General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1696 Views
  • 0 replies
  • 0 Likes

IPSEC Phase-1 fails as initiator but not as responder

Hello support community,
I'm using a PAN 3020 A/P cluster on the perimeter running 6.0.9.  At all of my remote sites I have a cisco ASA that uses IPSEC tunnels to connect back to the main network.  The IPSEC tunnel configuration (IKE phase 1, IKE phas

...

dan731028 by L3 Networker
  • 7294 Views
  • 2 replies
  • 0 Likes

Config Backups Explained

Is a KB article out there that explains what each type of config export is and what is included? Looking through our Palo Altos I can see these 6 different config exports...

Named Configuration Snapshot

Candidate Configuration

Configuration Version

Devic

...

jambulo by L4 Transporter
  • 10705 Views
  • 7 replies
  • 0 Likes

Antivirus Decoder Action

I feel silly asking this - wouldn't you want a deny on any decoder where a virus is detected rather than allowing the traffic and just throwing an alert?

GlobalProtect with "Vodafone Mobile Connect"

Hey there,

my colleagues are not able to connect via the HSPA USB Stick "Vodafone Mobile Connect" with our GlobalProtect gateways.

I do not see any error-message on the Firewall, only a successful log in but the client disconnect after ~1 second. Also

...

Error synchronizing config because of Certificate

Hi,

We have a cluster active/Pasive. We have created a certificate signed by external authority with this config:

After creating the certificate we have done a commit and the config failed synchronizing to the passive firewall.

¿The certificates pass th

...

SOC_CSG by L4 Transporter
  • 2400 Views
  • 2 replies
  • 0 Likes

Shared Gateway with multiple virtual routers

Hello,

I currently have my palo alto setup to use two VSYS ( VSYS1 AND VSYS2) each with its own virtual router.

I would like them to use the same interface for outgoing internet traffic which I though I could accomplish with "shared gateways"

My problem

...

riverj30 by L0 Member
  • 4064 Views
  • 3 replies
  • 0 Likes

Resolved! How to Clear Disk Space/reduce disk usage

Hi Friends,panos hshah hsharma HULK Steven Puluka panagent

Please suggest for the same.

i am already check below document and i think, i dont have permission to root access for PAN.

https://live.paloaltonetworks.com/docs/DOC-3772

https://live.paloalton

...

Satish by L4 Transporter
  • 12553 Views
  • 5 replies
  • 0 Likes

TCP Windows scale option

Hi, could someone explain if PanOS is able to consider  the filed "TCP Window Scale Option (WSopt)" ( http://www.ietf.org/rfc/rfc1323.txt?number=1323). when tcp asymmetric-path is disabled (drop)?

I mean that in my experience the firewall drop the pac

...

helpdesk by L1 Bithead
  • 10653 Views
  • 3 replies
  • 0 Likes

How to disable ssl v3 on vpn web page?

scanned the PA webserver we use for our VPN portal with qualys ssl scanner. Got a grade of F. Suggested to disable ....

 

  • Diffie-Hellman (DH) key exchange
  • 512-bit export suites
  • Ssl v2 and v3

how can I go about doing this?

choff123 by L3 Networker
  • 3796 Views
  • 3 replies
  • 0 Likes

Restrict Individual Administrators by Interface or IP

Is there a way to restrict access for specific administrators by interface or IP address? I really thought I'd seen this somewhere, but now I cannot find it in GUI or docs.

Quick explanation of what we want to do. We want to have a sort of backdoor, e

...

cosx by L2 Linker
  • 6739 Views
  • 4 replies
  • 0 Likes

Resolved! PAN-DB categorizing wrong

Hi,

We are expecting problems with PAN-DB. Our firewall in URL-Filtering is categorizing www.lavanguardia.com like category malware instead of NEWS.

Why is this happening??? how can i recategorize a web in PanDB????any troubleshooting with pandb in the

...

SOC_CSG by L4 Transporter
  • 5907 Views
  • 6 replies
  • 0 Likes

Standard Ports on Applications

I was wondering if anyone knew away to add a secondary default
port on an application. For example people in my company access web-browsing on
port 80 normally but there are a number of site that people have to use that
are based on port 8080. Is there

...

murphyj by L2 Linker
  • 2550 Views
  • 3 replies
  • 0 Likes
  • 24217 Posts
  • 117 Subscriptions
Top Liked Authors
Labels