This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

we are not getting URL in syslogs, is there any way to URL in syslogs?

<190>Mar 31 08:52:56 XXXX-firewall-name 1,2015/03/31 08:52:55,001606005137,TRAFFIC,end,1,2015/03/31 08:52:55,source_ip,,destination_ip,trust-untrust-web-services,,,paloalto-wildfire-cloud,vsys1,trust,untrust,ethernet1/1,ethernet1/3,Log_Forward,2015/03/31 08:52:55,57030,1,42349,443,45974,443,0x400053,tcp,allow,2319,1200,1119,20,2015/03/31 0...

Category explanations

I'm working to identify a few categories and what they mean. I looked in the online help and all it did was list the categories. Is there a document that gives more information about what content filtering categories are for? Specifically i'm trying to find out the difference between unknown and not-resolved? How are they used in PA?

240GB Raid SSD Upgrade

Hey guys, we are upgrading our PA-5050s drives from a single 120GB SSD to two 240GB SSDs and I was wondering how long this will take? I assume it will be pretty quick since we are installing two identical fresh 240GB drives but I wasn't sure how long it takes to build the raid and bootup after this. I can't find much in the install docs and I am...

HA Widget Showing Anti-virus Mismatch

My HA widget on my Active/Passive cluster is showing that the Anti-Virus versions are mismatched but they aren't. Refreshing the widget doesn't help. The General Information widget on both 5020s is reporting correctly at version 1555-2030 (05/21/15) but hovering over the HA widget mismatch icon shows the passive firewall at at older revision (t...

epeeler by L2 Linker
  • 2947 Views
  • 1 replies
  • 0 Likes

Resolved! multiple virtual routers sharing one internet connection

I have a firewall running in layer-3 mode. I've got multiple separate virtual routers on the inside, there is no overlapping address space in any of these. I need all of these to share one outside internet connection. I'd like to do it without static routes (other than the main default to the outside).Right now I have the outside virtual rout...

Authentication profiles

I am trying to create different globalprotect access. so I want to give access by security groups. When I search for the Users group in AD to add security groups from that they do not show up and I don't know why.

jdprovine by L4 Transporter
  • 3487 Views
  • 4 replies
  • 0 Likes

Self destruct check mark for policies and schedules

A feature I would like to see in the future is a check mark to wipe a rule. Example: I have to setup rules that are good for a single time for particular users after which the rules is no longer necessary.It would be a nice option to be able to have the rule remove itself once the schedule has expired. ThanksBob

BobW by L4 Transporter
  • 3489 Views
  • 2 replies
  • 0 Likes

PAN-DB download: Failed.

Hello I get this error message from the passive Firewall in HA Mode. I verify in "Service options" that the "management interface" is in use. From CLI I can reach "s0000.urlcloud.paloaltonetworks.com"ES2PA5050FW02(passive)> ping host s0000.urlcloud.paloaltonetworks.comPING s0000.urlcloud.paloaltonetworks.com (50.18.116.114) 56(84) bytes of da...

SOC_CSG by L4 Transporter
  • 5769 Views
  • 6 replies
  • 0 Likes

Resolved! Cisco VPN Client Timeout

Hello,we are using Cisco VPN Clients to connect to our Palo Alto Network Device, it works like a charm, but the user are logged out after one hour.The timeout for Login Lifetime is set to 30 day, and the Idle Timeout is set to 8 hours.Any suggestion?Jörg

Statefull or not statefull

We recently purchase pa3020s for mainly application control reason and put them behind cisco ASAs. I set up trust-to -untrust policy which applies to outbound internet traffic. I denied unwanted apps and allowed rest using user group mapping. that is all working fine and users can access internet with no problem.. well, last week, I tried t...

awarsame by L1 Bithead
  • 10954 Views
  • 13 replies
  • 0 Likes

globalprotect client for android

I have the globalprotect client installed and working for pc's but I downloaded and installed the client on my android and it looks like it is trying to connect or is connecting then it pops up my username and password box again. I checked the traffic logs and the system logs on the PA and it says it authenticates successfully and there are no d...

jdprovine by L4 Transporter
  • 3562 Views
  • 5 replies
  • 0 Likes

Globalprotect vpn access permissions

I want to give different access permission to different group when they access the network using the globalprotect vpn client. I have it configured but its now allowing me to pick the specific group that I want the access for

jdprovine by L4 Transporter
  • 8205 Views
  • 9 replies
  • 0 Likes

URL Filter Question

Does PA not do DNS lookups on URL filtering? We have an FQDN being blocked as malware, but the site can be accessed if the IP address is used.thx//moe

packet (5) shorter than isakmp header size. - LINUX Clients

Hi,We configured remote vpn access in our PA-3020, and we are experiencing some issues with Linux clients. People who are using Global-Protect client work fine, but people who use vpnc client suffer service disruption in SSH or using GIT repositories.The logs that we have in the system shows this: 'packet (5) shorter than isakmp header size.' D...

ecardona by L1 Bithead
  • 9776 Views
  • 8 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks