This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4473 Views
  • 0 replies
  • 0 Likes

Site-to-Site VPN with Dynamic Peer IP address not forming

In this set up, I'm trying to configure a site-to-site VPN between a PA and a Cisco 3G router (whose IP address will be dynamic). I'm unable to get the tunnel working. When I run the command 'show vpn ike-sa gateway <gatewayname>', I get no information about the tunnel. It doesn't even seem to know about the tunnel. Any ideas please?

Bocsa by L3 Networker
  • 6561 Views
  • 7 replies
  • 0 Likes

Disabled policy rules

Hi, Under monitoring , still disabled policy rules matching to some some session . And the session status are most of them 'incomplete' .Why ? Thanks

sib2017 by L4 Transporter
  • 2666 Views
  • 3 replies
  • 0 Likes

Resolved! DNS traffic allowed for one server but dropped for another

I have a perplexing problem with allowing DNS traffic from internal to the internet on our new PA-3020 running 7.0.3. We have 2 DNS servers in our datacentre on the same subnet that perform queries to a couple of external DNS servers provided by our telco. I have a rule allowing traffic from the 2 IP's (Internal Zone) for our DNS servers out...

Mitre10 by L0 Member
  • 5605 Views
  • 1 replies
  • 0 Likes

What Dynamic block lists do others use?

Hi there, I have recently started wanting to setup using some Dynamic block lists in my PA box. I just wondered if others use these and if so, which sites do they use? I was inially looking at using these 2. www.spamhaus.org www.openbl.org Any others that you would suggest? Or even, if you have reason to not use the above 2 I would lov...

JRussell by L3 Networker
  • 3365 Views
  • 2 replies
  • 0 Likes

Resolved! Disabling Direct Access To Local Networks - GP VPN

Hi, I was wondering whether someone can provide me clarification on this feature. Palo states "You can now disable direct access to local networks so that users cannot send traffic to proxies or local resources while connected to a GlobalProtect VPN. For example, if a user establishes a GlobalProtect VPN tunnel while connected to a public h...

indysogi by L2 Linker
  • 4188 Views
  • 2 replies
  • 0 Likes

Resolved! Authentication user (UserID agent) problems

Hi, user registered sometime in UserID-Agent and sometime they dont, randomly...We have installe another UserID agent but the result its the same. we run show user ip-user-mapping all and we dont see any user, but if we run show user ip-user-mapping-mp all we see all the user. where the users should appear, in dataplane or management plane??? ...

Issue creating IPSec VPN using loopback

Hey guys, Looking for some assistance on getting a strange issue resolved. I've got a site-to-site VPN set up for a connection to AWS for one of our customers. I've created two loopbacks, loopback.5 and loopback.6, on the outside zone that fall in the same subnet as our regular ethernet interface, which is a /29. I've verified that our peers I...

Resolved! Have you guys ever set RAID Auto Setup (Ignore Non-Matching Models)?

Hello~ The PA-5020 are using one disk. [size 120GB] My customer want to add one disk and RAID configuration and has another SSD [size 240GB] also model is different. I guess that PA-5000 Series support Raid as different model including I have never tried to test about that. Are there any who tried to do about that? I don't know how to proc...

John_Lee by L2 Linker
  • 2405 Views
  • 1 replies
  • 0 Likes

Resolved! Egress/Ingress difference for QoS

Hi Everyone, My internal network (trust zone) operates at 1Gb speeds and the connectivity with ISP (untrust) is at 100Mb. I am in the process of setting up SIP QoS but am a little confused as to how I should manage the inconsistences between the ISP and internal network speeds and the "Maximum Egress" field for the "QoS Profile" section. Shoul...

Resolved! Are there any applications that web-browsing, ping are not offload?

Hello I am considering of turning off offload at PA due to packet capture. I read one of documents about session in comunnity site. web-browsing, ping are not offload.. so I don't need to do command line [offload no] If I want to do pcap to inspect detail logs about that Could you give me who has non offload applications lists? Thank you

John_Lee by L2 Linker
  • 3009 Views
  • 1 replies
  • 0 Likes

max session count in a month

Hi All, I want to find maxmimum session count reached in the past month. Now the PA device is not live, so i cannot find the current/live session count from the dashboard. Under monitor > App Scope > network monitor i can get the traffice detail for the session count but it is showing number session for the whole day. I have at...

session count for 30days.jpg
Gururaj by L4 Transporter
  • 10351 Views
  • 4 replies
  • 1 Likes

Resolved! PBR/NAT mechanics

Good morning everyone, I have a weird issue that I think is related to how PBR or NAT works and/or something we need to program differently on our Palo Alto. I’ll try to explain our setup and the issue that occurred. We have our main circuit that is utilized for VPN tunnels, NAT forwarding rules to our servers and pretty much anything that i...

ClintL by L2 Linker
  • 4261 Views
  • 2 replies
  • 0 Likes

Resolved! SSL Decryption

With SSL Decryption it is recomended that Financial services & Medical category is not decrypted. My question is how do you ensure that sites that should not be decrypted are not i.e. JP Morgan is clearly a Financial services and will not get decrypted. But if a user were to access a very obsecure Financial Website it may be classified inco...

RC-BHF by L2 Linker
  • 3353 Views
  • 2 replies
  • 0 Likes

UserID and user(s) logged in to multiple devices or multiple user(s) logged in to the same device?

Today there are various options to achieve UserID using PaloAlto Networks devices: - Install agent on AD-servers to tail the local security log to pick up which userid uses which ip. - Install agent on remote servers that will tail the security log of one (or more) AD-servers (variant of the above - will bring you more network traffic but at t...

mikand by L6 Presenter
  • 7180 Views
  • 5 replies
  • 0 Likes
  • 24380 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks