This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

import config from PA-2020 to PA-3020

Hi,I need to change a old PA_2020 with a new PA-3020 and would like to use the configuration of old device in the new firewall to avoid to do the work again..So, Is it possible to import config file from a PA-2020 to a new PA-3020?If yes, is there any requirement (version or something)?, and it is enough doing Export Named Configuration Snapshot...

Es recomendable sustituir un Firewall Microsoft TMG por un equipo Palo Alto ?

Estoy pensando sustituir uno de mis firewalls actuales un Microsoft TMG por un nuevo equipo Palo Alto, en términos generales a nivel de funcionalidades de firewall estoy seguro que palo alto sera mejor y me dará mejor performance, pero tengo dudas sobre como migrar las publicaciones tanto de Exchange (OWA y Active Sync) como de Lync (Exclusivame...

PA-500 and memory upgrade

Recently I ordered and installed the memory upgrade for my PA-500. It was under $400, is a simple end user install and upgraded the management plane to 2gb (from 1gb).I will not give any estimates as to improvement as I do not want to exaggerate, however, I highly recommend anyone with a PA-500 spend the $400 (ish).Hope that helps,Bob

BobW by L4 Transporter
  • 12353 Views
  • 16 replies
  • 1 Likes

Custom Reports by Interface

Is it possible to get custom reports for traffic on a per interface basis? The only thing remotely close that I have found is under Traffic Reports I can see ingress interfaces and egress interfaces, but all that shows me is a daily total. What I'm looking for is to see these statistics on a more granular basis (by minute or hour) as a custom re...

Traffic denied by one context is allowed in the other

Hello All,I have a strange situation and need some help.I have 2 legs of my firewall implemented on Core and Edge level. I have a host 10.1.1.10 behind my Core layer firewall trying to access an external FTP server.On the core layer I have a policy to deny ftp traffic from inside to outside and the logs show the traffic is denied.But on the Edge...

Resolved! Application

I am trying to block some websites such as music.yahoo.com ,mylife.com Spaces.live.com and Talkgadget.com . But they aren't one of the listed choices and I am unable to add them to my blocked application list. How can I do that?

infotech by L4 Transporter
  • 6577 Views
  • 11 replies
  • 0 Likes

Global Protect Pre-Authentication with public SSL cert

Folks.My boss wants me to implement "pre-authentication" for my Global protect clients, so that they authenticate against AD before logging on to their laptops when on VPN, and ergo run login scripts, group policies etc.I have https://live.paloaltonetworks.com/docs/DOC-5229 and read through it, and it describes setting up using self-signed certi...

darren_g by L4 Transporter
  • 5691 Views
  • 9 replies
  • 0 Likes

Resolved! GlobalProtect DNS server ignores the access routes

Hey all,Just another PaloAlto funkiness I found out today...When you configure a DNS server under the gateway configuration for GlobalProtect a route will automatically be added to route traffic to this DNS-ip through the tunnel: REGARDLESS of what you fill in in the access routes.Ex: DNS server: 10.0.0.1 and access route: 192.168.0.0/16When con...

mr.linus by L4 Transporter
  • 3086 Views
  • 2 replies
  • 0 Likes

Resolved! FTPS and Service - problem

HelloI have FTP server on Debian 7 (ProFTPD 1.3.1) and security rule:and now FTPS connection works.With "application-default" as a service FTPS sessions hangs on listing directory and sfter some time FTP client was disconected.I'm on 6.0.2 PAN with latest updates.Is this a normal behaviour? According to best practice we should use "application-d...

_slv_ by L4 Transporter
  • 13588 Views
  • 20 replies
  • 0 Likes

Resolved! Cannot run GlobalProtect Portal on preferred IP address

Please correct any wrong statements:1. I connect my PA to the "untrust internet" via ethernet 1/12. My ISP assigned me 164.67.80.0/24 block of IPV4 addresses (actually this is a lie...)3. I assigned 164.67.80.2/24 to ethernet 1/14. The PA is capable of running NAT on any of the addresses in the entire 164.67.80.0/24 subnet using Proxy ARP5. I wa...

cstech by L2 Linker
  • 4561 Views
  • 3 replies
  • 0 Likes

Mirror traffic from tunnel interfaces to SPAN port

Hello Everyone, I'm new to the PA firewall's and trying to figure out how to monitor my tunnel interfaces, and the traffic flowing through them. I have a PA-3020 running as an endpoint for several tunnels. I want to mirror the traffic from those tunnels when it hits the PA before it is routed and offload it to a specific interface port. I've don...

edevansky by Not applicable
  • 6750 Views
  • 5 replies
  • 0 Likes

Destination NAT on a Vwire?

Is there documentation on how to do this? All I have found is incomplete. Is the Destination Zone the same or different than the Source Zone? Do the addresses have to include the subnet mask? Are there any complete examples available?

kentjday by L1 Bithead
  • 6734 Views
  • 10 replies
  • 0 Likes

Resolved! Help with custom vulnerability signature

Can someone provide documentation and insight in regards to creating custom IPS signatures based on the follow scenario?Consider you have an FTP server. The USER command is vulnerable to buffer overflow. How does one create a custom signature to identify and block this activity? The buffer and payload the attack sends could have 1000 variations.

SDorsey by L4 Transporter
  • 4069 Views
  • 4 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks