This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

OSPF between virtual routers

Hey all, Is it possible to run OSPF between 2 virtual routers on a single PaloAlto device? Since you need to have an interconnecting interface, I guess you need to have the traffic physically leave the firewall and come back in on another port in the other vr; and then use that interface as routing subnet to talk OSPF. But I was wondering of it ...

mr.linus by L4 Transporter
  • 8995 Views
  • 2 replies
  • 0 Likes

Commit takes too much time

Hello I have a pair or 2 pan-2050 and it takes to much time to perform a commit, the last change made was incluiding a url in the white-list profileEnqueued ID Type Status Result Completed --------------------------------------------------------------------------2015/08/05 12:40:40 3533 Commit ...

SOC_CSG by L4 Transporter
  • 7920 Views
  • 5 replies
  • 0 Likes

Resolved! OSPF Adjacency Issues when enable ECMP on version 7.0.1

Hi all, We enabled OSPF between our ASR routers and PA 5020. we can see our neibours with the advertized default route but as soon as we enable ECMP to use equal cost we lose the adjencency. we ran the packet capture and realized that PA external interface doesnt allow MTU more than 1482 as we add it manually and it's working. is anyone tested E...

Resolved! VM100 L3 subinterfaces cannot forward traffic

Hello to everyone,recently I installed new VM100 on ESXi 5.0 infrastructure, but during initial configuration I noticed that L3 subinterfaces cannot forward any traffic, even I configured virtual router and policy with permit all-any statement between two sub's (zones). On VMware side on distributed switch I created trunk portgroup with 2 vlan'...

Tician by L3 Networker
  • 12418 Views
  • 14 replies
  • 0 Likes

Question about threat logs - Type wildfire-virus

Hi all, just wondering why I see in our threat logs entries with the type wildfire-virus only for the application smtp... (I would like to post some screenshots, but I cant find the upload button?) What is the type wildfire-virus standing for? And where can I enable it for other applications as well?

Hithead by L4 Transporter
  • 9014 Views
  • 4 replies
  • 1 Likes

Resolved! How to block malware coming over VPN

Last week we had an internal user that was infected with CryptoLocker. Our users get through GPO network drives and also some of the files on these drivers were infected. We could disinfect the system and the files and we generated a GPO so no malware can be run from %appdata% and we also did some other changes. The only thing I'm afraid about i...

ZEBIT by L3 Networker
  • 3271 Views
  • 1 replies
  • 0 Likes

Resolved! How to make Windows / Cisco / PA network secure?

We have several GPO running on our clients to make the network secure as possible. Also the clients and severs are running in different VLAN. But which other configuration changes to I need todo to make the network secure?Maybe use NPS but what are the condition I need to make? Thanks in advance

ZEBIT by L3 Networker
  • 2393 Views
  • 1 replies
  • 0 Likes

Sinkhole Feature Trouble

We implemented the DNS Sinkhole feature about the time 6.0 came out. I've actually had a hard time using the threat and traffic logs for incident response. We can't pinpoint which hosts are hitting what URLs or malicious domains. The threat logs show all the suspicious DNS queries that come from our DNS servers but not the hosts themselves (beca...

How Does DNS Sinkholing Work?

Can anybody offer a detailed explanation of how DNS Sinkholing works and possibly a real world example of it?I can only find this documenation: How to Configure DNS Sinkholing on PAN-OS 6.0 and it doesn't provide a lot of details on how it works.It seems like the DNS request is allowed but when traffic starts to flow the firewall notices the des...

Can't get syslog to work via data port

Hello folks, Maybe someone has seen this before. I've got my syslog profile, log forwarding and policy setup the way they should be configured but the only exception is that I'm using a data port and UDP 1514. I've configured a service route and also allowed the syslog server on my interface management profile. The connection between the firewal...

x by L1 Bithead
  • 2979 Views
  • 1 replies
  • 0 Likes

Resolved! Configuring a port for a dedicated WAN link.

I recently ordered a 1GBPS dedicated fiber connection between my primary site and DR site. The ISP doesn't assign me an IP address or anything and says it is just a layer 2 connection. So I am a bit confused on how to configure my PA 3020s(one at each location). I have installed an sfp module from PA into each side but they are not coming up....

Mogus742 by L0 Member
  • 3333 Views
  • 1 replies
  • 0 Likes

critical severity default action alert

I am trying to understand the meaning of the default critical vulnerability action "Alert". This question was brought up by management who gets the PAN Content Update email and I want to give them an accurate answer. For example, Adobe Flash Player Memory Corruption ID 38112 is rated as critical and, as most critical vulnerabilities, the default...

Resolved! Baseline Procedure for DOS Prevention

Hello everyone,I was looking at setting up the DOS profile/protections on a PA-3020. I obviously need to baseline the traffic/system and was curious if there areany docs, Perhaps hidden, that would help me in this.Essentially I will need to grab stats. I realize Cacti can do this, but my customer does not have any available tools. : (thank you...

dbrenipc by L3 Networker
  • 4265 Views
  • 2 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks