This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Resolved! Global Protect

Does global protect log the user off automatically if the session is inactive? Also I was able to login without using any credentials, is that suppose to happen?

infotech by L4 Transporter
  • 4537 Views
  • 4 replies
  • 0 Likes

Resolved! FQDN Address Objects Not Resolving - PANOS 6

I have a few different clients with the same issue.I have some FQDN address objects and I assign a TAG to each of those objects. Then I create a Dynamic address object group which contains address objects with that tag. Then I add the dynamic group to a policy.Traffic is not matching on that policy; it is matching on explicit deny rule.If I run ...

SDorsey by L4 Transporter
  • 5363 Views
  • 7 replies
  • 0 Likes

PBR Monitoring

Hi,In Forwarding tab under PBR forwarding rule, what interface usually Ping or monitor the IP Address in Monitor option?Thanks,MBS

Resolved! wildfire-upload-fail

Looking to find out more about wildfire-upload-fail. Has anyone had any of these and if so were you able to determine the root cause?

lewis by L4 Transporter
  • 9722 Views
  • 13 replies
  • 0 Likes

UserID connecting-disconnecting

Hi, im having problem accesing to my PA (i think because of UserID). If i try with local user its ok but with my LDAP user is not working. The users cant access via VPN neither.I can see a lot of events about "connect-agent" and suddenly "disconnect-agent".........¿¿why this strange behaviour?Nov 11 10:57:48 Warning: pan_to_ms_conn_tcp_channel_s...

SOC_CSG by L4 Transporter
  • 9517 Views
  • 12 replies
  • 0 Likes

white list and captive portal

Is there a way to whitelist some URLs that would be allowed without or before authentication via Captive Portal? What we are wanting to do is allow users to access email via Office365 without having to authenticate first on the captive portal. This is all via wireless of course. I tried adding a rule at the top of the security polices before...

On-demand ipsec tunnels?

Is it possible in the PAN to do on-demand vpn tunnels? This is used quite a bit in the Cisco world.. especially for vendors. They often are setup so the tunnel is configured but when the vendor needs to connect for support, the end-user needs to connect to their ASA and initiate the tunnel basically.

SDorsey by L4 Transporter
  • 6333 Views
  • 7 replies
  • 0 Likes

Route Cache

Hi,We implemented PA3050 as internal firewall. We configured it as L3 and caters up to 200+ static routes. When we try to remove a single route in virtual router and commit, approximately 20 minutes before it takes effect. Is this normal in Palo Alto?Thanks,MBS

PAN OS and TACACS+

Hi There,Is it possible to tie together a PANOS and TACACS+ for authorization of commands? If not, how it possible to restrict access for some cisco network equipment? Any ideas?

Oleksandr by L3 Networker
  • 4044 Views
  • 6 replies
  • 0 Likes

QoS based on DSCP marking

We have Mitel IP phone systems deployed across multiple IPsec VPN sitesThe voice packets are marked EF (DSCP 46) and signalling packets are marked AF31 (DSCP 26) automatically by the IP phones and PBX.Under QoS policies, there doesn't seem to be a way to classify traffic into PAN QoS based on DSCP marking.Assuming that QoS classification using s...

yikching by L0 Member
  • 3406 Views
  • 2 replies
  • 0 Likes

Resolved! Alerts

I have my Palo Alto setup to send emails out on critical alerts. If someone tries attacking an outside IP I will get 60 alerts sometimes all in a row. Is there anyway to get the email alert just once that the outside IP was hit 60 times as opposed to getting 60 email alerts?Thanks

aguley by Not applicable
  • 3579 Views
  • 3 replies
  • 0 Likes

Resolved! Backup Configuration of a PA-200

We had a near miss on our PA-200. Got it recovered (thanks, support team!) by reseting to factory default and restoring the configuration, but it would have been a lot quicker if we'd had a current configuration to restore from, instead of having to first save, then reset, then restore.But I want to automate the process of saving a configuratio...

bdunbar by L3 Networker
  • 9134 Views
  • 7 replies
  • 1 Likes

Resolved! can we block sending web based email

Hi all,Is there a way to block only sending an email from web-based email portals(all or common of them, hotmail,gmail etc)so that users can read their email but cannot send any ?

PanIst by L3 Networker
  • 3899 Views
  • 3 replies
  • 0 Likes

Java version detection and blocking old version

Hi,With more and more vulnerabilities in Java, I would like to know if there is any way in PAN firewall to identify and blocked non latest Java traffic? The goal is to identify machines and inform owners to update their Java version. If not then block the Java traffic from that host.Thanks in advance.

Global Protect and split-tunnel, strange behavior from Facetime

We have set up Global Protect with split-tunnel for mobile clients (iPhone, Android). The goal is that ActiveSync is using the tunnel to reach internal servers, and all other traffic can go directly to the internet. GP is set up to distribute routes to two internal networks to the clients through the Access Route parameter in Gateway configura...

arnljot by L1 Bithead
  • 4238 Views
  • 5 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks