This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Resolved! SSL decryption using incorrect security policy

Hello all,I am testing out SSL decryption on a few categories. For now I am using a system generated certificate and it works in decrypting the categories I have selected. The problem is that once it is decrypted, it doesn't use the proper security policy. We have AD integration and URL filtering set up between certain groups. My user ID has...

ClintL by L2 Linker
  • 5721 Views
  • 4 replies
  • 0 Likes

Resolved! scheduled app-update does not download according to schedule

hi,am facing a weird issue my app+threat update did not update since 489-2600, nothing changed connectivity exist i tried manually to download from the gui it worked perfectly, even yesterday update is been missed for some reason.although the logs show it contaced the updates.paloaltonetworks.com with no issue but still not downloaded.any hint o...

Palo Alto BotNet Reports

Hi!I've got a question about BotNet reports available on Palo Alto firewalls. Maybe someone has an experience on how accurate they are, what logic they are using and how to better tune them to display more precise information?At this point I have all default settings configured. But I have noticed that some of the web sites categorized by Palo A...

IPSEC Phase-1 fails as initiator but not as responder

Hello support community,I'm using a PAN 3020 A/P cluster on the perimeter running 6.0.9. At all of my remote sites I have a cisco ASA that uses IPSEC tunnels to connect back to the main network. The IPSEC tunnel configuration (IKE phase 1, IKE phase 2, and peer IDs) are consistent across my remote sites (best to my knowledge). Out of my 8 IPS...

dan731028 by L3 Networker
  • 8583 Views
  • 2 replies
  • 0 Likes

Config Backups Explained

Is a KB article out there that explains what each type of config export is and what is included? Looking through our Palo Altos I can see these 6 different config exports...Named Configuration SnapshotCandidate ConfigurationConfiguration VersionDevice State(Panorama)Scheduled Config Export(Panorama)Panorama and Devices Config Bundle

jambulo by L4 Transporter
  • 12447 Views
  • 7 replies
  • 0 Likes

Antivirus Decoder Action

I feel silly asking this - wouldn't you want a deny on any decoder where a virus is detected rather than allowing the traffic and just throwing an alert?

GlobalProtect with "Vodafone Mobile Connect"

Hey there,my colleagues are not able to connect via the HSPA USB Stick "Vodafone Mobile Connect" with our GlobalProtect gateways.I do not see any error-message on the Firewall, only a successful log in but the client disconnect after ~1 second. Also I do not see a useful hint in the log files of the GP-Client.I tried it with a LTE/4G mobile Wifi...

Error synchronizing config because of Certificate

Hi,We have a cluster active/Pasive. We have created a certificate signed by external authority with this config:After creating the certificate we have done a commit and the config failed synchronizing to the passive firewall.¿The certificates pass through HA to the passive firewall or i would have to export this create certificate to the passive...

SOC_CSG by L4 Transporter
  • 2597 Views
  • 2 replies
  • 0 Likes

Shared Gateway with multiple virtual routers

Hello,I currently have my palo alto setup to use two VSYS ( VSYS1 AND VSYS2) each with its own virtual router.I would like them to use the same interface for outgoing internet traffic which I though I could accomplish with "shared gateways"My problem is:The interface I select to use for the shared gateway configuration does not appear when tryin...

riverj30 by L0 Member
  • 4486 Views
  • 3 replies
  • 0 Likes

Resolved! How to Clear Disk Space/reduce disk usage

Hi Friends,panos hshah hsharma HULK Steven Puluka panagent Please suggest for the same. i am already check below document and i think, i dont have permission to root access for PAN.https://live.paloaltonetworks.com/docs/DOC-3772https://live.paloaltonetworks.com/message/31894#31894RegardsSatish

Satish by L4 Transporter
  • 13347 Views
  • 5 replies
  • 0 Likes

TCP Windows scale option

Hi, could someone explain if PanOS is able to consider the filed "TCP Window Scale Option (WSopt)" ( http://www.ietf.org/rfc/rfc1323.txt?number=1323). when tcp asymmetric-path is disabled (drop)?I mean that in my experience the firewall drop the packet as "oow - out of window" even if it not should be dropped if we consider "calculated windows ...

helpdesk by L1 Bithead
  • 11519 Views
  • 3 replies
  • 0 Likes

How to disable ssl v3 on vpn web page?

scanned the PA webserver we use for our VPN portal with qualys ssl scanner. Got a grade of F. Suggested to disable .... Diffie-Hellman (DH) key exchange512-bit export suitesSsl v2 and v3 how can I go about doing this?

choff123 by L3 Networker
  • 4198 Views
  • 3 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks