This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Unable to boot PA-200

Hello,wondering if anyone is able to assit how to fix this issue. I am unable to boot PA-200 into normal operation.Nothng is happenig after reload; it sits on console and not turning on a login prompt. Appreciate your asisstance. Skipping PCIe port 0 BIST, reset not done. (port not configured)Skipping PCIe port 1 BIST, reset not done. (port ...

Resolved! Imported Check Point config shows objects and nats, but no rules - Migration tool v3.1.1

I'm importing a Check Point config into the Migration tool, v3.1.1 I see the imported objects and nat's ok, but the rules page is empty and says "no data to display" in the bottom right. I chose the files objects_5_0.C, rulebasename.pf, rulebases_5_0.fws, and the routes.txt (output of netstat -nr).I've tried it with Option A both checked and unc...

ksalustro by L3 Networker
  • 5878 Views
  • 2 replies
  • 1 Likes

Using expect script to automate building firewall templates in Panorama

Hi Community, I have been struggling with this for weeks, and have tried various means, including setting the Panorama CLI parameters. However, I always get random results, which ends up either the cmdline was entered prematurely or truncated. A support ticket was logged but proved to less than helpful, as the answer given was to lessen the numb...

benson by L0 Member
  • 5013 Views
  • 2 replies
  • 0 Likes

What is the "Any" URL Filter Category

I am seeing a handlful of Blocked URLs, with a Category of "Any". Just wondering what that is and why I might be getting them. Is it the same as "Unknown"? I do not have a URL Filter Category named Any. Thanks

BillTito by L0 Member
  • 4059 Views
  • 3 replies
  • 0 Likes

Integrated User-ID Agent vs. Windows Service?

We're running 5.1 right now and plan on upgrading to 6.1 over the next couple of days.Historically we've used the Windows User Agent on two of our domain controllers, but today I switched to the on-board Integrated User-ID Agent and set it up, and other than a noticeable increase in CPU load on the domain controllers, everything is working great...

Is SSL decryption will increase the number of sessions?

Hi Team, My doubt is that,..doing SSL decryption will increase the number of sessions?example : if i access gmail there will be one tunnel established to the server (gmail) inside which text chat, video chat, other apps will be there.Now if i enable SSL decryption will it increase the number of sessions as now it can see each and every activity ...

Gururaj by L4 Transporter
  • 3445 Views
  • 3 replies
  • 0 Likes

Resolved! URL filtering

Who is using URL filtering? Is it worth the added cost? Is there any way to do it without the license?

jdprovine by L4 Transporter
  • 5451 Views
  • 8 replies
  • 0 Likes

Global Protect not connecting

Hi Community,For the past 2 days PA's globalProtect is really becoming a headache for me. PA is becoming pain for me on these days.It won't connect, stated as not connected, sometimes it stuck at "Connecting", and if that's the lucky hour, it will connect once or twice. I've tested it on so many computers, restarting the pc, uninstalling GP, and...

Resolved! DNS sinkhole log action ons DNS rule

https://live.paloaltonetworks.com/t5/Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891 explains how to configure DNS Sinkholing.In step 3 the anti-spyware profile is added to the security rule that allows DNS traffic. Does logging (at session end) need to be enabled on that rule for sinkholing to work ?Or does it only have to be enabled on the r...

dieter_b by L4 Transporter
  • 9432 Views
  • 11 replies
  • 0 Likes

Resolved! Best Practice for insufficient-data

Hi all, What are you doing with traffic identify as "insufficient-data"?I know we are supposed to do pcap and trying to identify if then create custom app but ... on real life 🙂 Although you have created a rule for denying all, insufficient-data still go through the firewall (like "unknown" traffic) inbound and outbound !! Most of this traffic ...

rule.png
log
VinceM by L5 Sessionator
  • 34183 Views
  • 3 replies
  • 0 Likes

Except Specific IPs from port scan detection / Zone Protection

I have a highly regulated environment with multiple internal security zones. We need to be able to run our vulnerability scanning solution against servers in separate zones on a routine basis.It was simple to exempt the scanner's IP from the Threat Prevention stuff (created a new security profile group which alerts on everything instead of block...

SDorsey by L4 Transporter
  • 14306 Views
  • 13 replies
  • 0 Likes

NAT DIPP fallbacks

Hi thereIm seeing NAT DIPP fallbacks quite a lot relating to a NAT rule, theres does not appear anything not working so im wondering if its somehting that im not noticing work. Ocasionally it feels more sluggish that it should when browsing web pages but thats about the only thing. There only one nat on the firewalls its set to fall back to an...

Resolved! PANOS6.0.5 Inbuilt CA can't generate a certificate with UPN (user principal name) attribute?

PANOS 6.05 inbuilt PAN certificate authority doesnt seem to have the ability to generate a certificate with subjectalternate value for UPN (user principal name e.g user@domain.local ). This is the standard way that Microsoft embeds usernames (UPN format) into certificates, On PAN CA generated certificates you could set the username/samaccountn...

CMG by L2 Linker
  • 2642 Views
  • 1 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks