This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Netflow records with zero values for byte and packet counts

I'm running PanOS 5.0.11 on a 5060 and am looking at exporting netflow into SiLK. In the SiLK logs, I'm seeing thousands of messages that look like this:Oct 9 09:37:43 hostname rwflowpack[3470]: IGNORED|111.222.112.13|100.200.195.225|33775|6917|6|0|0|no forward/reverse octets|Digging a little further, I see that SiLK throws that error when the...

How to request Palo Alto to add the Certificates to the trusted CA?

Hi guys,Our staff try to access on website https://webmail.spintel.net.au, but session 'aged out'. If we set that website to bypass decryption, it worked. The certificate was issued by RapidSSL SHA256 CA- G3, but it is not on the trusted CA list. However, its root CA was listed.Is there a process/way to alert Palo Alto to add the Certificates to...

MelLi by L2 Linker
  • 5017 Views
  • 6 replies
  • 0 Likes

Resolved! LOG_LOCAL

What is the idea/reason behind the facility setting for syslog? Is LOG_USER, and LOG_LOCAL0-7 just a method of ID, or is there something more to it? When setting up to send to a syslog server should you aviod using LOG_USER and use LOG_LOCAL(0-7)?

craymond by L4 Transporter
  • 21953 Views
  • 5 replies
  • 0 Likes

most stable panos 6?

Hi,we're planning on upgrading from version 5.0.8 to version 6.x.x. Which version of panos 6 is the most stable?Thanks.

Dynamic Update Issue?

Our library has a Millenium server, the application is millenium-ils.It stopped communicating after APP+Threat release 484 installed.I rolled back to APP+Threat release 482 and it restored communication.This morning APP+Threat release 485 installed and once again the Millenium Server is unreachable.Performed the roll back to 482, and it is wor...

Mikempo by L1 Bithead
  • 4024 Views
  • 4 replies
  • 0 Likes

Threat Prevention best practice ?

Hi Commuity,I'm looking for your tips and hints regarding TP best practices. (hopefully this newbee question is not too bad :smileyconfused:)Let me explain our setup:As a first step to a new IT Security Infrastructure we are running a HA-pair of PA-3050 in an "IPS Mode" behind our current firewalls.From configuration point of view it means that ...

Required: PAN IPSEC Hub best practices for 300 route based IPSEC tunnels

Pan documentation is very weak on large scale mutli-vendor IPSEC hub terminations. Can someone help out and provide best practices, reference architecture, guides, pitfalls or experiences?My design goals: - Separate VSYS - Use dynamic routing for Tunnel Interfaces. (Either OSPF with stub areas to inject default to remote tunnels or ...

Issue with AD integration after OS upgrade.

Hi Friends.i am facing AD integration issue after PAN OS upgrade OS version 6.1.2. The firewall connection with AD server breaks at random and the AD users disappear from the firewall. After a while the firewall connection with AD server gets restored automatically.RegardsSatish

Satish by L4 Transporter
  • 2715 Views
  • 2 replies
  • 0 Likes

Resolved! How to send test email from CLI

Hi,I can send test email from GUI as belowHow can I send same test email by CLI?One of my customer does not allow me to use GUI, so I need to know this test command.I could not find command under 'test' and 'request'Cheers

emr_1 by L5 Sessionator
  • 6789 Views
  • 4 replies
  • 0 Likes

WF-500 Configuration Help.

Dear Friends,I am facing some challenge during the WF-500 configuration. please find the below configurationMGT FW- IP :- 192.168.1.10/26GT- IP :- 192.168.1.2 MGT WF -IP :- 192.168.1.11/26GT :- IP :- 192.168.1.2But problem is that, when we are try to check admin@WF-500> show wildfire last-device-registration all :- status is failed.firewall ...

Satish by L4 Transporter
  • 3078 Views
  • 3 replies
  • 0 Likes

Block Activesync connections for disabled users?

Is there any way to block ActiveSync connections at the FW for disabled users? I have several users that have left the company and their accounts have been disabled, however they still have ActiveSync configured on their mobile devices trying to connect to our CAS server. While they are being denied, the login failures are filling up my logs. ...

Resolved! CNSE Exam Study Guide Rev B - Pass Mark

I am cracking on with study for the CNSE exam but on reading the latest release of the study guide have got a bit confused regarding the pass mark.In the Rev B of the study guide the pass mark is shown as 60% but in the original release it was set at 100 questions in 2.5 hours with a pass mark of 70%.Has it been reduced?The FAQs on the education...

Can 'admin' account be deleted?

1) We have several PA-3020's running 6.0.1 in our organization with only a few admin user accounts which integrated with AD, so audit wants to know if we can delete the generic accounts like "admin" or "panorama"? Any negative implications to doing so?2) We get a different list of users acccounts depending upon whether we use WebUI or CLI. T...

No traffic in traffic log - VM100

Hi Guys,Following on from my last post - Site-to-Site VPN - Palo alto to Cisco Router issue i am experiencing an issue with my PA VM100, there is nothing in the traffic logs....this is running on VMWare workstation 11But there is traffic flowing through the firewall 100%, it is functioning perfectly, with the exception of the lack of traffic log...

how to handle Google SSL traffic?

Hello,I am new to PanOS devices, we recently got PA-200 router which is quite different from classic routers. Long story short - my problem is SSL traffic, I am trying to prioritize our traffic since for now we have only 10Mbit link, we have people working remotely over VPN, we have our own VoIP gateway in office, and there are people who are ac...

Nils by L0 Member
  • 4001 Views
  • 3 replies
  • 1 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks