This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4238 Views
  • 0 replies
  • 0 Likes

Resolved! Have you guys ever set RAID Auto Setup (Ignore Non-Matching Models)?

Hello~ The PA-5020 are using one disk. [size 120GB] My customer want to add one disk and RAID configuration and has another SSD [size 240GB] also model is different. I guess that PA-5000 Series support Raid as different model including I have never tried to test about that. Are there any who tried to do about that? I don't know how to proc...

John_Lee by L2 Linker
  • 2380 Views
  • 1 replies
  • 0 Likes

Resolved! Egress/Ingress difference for QoS

Hi Everyone, My internal network (trust zone) operates at 1Gb speeds and the connectivity with ISP (untrust) is at 100Mb. I am in the process of setting up SIP QoS but am a little confused as to how I should manage the inconsistences between the ISP and internal network speeds and the "Maximum Egress" field for the "QoS Profile" section. Shoul...

Resolved! Are there any applications that web-browsing, ping are not offload?

Hello I am considering of turning off offload at PA due to packet capture. I read one of documents about session in comunnity site. web-browsing, ping are not offload.. so I don't need to do command line [offload no] If I want to do pcap to inspect detail logs about that Could you give me who has non offload applications lists? Thank you

John_Lee by L2 Linker
  • 2984 Views
  • 1 replies
  • 0 Likes

max session count in a month

Hi All, I want to find maxmimum session count reached in the past month. Now the PA device is not live, so i cannot find the current/live session count from the dashboard. Under monitor > App Scope > network monitor i can get the traffice detail for the session count but it is showing number session for the whole day. I have at...

session count for 30days.jpg
Gururaj by L4 Transporter
  • 10231 Views
  • 4 replies
  • 1 Likes

Resolved! PBR/NAT mechanics

Good morning everyone, I have a weird issue that I think is related to how PBR or NAT works and/or something we need to program differently on our Palo Alto. I’ll try to explain our setup and the issue that occurred. We have our main circuit that is utilized for VPN tunnels, NAT forwarding rules to our servers and pretty much anything that i...

ClintL by L2 Linker
  • 4210 Views
  • 2 replies
  • 0 Likes

Resolved! SSL Decryption

With SSL Decryption it is recomended that Financial services & Medical category is not decrypted. My question is how do you ensure that sites that should not be decrypted are not i.e. JP Morgan is clearly a Financial services and will not get decrypted. But if a user were to access a very obsecure Financial Website it may be classified inco...

RC-BHF by L2 Linker
  • 3318 Views
  • 2 replies
  • 0 Likes

UserID and user(s) logged in to multiple devices or multiple user(s) logged in to the same device?

Today there are various options to achieve UserID using PaloAlto Networks devices: - Install agent on AD-servers to tail the local security log to pick up which userid uses which ip. - Install agent on remote servers that will tail the security log of one (or more) AD-servers (variant of the above - will bring you more network traffic but at t...

mikand by L6 Presenter
  • 7068 Views
  • 5 replies
  • 0 Likes

idle traffic sessions

I know that you set timeout for global protecte sessions that go idle but can you set other idle traffic to time out?

jdprovine by L4 Transporter
  • 5212 Views
  • 7 replies
  • 0 Likes

Resolved! Block ms-update for GlobalProtect sessions?

Hi all -- Lately, with the Win10 release, I'm finding many of my VPN users are downloading gigs of updates over my meager 10mbps company internet cxn. I'm wondering if there is any way to block specific services/applications (ie.- ms-update) over a GlobalProtect connection.. I can't find anywhere to specify a URL filtering profile in the Ga...

thatguy by L2 Linker
  • 3616 Views
  • 3 replies
  • 0 Likes

Resolved! Pull Info on Specific GlobalProtect User

Is there a way to pull information on a specific user connected on globalprotect throught the CLI? I know the command: show global-protect-gateway current-user pulls all the users in... but what about just for a single user? Thanks.

mmclimans by L3 Networker
  • 2877 Views
  • 1 replies
  • 0 Likes

Resolved! Uptick in RFC2397 Data URL Scheme Usage Detected (30419) ?

Before I go on a wild goose chase, has anyone seen an increase in threat 30419 (RFC2397 Data URL Scheme Usage Detected)? It seems like these things trip for a while until PA figures out someone's using something novel in a new App. A new application sig comes out and the alerts go away...

MCmgt by L2 Linker
  • 6434 Views
  • 7 replies
  • 0 Likes

QoS Implementation for Voice Traffic

We are looking to implement QoS on our Palo Alto device for our voice traffic. We are currently tagging voice traffic with DSCP 46(ef). This is done at the source using Windows group policy to tag all traffic that originates from application "lync.exe". We can see the traffic is definitely being tagged by performing a pcap at different points...

VLAN taggin Wireless traffic

I have a Wireless Access Point with multiple SSID's configured connected to a PA-200 on the interface ethernet2 (vlan). The PA config is setup as per https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-Up-the-PA-200-for-Home-and-Small-Office/ta-p/61838 I would like to apply a security policy between each SSID. How would I ap...

Resolved! Device Group Hierarchy and Template Stacks in 7.x

Howdy all! I am really curious about Device Group Hierarchy and Template Stacks in 7.x. There could be incredible value in utilizing these features in my environment. The biggest question I have is: Does Panorama AND the target firewall BOTH have to be on 7.x in order to take advantage of this management structure? It sounds to me like the ...

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks