This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

User-ID Agent - Domain Override?

Hello All,I deseprately need an option to override the domain name for user-IP-mappings collected from an User-ID Agent.I've found that the Terminal Server User-ID agent has that option (https://live.paloaltonetworks.com/t5/Management-Articles/Domain-Override-Functionality-on-Terminal-Server-Agent/ta-p/63107) which is very handy for multi-domain...

BLazarov by L1 Bithead
  • 5946 Views
  • 2 replies
  • 0 Likes

Resolved! Using Splunk for collecting PA logs

Hi. We have a PA-5050 running PAN-OS 6.1.5. With the limited disk space we currently only get about 4-5 days worth of traffic log before it starts overwriting older events. We would like to increase this period to at least 6 months. One solution would be to setup Panorama which as a virtual appliance presumably would have unlimited disk space av...

HSTS and HPKP "pinned certs" - breaks decryption and captive portal

I'm seeing many sites recently, like Google and Reddit for example, that are implementing HPKP, which prevents man-in-the-middle decryption like the PA. Currently, Chrome browsers completely ignore the PA certificate on these sites and use the site cert. Firefox just stops with a security message with no proceed or bypass, even when the PA root ...

Maxstr by L3 Networker
  • 11392 Views
  • 8 replies
  • 0 Likes

Resolved! Global Protect Client settings

I Have configured Global protect and can successfully connect via clients. But after the initial instlal the users have to manually put in the port address along with their username and password.Is there a way to auto populate the portal address so the users do not need to know that info?

Security policies

Is there a good method to get and exported list of all the security policies on the PA without exporting the whole running configuration and in a format that is easy to read?

jdprovine by L4 Transporter
  • 2868 Views
  • 2 replies
  • 0 Likes

Resolved! Site-to-Site VPN question

I'm setting up a site-to-site VPN with static routes, which means the tunnel interface doesn’t need an IP address. But I would like to turn on tunnel monitoring and that does require an IP address on the tunnel interface. My question is does this IP need to be an actual publicly accessible IP or is it just two private IP's I define, both VPN pee...

Bvance by L2 Linker
  • 3902 Views
  • 4 replies
  • 0 Likes

View traffics in Mbits

Hi All, We want to view the traffics in Mbits/sec. We have configured QoS and see the traffics in realtime. Is there any traffics reports in Mbits?..In Graph, I see the traffics in Bytes. Please share any alternative ways..

Javith by L3 Networker
  • 2103 Views
  • 1 replies
  • 0 Likes

Resolved! Custom report question

I have block/continue set on a URL category and I was looking to see if there is a custome report I could build that would show me the users that use the continue password I have set and for which URLs they accessed?

Bvance by L2 Linker
  • 3319 Views
  • 2 replies
  • 0 Likes

DirectPath I/O

I currently have a marathon support case open and support's latest reply includes an internal-only link (I'm pretty sure), so I can't read it. 😞 The release notes for 7.0 specify: "High Availability (HA) Link Monitoring is only supported on VMware ESXi installations that support DirectPath I/O." This is the only mention of DirectPath in the e...

Resolved! Siebel - on PA2020 v.5.0.11 - slow

Hello all,we have recently Siebel 7.8 which is behind the PA2020.The speed working on Siebel is so slow that in some requests freeze the clients.I created a test client which bypasses the PA and siebel runs perfectly.I created an application override with a custom application but the PA would not recognize the application and will not go through...

Global protect and HIP profiles problem

Hi, Lately I´ve been having issues with clients connecting to Global Protect. They pass the HIP match (no warning message is shown when they connect) but still the security policys with the HIP profile doesn´t apply, instead they hit a deny policy. After disconnecting and trying again for a couple of times it suddenly works and the appropriate s...

mgusta by L2 Linker
  • 5045 Views
  • 2 replies
  • 0 Likes

Resolved! Block Google Chrome Update

Hi Community, Is there a way to block Google Chrome update? There aren't any app, signature in the App-List. I've previously configured to block Firefox Update as the App signature in PA, and it was working fine. Did any of you had this need, or created custom app to disable Google Chrome Update? Kind Regards.

VWire and Oracle Database Traffic - Devs are complaining that its slow - Palo Alto 6.1.6

I was wondering if anyone in the community had any experience with implementing Oracle databases and Palo Alto in a VWire environment. Over the weekend we implemented a pair of Active/Active 5060's between the our data center and core. Every other application (AD, File Share, Print, VMWare View, Video, Voice, etc.) seems to be working as norma...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks