This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Resolved! IPSec VPN with Cisco ASA behind NAT

I'm trying to establish a ipsec VPN tunnel with a Cisco ASA with a peer address behind a NAT fw. We have checked all ike and ipsec crypto parameters, and successfully established vpn with Cisco ASA before.Phase 1 is failing due to time out, and we get a log entry that indicate that the private peer address (which is behind NAT) is "visiblie" to...

arnljot by L1 Bithead
  • 6988 Views
  • 2 replies
  • 0 Likes

question

session closes due to aging out but the traffic shows allow can someone explain to me what is happening

CurtisG by Not applicable
  • 1839 Views
  • 1 replies
  • 0 Likes

Resolved! dynamic block list

The setting for the dynamic blocklist gives you the selection of hourly, daily and weekly at _____. I understand the hourly, daily and weekly increment but at refers to what ?

jdprovine by L4 Transporter
  • 2295 Views
  • 1 replies
  • 0 Likes

PA5050 .configuration backup

Hi All,Could you please provide doc for how to take configuration back up for PA5050.I am planing to upgrade software version .6.0.3 to 6.0.10

KMallela by L2 Linker
  • 3068 Views
  • 2 replies
  • 0 Likes

How to report malware

HiI know that I shuld report by WilDFireportal - I did it many times but now I have a problem.hxxp://www.kazevid.com/kSCdM3iIRbrKlZ contains malware reported as Trojan-SPY/Win32.emotet.qz or Trojan/Win32.vbkrypt.ynhg.This email that contains such link looks like:Please report it if You can.When I tryed report is as a file - wildfire complain tha...

_slv_ by L4 Transporter
  • 3628 Views
  • 1 replies
  • 0 Likes

syslog forwarding

I have everything configured to send syslog information from the palo alto to one of our syslog server. My issue is that none of the security policy IP ranges allows me to send the syslog information for a specific IP address that is going out to the internet at least that I can find. Any ideas would be appreciated

jdprovine by L4 Transporter
  • 8069 Views
  • 14 replies
  • 0 Likes

Many users receiving Captive Portal

Dears,We have been facing a lot of users identified by Captive Portal and not via UIA.Does anyone could suggest any troubleshooting/best practices to avoid this kind of behavior ? Thanks in advance!!

Resolved! Vulnerability assessment question

We're having a vulnerability assessment done, and want to make sure that the IDS/IPS part doesn't disable all attempts from the vendors IP addresses, just the application blocking/service blocking.Can I whitelist the 4 IP addresses and put them in a policy saying that for these addresses, do everything normally besides shutdown all communication...

rivkin by L1 Bithead
  • 8377 Views
  • 12 replies
  • 0 Likes

Resolved! user Id issue with active- active HA

Hello Friends,we have 2 firewall active-active HA mode. same LDAP configuration on both firewall. HA Active primary it working fine but secondary is not working. if primary goes down secondary work as a active, its also working fine. but it will not work when the primary will in working mode. Pan OS 5.0.11 it was working fine for both condition...

Satish by L4 Transporter
  • 7510 Views
  • 4 replies
  • 0 Likes

Layer 3 switch behind Layer 3 PA-3020 interface

So I'm new to my PA-3020 and trying to get beyond my basic config has introduced a new problem for me.I have a Layer 3 Cisco connected to my PA eth 1/2 via a routed interface on the switch. My traffic is all working fine now, but I want to make some changes.All my vlans have IP addresses on my switch, and they route via the switch routing table...

GCA by L1 Bithead
  • 4819 Views
  • 4 replies
  • 0 Likes

Poodle Bits Vulnerability

Looking for some guidance on this. I am seeing a lot of Poodle Bits vulnerability showing up on our threat monitor. Digging into the threat, the first item is always showing our current router (192.168.0.1) followed by two different attacker host from OpenX.org. I am not sure what this is referring to. I understand it is a vulnerability related...

jharlow by L3 Networker
  • 2770 Views
  • 3 replies
  • 0 Likes

Resolved! DNS top applications?

I recently installed a PA-500 on our network. Currently it is in virtual mode as I start to understand how to configure the device. One of the things I have noticed is that consistently, DNS is the number 1 application. Second is web-browsing. Just in the past hour, 27.7k sessions for dns and 24.1k for web. Is this typical? We house our own...

jharlow by L3 Networker
  • 5807 Views
  • 2 replies
  • 1 Likes

GUI Bug: Dynamic Source NAT

Hi All,Looks like there is a minor GUI bug in the NAT policy section of Panorama. Do you all see the same thing?Objects:NameAddressEXT_FW_192.168.0.1192.168.0.1/24EXT_FW_5.5.5.15.5.5.1/24EXT_FW_10.0.0.110.0.0.1/24NAT Rule:Translated PacketType = Dynamic IP And PortAddress Type = Translated AddressTranslated Address = EXT_FW_5.5.5.1The section o...

  • 24335 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks