 1.2) which is enabled. I tried adding the IP address and that did not work. It appears the site is using...

jharlow by L3 Networker
  • 8245 Views
  • 7 replies
  • 0 Likes

Radius Authentication - Passive Firewall

Hi, I am trying to authenticate the passive firewall via Radius for management purposes. In the active firewall I have the same radius server configured with two different secret keys (one for active and one for passive). On my radius server I have two clients. One is the active firewall and the other for the passive. I can authenticate...

indysogi by L2 Linker
  • 4289 Views
  • 4 replies
  • 0 Likes

PCI compliance and port 443

We are employing GlobalProtect VPN on our PA, which also happens to be our intranet gateway (NAT) to the Internet. Technically speaking, the setup works very well. Because port 443 is typically open on most firewalls, we can connect to the VPN virtually anywhere. Unfortunately, our PCI compliance scan (public side of our PA) flagged the open HTT...

How to block access to internet based on User name and group

We have a request from our teachers for a way to block access to the internet based on students' username.Oh - and the teacher needs to be able to grant or deny this access from a simple interface... Myself and my colleague are scratching our heads on this one. What we are thinking is of trying to leverage Active Directory Groups in our PAN ...

ABAdmin by L1 Bithead
  • 8812 Views
  • 3 replies
  • 0 Likes

Resolved! Does statistics for appid ssl include other appid's using ssl such as gmail-base, facebook-base etc?

This is a fork of https://live.paloaltonetworks.com/t5/General-Topics/Statistics-reports-on-how-much-SSL-traffic-you-got/m-p/67945 but with a specific question. Dealing with reports in PA I wonder if the counters/statistics regarding appid ssl includes other appid's who also use ssl such as gmail-base, facebook-base and the others? That is l...

mikand by L6 Presenter
  • 2381 Views
  • 1 replies
  • 0 Likes

Google QUIC Disconnects

We started getting complaints from users that various Google services were showing intermittent disconnects. I think we've tracked it down to the QUIC protocol not being accurately identified by the PAN firewalls and getting blocked. I see 443/udp traffic from the hosts in question getting dropped as "unidentified-udp" mixed in with the allowed ...

cosx by L2 Linker
  • 4241 Views
  • 2 replies
  • 0 Likes

Reporting on Security/NAT Polcies and Hit Counts

Is there a way to export the current Security and NAT Policies to CSV, or even just PDF? I need to clean up a dirty firewall that I inherited, but I need other teams to let me know what is active/inactive. Screenshots or CLI outputs can work, but I want to provide this in a clear table format that is usable. I'd also like to know if there i...

Resolved! Statistics/reports on how much SSL-traffic you got?

Hi, any of you who knows if there is a whitepaper or such on how to generate a report or otherwise pick out the numbers/figures/graphs for how much SSL-traffic you got vs non SSL-traffic through a PA device? That is both in bandwidth and number of concurrent sessions over time.

mikand by L6 Presenter
  • 11549 Views
  • 17 replies
  • 0 Likes

Policy Based Forwading Capability Question

Hello All, Was just wondering if anyone may be able to help with this our question. Please see the attached High Level Diagram. Both Firewalls are PA 3020's with the full licence set enabled. We need to replace the ISA server which is not providing any other functions than forwarding the traffic down one of the 3 paths in the diagram, unfortun...

Data Flows.jpg
WesNeary by L1 Bithead
  • 6598 Views
  • 5 replies
  • 0 Likes

Resolved! Multiple Tunnels with 0.0.0.0/0 proxy-ids

The scenario is 3 firewalls, with PA-HO acting as the hub and PA-1 and PA-2 as the branch sites. The Branch sites connect to the head office network via ipsec tunnels to PA-HO and vice-versa. Due to multple dis-contigous subnets on the branches, it was decided to use 0.0.0.0/0 proxy-ids for the tunnels. This was proven to work for the PA-HO and ...

Resolved! About address and EBL limitation for maximum

Hello. I want to know my question what address and EBL maximum from you. 1. https://live.paloaltonetworks.com/t5/Configuration-Articles/Using-IP-Address-Lists-on-Palo-Alto-Networks-Policies/ta-p/57411 The above documnet describes " Each imported list can contain up to 5,000 IP addresses (IPv4 and/or IPv6), IP ranges, or subnets." How many c...

Resolved! Log timestamps

Hi, My query is about how the Palo Alto firewall timestamps logs when it sends them to a syslog server. Does it stamp the logs with UTC (GMT) time or does it use the configured local time as the timestamp? I notice when reviewing logs on the device it uses local time, however I'm unsure what they use once sent off the device. Thanks.

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks