This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4231 Views
  • 0 replies
  • 0 Likes

Resolved! Panorama doubts.

It is possible to edit a rule placed on the firewall through the panorama, because I can not edit rules coming panorama, directly on the firewall.

How to drop new SSL sessions when limit is reached in 6.1.X?

We'd like to drop any new SSL sessions if the system has reached the SSL Decrypted Session Limit.This page, How to Implement and Test SSL Decryption, says to run:> set deviceconfig setting ssl-decrypt deny-setup-failure yesbut it doesn't seem to be there in version 6.1.4In the Web UI, there is an option under when creating a Decryption Profil...

eugenep by L3 Networker
  • 4047 Views
  • 4 replies
  • 0 Likes

How to Avoid Remote SSH Scan

HelloI have a lot of events "deny" followed by other "allow"; All of these to port 22 (SSH) from remote host to several IP(s) in my Untrust and DMZ Zone.<14>Jun 24 04:01:17 fw2orgt 1,2015/06/24 04:01:16,0003C102047,TRAFFIC,drop,0,2015/06/24 04:01:16,46.228.199.253,213.0.58.124,0.0.0.0,0.0.0.0,rule76,,,not-applicable,vsys1,Untrust,Untrust,e...

SOC_CSG by L4 Transporter
  • 4433 Views
  • 1 replies
  • 0 Likes

Local user passwords problems with GP after upgrade PAN OS

Hi, I've just migrate from PAN OS 5.0.10 to 6.0.7 and GlobalProtect users have got problems with login. They had the password saved on their GP agent, but connection was refused and users were blocked due to intensive login attempts. We're using local users. It seems like users who couln't login are those with same string as user and password. I...

ACortes by L2 Linker
  • 2990 Views
  • 3 replies
  • 0 Likes

Resolved! Reset an interface to initial state of Not configured

Hi,just starting up with my first PaloAlto device, and have a simple question for which I don't seem to find a solution in the documentation. By default, the interfaces of a new firewall are are unconfigured, i.e. the GUI shows their status as "not configured and down". However, if any change of config is made, it seems to be impossible to get t...

itsup by L2 Linker
  • 11370 Views
  • 5 replies
  • 0 Likes

Resolved! ECMP

Hi - is it possible to do ECMP (equal cost multi-path routing) using static routes? If not - is it possible to achieve ECMP using OSPF on the PA4050. We have a need to load balance the default route out of a PA4050 over multiple L3 gig interfaces (the customers current solution support ECMP with static routes). Many thanks.

fmd by L3 Networker
  • 7153 Views
  • 6 replies
  • 0 Likes

PA blocks spyware - identify compromised computer

Hi there,we're running the following setup:trusted zone | DC zone | InternetClient/Proxy/some old DNS Server| DNS Server| InternetI see that the PA is blocking malware traffic (app DNS). But the attacker is either the proxy, asking the DNS in the DC zone, or the old DNS server, asking DNS servers in the Internet.Unforunately that way I don't get...

Resolved! is it support ECMP protocol ??

Hi all.Is it support ECMP protocol from PAN??I can’t find whether ecmp protocol support from datasheet and knowledge base. does PA has any other similar protocol if not support ecmp?? Please refer to below URL for ECMP.http://en.wikipedia.org/wiki/Equal-cost_multi-path_routingRegards,Eugene

willstech by L3 Networker
  • 3763 Views
  • 4 replies
  • 0 Likes

802.1q tagged sub-interfaces on PA-500 v6.1 not working

I'm trying to consolidate multiple Layer3 interfaces into a single Layer3 interface using subinterfaces and VLAN tagging, but it's not working.I'm hoping someone can point out the error in my configuration.The current working configuration:FIREWALLethernet1/2 - 192.168.102.254, untagged, zone 102ethernet1/3 - 192.168.103.254, untagged, zone 103e...

Gp Configuration

Hello Friends,We want to configure our Remote VPN (Global Protect ) on two ISP and we should be able to manually switch the gateway at client end and no Lic is required for that?. Please suggest.RegardsSatish

Satish by L4 Transporter
  • 5046 Views
  • 5 replies
  • 0 Likes

HTTP Header - Logging NTLM Username

My PA firewall inspects traffic between my users and proxy server. The proxy server provides NTLM authentication. Is there a way of logging the NTLM authenticated username within the http headers?

ASCIT by L2 Linker
  • 5538 Views
  • 6 replies
  • 0 Likes

Replace a device (s/n) in Panorama Policy with an RMA s/n

Hello - Wondering if anyone has come across this issue. We recently had to RMA one of our firewalls and we have a fairly extensive / complicated policy set in Panorama which consists of the following:Shared Pre Rules targeted to specific firewalls Device Group Pre rules targeted to specific firewalls Device Group Post rules targeted to ...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks