This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4230 Views
  • 0 replies
  • 0 Likes

Resolved! Panorama Commits--what actually happens when I commit to a device-group?

What happens when I push a policy from Panorama to a device-group firewall? Does Panorama always push the entire configuration file, or does it first perform a 'diff,' and only push the changes? If it performs a diff, what is the underlying mechanism it uses to track the changes? Is it some sort of table of rule hashes, etc? It seems pretty ...

mgentile by L2 Linker
  • 10134 Views
  • 7 replies
  • 0 Likes

Applications and Threats auto-update issue

I have an issue where all of my definitions auto-update with the exception of Applications and Threats.Previously, I had Applications and Threats set to download only. About a month ago I changed it to also install. Since that time, I've still had to manually install updates to Applications and Threats. I've committed many times since this...

EdwinD by L3 Networker
  • 5759 Views
  • 4 replies
  • 1 Likes

Tips to improve mgnt tasks in a PA-2020

Hello Everyone,Does anybody knows any tips to improve mgnt tasks (policy changes, monitors checks, commits... etc etc) in a slow box PA2020?I am working w/ this model since november 2013 and I am facing so many problems w/ slow response during management....My box do:- User identification from external agent- URL filtering by bright cloud- Aroun...

Google-Earth app issue

Hello Friends,we have to allow only Google-Earth app for specific group of users but as SSL,web-browsing are its Dependent Application and need to allow as well, once allowing users also able to use yahoo , rediff and other urlswe have to control that, suggest how?RegardsSatish

Satish by L4 Transporter
  • 3412 Views
  • 1 replies
  • 0 Likes

Different severity WebUI-Traps

Hi, we have had this vulnerability (ANGLER Exploit Kit Detection (37796) in our LAN, and we realised that PA classified this vulneratibility in the WebUI with severity CRITICAL but in the traps and syslog that we received the severity for this vulnerability is High.Why PA classified this vulnerability with a critical severity in Webui but sen...

SOC_CSG by L4 Transporter
  • 2869 Views
  • 1 replies
  • 1 Likes

Check_mk Package for snmp statistics

HelloCurrently I use the standard snmp statistics in my monitoring tool check_mk:And for Sessions I use this packages Check_MK Exchange - Mathias KettnerI'm looking for a package to monitor the firewall throughput, threat prevention throughput and IPSec throughput.And also for the Management and Data Plane CPU.Has somebody done this?Regards

Anyone integrating 3rd party threat intelligence/malicious IP feeds into Dynamic Block Lists?

I'd love to integrate lists of known malicious IPs like those in the links below into dynamic block lists, but I'm worried about overblocking or a bad feed hosing us. Has anyone used feeds similar to the ones below, either free or paid? What was your experience?http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txthttp://malc0de.com/b...

RyanF by L2 Linker
  • 15838 Views
  • 9 replies
  • 1 Likes

Upgraded from 6.1.4 to 7.0 VOIP unable to receive external Calls

Good Day,We recently upgraded from 6.1.4 to 7.0 prior to the upgrade all of the remote VOIP phones operated properly, however after the upgrade we were no longer able to receive external calls from anyone. IP phone to IP phone work fine but not able to receive calls off the network. Has anyone encounter this issue? Does 7.0 process the call setu...

2 Factor with Palo Alto, best solution?

What does everyone have setup as far as 2 factor goes?I have a consultant here and we're thinking about going to the Microsoft MFA server route. Seems ok but not very flexible for things other than VPN.Any feedback on other solutions would be appreciated. I was hoping to get all external client VPN using 2 factor, next I would like to have 2 fac...

choff123 by L3 Networker
  • 4393 Views
  • 3 replies
  • 0 Likes

How can I configure Global Protect for on-demand as well as pre-logon

Hello,I have a scenario whereby I need to offer an on-demand VPN solution to untrusted endpoints as well as an always-on solution for my trusted endpoints. Running through guides I have been able to run a pre-logon VPN that has successfully allowed me to authenticate the workstation then make use of User-ID to identify and allow users into the n...

mwhite by Not applicable
  • 10795 Views
  • 8 replies
  • 0 Likes

PA error '"useridd - virtual memory limit exceeded, restarting"'

Hi,I have a cluster A/P of PA3020, PanOS 6.0.5. Im having this error in Monitor-Log-System: '"useridd - virtual memory limit exceeded, restarting"Im not feeling any strange behaviour in Palo Alto, i dont know if this error should produce any impact.........what this critical error does???? how to solve it???thanks

SOC_CSG by L4 Transporter
  • 3475 Views
  • 1 replies
  • 0 Likes

About Minimum Password Complexity

Hello,I have questions about Minimum Password Complexity.If "minimum length" is set to some value, all accounts of administrator and local-DB are limited by this value of minimum length.But if "Require Password Change on First Login" is set to enable, only accounts of administrator are limited by it not local-DB. Is it right?If yes,Does "Passwor...

Wildfire question

Hello, I have a general question about wildfire. We would like to have wildfire inspect email attachments and send suspect files to WF for scan and remediation. My question is....how does this work? Does the firewall hold the email and wait for a fix from wildfire before forwarding the email? If it does hold the email, what sort of delay does th...

PA-500 isn't allowing some Google services (Play store, calendar sync, etc.)

Pardon the noob query or lack of actual technical knowledge in our PA-500 but I've been asked by my supervisor to see what might be blocking some Google services/apps on our new PA-500. I've tried to monitor the IP address (my personal cell phone) and gain some insight via the monitor tab and the traffic and url filtering components of this moni...

kirkc by Not applicable
  • 5738 Views
  • 5 replies
  • 1 Likes

Migration Tool 3: Missing Checkpoint NAT Rules

Hi All,I found an interesting problem while migrating a firewall policy from a Checkpoint system. Has anyone seen this problem before? Checkpoint NAT:Checkpoint has a special kind of NAT that you can configure on an object I'm going to call the "Automatic Hide NAT Gateway". You configure a private address object and then bind the NAT to that ...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks