This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Active/Active L3 problem with asymmetric routing and NAT

I'm stumped. I've looked through as many pieces of documentation and discussions as I can find and I think I have everything set up correctly, but it's only half working. What I have is two PA-5050s in Active/Active. I have two routers on the outside, each has a L3 connection to both firewalls. I have two routers on the inside, each has a L3 ...

Hybrid whitelist/blacklist Policy

I played around on our lab FW a bit but couldn't get this working. Here are my objectives:- Create a "White List" custom URL category that allows only a handful of web sites. (Working with URL Filtering profile.)- Log all permits (Working. I got this by setting Action to alert)- Create a "Black List" custom URL category that denies a bunch of "n...

Resolved! URL Filtering - Bypass for Level 1-2 Support

Good Afternoon I have a request to look into a way a Level 1 - 2 Support Person can easily bypass a blocked URL. Be it by policy, a custom button on the response page, captive portal, or a combination of whatever might be needed to do so. Has anyone set something like this up? Is it possible? And what would be the best practice or best metho...

Resolved! How many can I create url-filtering profile on 5050?

Hello, I have two questions.1.How many can I create url-filtering profile on 5050? 2. And I have watched as below output of cli on 3020,sylee@PA-3020-uquest(active)> show system state filter cfg.general.max* | match profilecfg.general.max-profile: 150 Is this count including all profiles(AV , AS , Vul , URL , File , Data)?If right, Can I crea...

Wildfire .ace archive support

Does Wildfire support the .ace filetype? I've received messages that should have been filtered that have .ace payloads. The message attachments are clearly malware based on virustotal. The message bodies are classic phishing type attacks. I have all filetypes being sent to Wildfire from our mail gatways but this one doesn't seem to have match...

Drop all packets

I added an exception to a spyware profile to drop all packets and it now says its dropping and allowing the packets how can that be?

jdprovine by L4 Transporter
  • 6174 Views
  • 9 replies
  • 0 Likes

Resolved! New Application vs Application override

Hi all,is there any difference between creating a new application and creating application override policy? as per I understand a new application doesn't required configuring application override policy, and configuring application override policy is required only when you over existing application based on a new port or signature.assume i have ...

Site to Site VPN Double NAT Issue

Hi,We have a branch office connected via site to site vpn, plao alto firewalls at both locations.Due to buiding works the office has been relocated to a shared building and we're having to use a third party's network connection. We've been provided with a public IP address which is then NAT to a 192.x.x.x address which they then route to our fw....

Glicks by L0 Member
  • 4976 Views
  • 2 replies
  • 0 Likes

PBF Logs - How to check if monitor is flapping

Hello All! We are using a PBF with a public IP as monitoring target... We are suspecting this IP is flapping... but we didnt find the correct time that happens... Is there any way to check past logs? or check in real-time any PBF logs and monitor any flap ? thanks in advance!!!

where is my last topic?

Hi Few days ago I created topic on old looking Community. Today I can't find it... The name of topic is "SYSTEM ALERT : critical : Disk usage for / exceeds limit, 96 percent in use, cleaning filesystem " How I can get access to this topic on new Community portal? RegardsSlawek

_slv_ by L4 Transporter
  • 1941 Views
  • 1 replies
  • 0 Likes

Globsl Protect client

My used appparently don't know how to put the portal address in the GP client , is there anyway to modify the install package to automatically put the connection IP in the settings?

jdprovine by L4 Transporter
  • 1837 Views
  • 1 replies
  • 0 Likes

HA and routing/switching/vwire option in a "VSYS" on PA-7050

How does carving up multitple vsys on a pair of PA-7050s with NPC Option 1 (2x40G QSFP + 12x10G SFP+) work, in terms of sharing the dedicated HA1-A/B and HSCI-A/B ports on SMC per vsys for HA1, HA2 and HA3? If you have 5 different vsys (vsys'es) for example and of those 3 vsys are active/passive (reqires HA1 and HA2) while other two are active/...

atp9007 by L0 Member
  • 2178 Views
  • 1 replies
  • 0 Likes

OSPF between virtual routers

Hey all, Is it possible to run OSPF between 2 virtual routers on a single PaloAlto device? Since you need to have an interconnecting interface, I guess you need to have the traffic physically leave the firewall and come back in on another port in the other vr; and then use that interface as routing subnet to talk OSPF. But I was wondering of it ...

mr.linus by L4 Transporter
  • 8988 Views
  • 2 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks