This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

Inspection of 'http-proxy' traffic

My instinct when I read my own title is to tell me to block the app-id type http-proxy as I can't see inside it and it shouldn't be on my network.However, I have a requirement, mostly due to legacy infrastructure, where all the traffic passing through my PA firewall will effectively terminate on a proxy server (probably bluecoat) further down th...

loki by L1 Bithead
  • 7114 Views
  • 4 replies
  • 1 Likes

Can Palo Alto be used as a reverse proxy?

We have this scenario that Palo Alto will receive the inbound mail then will be pass to the PMX server(pure message) going to the exchange server. After going to the exchange server, it must be forwarded to the FW but the problem is that the Core Switch doesn't have a default route configured. Is there any way that Palo Alto can receive the mail...

TSPI by L1 Bithead
  • 15130 Views
  • 4 replies
  • 0 Likes

Resolved! LACP from PA to Juniper Switching

Got an odd issue I was hoping someone may have seen.PA 500 setting up a 4 port LACP bond to juniper switches. Running PanOS 6.1.2Setup the LACP bond on both ends, LACP would not negotiate. Spent many hours wtf’ing, couldn’t find anything odd anywhere, other LACP bonds we’ve setup previously work perfectly.Eventually looking at other config snipp...

Resolved! Unable to manually upload dynamic content

Hello,I am currently working on a new PA-3020 deployment. The device has been delivered with old PanOS 5.0.6 release. Also I would like to upgrade it to last PanOS 6.0.x release before going ahead with configuration.The device has currently no access to Internet, also I have to manually upgrade the device. In order to achieve this, I firstly hav...

ldormond by L3 Networker
  • 6522 Views
  • 2 replies
  • 0 Likes

Resolved! Secure LDAP Policy Rule Setup

Hello.I am trying to setup an application policy rule to allow secure LDAP from our hosting company back to our internal domain controller running MS AD. I have the appropriate NAT statement setup.If you look in the log screenshot above, you'll see that the first entry is being denied. For my list of allowed applications in that rule, I have a...

dannon by L3 Networker
  • 12996 Views
  • 2 replies
  • 0 Likes

Resolved! User-ID Agent Errors on Domain Controllers

I'm getting the following error showing up in event viewer on our Windows domain controller. We have 4 DC total that have the the user-id agent installed.As you can see, I am getting a lot of these error. The IP in question is one from our BYOD subnet, meaning it could be a end-user personal device. Most of the IPs in the error logs are from ...

dannon by L3 Networker
  • 7977 Views
  • 3 replies
  • 0 Likes

Certificate failed to load

Hi all,We have two PA-4060 in active/passive mode with PAN-OS 4.1.12 (I know, old..).Yesterday, after rebooting passive device auto commit failed with:Error: Certificate 'XYZ' failed to load: failed to parse keyand device went to not-ready state.After deleting problematic certificate and with commit force device become functional again.We then t...

ISSUE WITH GLOBAL PROTECT

We have configured One VR-1 onlyEthernet 1/1 is a WAN interfaceEthernet 1/2 is a WAN interfaceEthernet 1/3 is a WAN interfaceEthernet 1/4 is a LAN interfaceWe’ve created ETH1-ZONE for Ethernet 1/1ETH2-ZONE for Ethernet 1/2ETH3-ZONE for Ethernet 1/3ETH4-ZONE for Ethernet 1/4VP –ZONE for all the tunnels (used for remote connection site with site-1...

En modo mantenimiento no me deja hacerle un factory reset, me aparece typeerror: unpack-sequence

Traceback (most recent call last):vigate, ENTER=Select, ESC=Back File "/usr/local/bin/mrt", line 192, in ? main(sys.argv[1:]) File "/usr/local/bin/mrt", line 187, in main m.main() File "/usr/lib/python2.4/site-packages/mrt/ui.py", line 4330, in main self.ui.run_wrapper(self.run) File "/usr/lib/python2.4/site-packages/urwid/curses_...

cgaona by Not applicable
  • 2438 Views
  • 1 replies
  • 0 Likes

Can PA be possible for content inspection after ssh decryption?

Hello,Can PA be possible for content inspection after ssh decryption?I looked the below document.Details on Port Forwarding Inside SSHThis document mentioned the following comment."Content and threat inspection is not done on the SSH tunnel session"I don't know that It means whether only 'ssh-tunnel' application or both 'ssh' & "ssh-tunnel' ...

schong by L0 Member
  • 2577 Views
  • 1 replies
  • 0 Likes

What happens if Dynamic Block List server is inaccessible?

If we are retrieving a list of IP's via Dynamic Block List to Allow and/or Deny traffic, what would happen if the web server hosting the .txt file is inaccessible during a refresh? Would the DBL object lose all of the IP addresses and render the rule using it useless?

jambulo by L4 Transporter
  • 3691 Views
  • 3 replies
  • 0 Likes
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks