This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4465 Views
  • 0 replies
  • 0 Likes

Using Netflow v9 in a Active/Active cluster

I configured a Netflow profile and associated it with a "Untrust" Interface on my active Machine in my setup.I was surprised seeing that the second Active machine got this assotiation too. So I accume both machines are sending to the same receiver and to the same port.I'm new to Netflow and my question is: How does the receiver distinguish which...

rkra by L2 Linker
  • 1915 Views
  • 1 replies
  • 0 Likes

Terminal services agent issue with traffic dropping

Hi,We currently let our TSA connect to our management interface. This is however causing problems in that in about 30 mins all traffic is dropped on the management interface. The GUI and CLI and such are time-outed then. To resolve this we need to remove the TSA on the PA and the interface works fine again.Support recommends to provision an dedi...

Resolved! Pre-Logon Global Protect

Got the pre-logon function working ok. The problem i have is that it doesn't seem to start quick enough to process login scripts etc.For example when I log onto my network LAN using the laptop the drives are mapped and i get a pop up announcement message - all standard stuff.When I then take the laptop off the LAN and connect it to the internet ...

djrodb by L3 Networker
  • 9439 Views
  • 3 replies
  • 0 Likes

Grouping Countries

Hello,I've been asked to block certain countries...- All of Europe except Spain- All of Asia (except Japan, Australia, Korea, Singapore, Taiwan)- All of AfricaI figured I could add those countries to a "Denied Countries" group to use in a security policy but I don't see the countries listed when I try to create my address group... they only exis...

dwoolley by L1 Bithead
  • 4871 Views
  • 4 replies
  • 0 Likes

Resolved! Public IP Behind PaloAlto

We have a /24 public IP network where some of the IPs will not NAT and some will NAT. For the scenario were there will be no NAT, the host behind the PaloAlto will have a public IP assigned to the NIC. Under what scenario would I break up the /24 into smaller subnets or leave the subnet as a large /24. This is for a pa-500 in Layer 3 configur...

Resolved! Is it possible to create reports or graphs displaying type and amount of transported data, sources and dests?

Where to start with this topic:I can monitor the bandwith with SNMP and PRTG Network Monitor.Now I'm interested in data >>>PA can provide <<< about types of data, sources and destinations?I would like to check e.g. this:How much VoIP is running through the PA?Who is downloading most data at the moment.a.s.o.I know there is sflo...

rkra by L2 Linker
  • 4270 Views
  • 5 replies
  • 0 Likes

is it possible to forward clients with paloalto for websense ?

Hi all,There is a topology like below.Clients using Cisco vpn and they are enforced to use some proxies(enforced from Active Directory)There is a Local Websense but it cannot be used because of that enforcement.Can Paloalto firewall decrypt that SSL traffic and make websense available to use ?is that possible ?Cisco Any Connect Client-----------...

Resolved! Failure to Delete a Certificate

PA-200PAN 6.01I imported a certificate, but failed to do something correctly. I wanted to delete the cert, and start over. When I select the certificate 'ServicesVPN' and click Delete I'm told ... 1- Failed to delete Certificate - ServicesVPN. ° ServicesVPN cannot be deleted because of references from: ° deviceconfig -> system -> sy...

bdunbar by L3 Networker
  • 10287 Views
  • 12 replies
  • 0 Likes

Resolved! FTP Server: No Allow policy but 3-Way-Handshake and Username prompt possible?

There is no allow policy from Untrust to DMZ to contact the FTP Server.There is an deny policy instead as a last policy between ZONE Untrust und ZONE DMZ.But if I try to connect to FTP Server a connection is estabilished and my FTP Server asks for a Username.This is the end of communication - but is anyone allowed to connect to my FTP Server?Roman

rkra by L2 Linker
  • 5040 Views
  • 7 replies
  • 0 Likes

Resolved! Could I use a Asian 2 bytes charset on CLI when I configure?

HelloI tried to configure on CLI using 2bytes Asian charset as below.As you see below when I configure 2bytes Asiasn charset to description column and then PAN showed error message is Server error : Malformed Request.So I questioned weather PAN could be configured using Asian charset on CLI or not.admin@PA1(active)# set rulebase security rules r...

Roh1 by Not applicable
  • 5079 Views
  • 3 replies
  • 0 Likes

Disable SSL - IPSEC only

Hi,a quick one: is it possible to disable SSL VPN at GP? So users can only connect via IPSEC...I know its possible to do it the other way but we like to have a IPSEC only portal/gateway.

Hithead by L4 Transporter
  • 10902 Views
  • 12 replies
  • 1 Likes

Resolved! URL Filtering Category is "Unknown"

guys,i have a problem in our Palo alto 5050, it shows a lot of URL websites with Category "unknown", although it shows the right category type on bright cloud website,any help ??,Regards,

ISA 2006 proxy replacement

I want to use my PA as a proxy for the internet and want to remove my current ISA 2006 proxy server. I was curious what methods others are using and if you have any detailed step by step instruction how to configure this.

infotech by L4 Transporter
  • 14878 Views
  • 30 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks