This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4233 Views
  • 0 replies
  • 0 Likes

Can I make custom application from MIME type?

Hello,I want to make custom application(or vulnerability) from MIME type.EXE of MIME Type is 'application/x-msdownload'So I made two customer applications as the following patterns.1. application/x\-msdownload2. \x61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 64 6f 77 6e 6c 6f 61 64\xBut FW detected these custom applications which are tried to...

Resolved! SSL Ciphers

Does anyone have the ciphers list to configure on ISS and Apache that will fully support decryption? We're running PAN-OS 6.0.

mharding by L4 Transporter
  • 6294 Views
  • 4 replies
  • 0 Likes

Resolved! GlobalProtect Gateway on Different IP address

Let's say we have an external facing interface Ethernet1/3 with Ip address of 1.1.1.14/28. The upstream isp router is 1.1.1.1 all other addresses (1.1.1.2-1.1.1.14) are routed to the Palo Alto and in use for various web services, etc..Per the documentation I can find it looks like you have to set the Global Protect gateway IP address to th...

travisj by L2 Linker
  • 6488 Views
  • 4 replies
  • 0 Likes

Resolved! VPN port and default port the same?

Hallo all,i have only one phyical ethernet interface on firewall which is facing the internet. I also want to make this PA firewall as an IPSEC Tunnel endpoint. So all my internal traffic uses this ethernet interface to go to internet. And VPN traffic should terminate on the same interface.Is this possible? If yes, how can I implement it? Any do...

Basic noobie question.

I am looking to what I would call port address translation, but am unfamiliar with how to do it on the PA. Basically I need a public IP to route SNMP traffic to one inside address, and syslog traffic to another inside address. This will also only apply to a single host from the outside. Can someone give me high level steps to what I need to conf...

mcocat by Not applicable
  • 4267 Views
  • 6 replies
  • 0 Likes

Resolved! WildFire Question

Have a question about the functionality of WildFire. Here is the scenario (assume we have a WildFire subscription so we are getting updates every 30 minutes):User gets an email to download "file.exe" at 0800This hash does not match anything and is sent up to the cloud for analysis.Analysis confirms this file is / has malware - it has not seen t...

mrsold by Not applicable
  • 7348 Views
  • 7 replies
  • 0 Likes

Resolved! Userid Not detected for some traffic

We are using 4 User-id Agents and today some users started experiencing problems with certain sites they use. The same sites for all users.... but not all sites. We have many ad group based rules and some are still working while others seem to have stopped working.Looking at the logs I see their userid isn't detected for the blocked traffic bu...

cdp181 by L1 Bithead
  • 8123 Views
  • 3 replies
  • 0 Likes

Resolved! PAN OS Upgrade 6.0.5 failure and success

Hello AllOut of the box, my 3050 Firewall had PAN OS 5.0.x and I wanted to upgrade it to.the latest 6.0.5 release. My Firewall does not have internet access yet, and so all the following things were done offline by downloading files on my laptop.So, I updated Application and Antivirus signatures, uploaded the base image of 6.0.0 to the firewall ...

VMware View rules configuration

Does anyone have any information on how to get user-id to work with a VMware View security server sitting in the DMZ? Right now the only way we can get PCoIP traffic to flow to is by specifying the ip of the VDI machine that is being connected to. What we would like is to define an AD group for remote access and populate the users into that grou...

Global Protect Troubleshooting

I have a portal and 3 gateway's setup. From my home network and a couple other home networks Global Protect works with no issues, We can disable the client, re enable it, change to different gateways on the fly and it connects right up.Now for some others, and my dsl at work, coffee shop downstairs, they can connect to the GP Portal the primar...

markk96 by L3 Networker
  • 5854 Views
  • 4 replies
  • 0 Likes

Upgrade to 5.0.14-h3 stopped traffic

We just attempted to upgrade some 5020's to 5.0.14-h3(mainly to patch the evasion vulnerability) and quickly found that the upgrade broke traffic traversing the firewall. During the short period of time it we were running on 5.0.14-h3, there were a whole lot of "incomplete" sessions for TCP and a lot of UDP sessions with zero packets received.D...

jambulo by L4 Transporter
  • 4228 Views
  • 6 replies
  • 0 Likes

Resolved! What SSL/TLS versions are allowed for WEBUI

Hello, I'm trying to verify which SSL/TLS versions and Ciphers the PANs accept for WEBUI connections. Specifically I am trying to verify that it does not accept connections using weaker Protocols or Cipers and if it is configurable.Please note that this is for Management connections to the PANs only, not user traffic.Any help would be appreciat...

Netflix application rolled in to web-browsing?

Last week I ran an ACC report for the top 25 applications. Netflix was #3 (university environment, so it's to be expected). Today, I ran the same report and Netflix (as an application) is no where to be found. I launched Netflix on my computer to generate some traffic and I'm not seeing it (I waited 20 minutes to make sure the session was end...

bhelman by L2 Linker
  • 5121 Views
  • 3 replies
  • 0 Likes
  • 24357 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks