This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

EDNS Support

In the recent code releases has support for EDNS been added...If so, what release and can you point me in the direction of a good EDNS tech doc?!!Thank you in advanced, -jc

jclimer by L0 Member
  • 6982 Views
  • 5 replies
  • 0 Likes

Security Policy-by Computer Name in domain

Hi,I have a requirement from a customer, that he doesn't want user based security policy for a certain location.He want that only specific computer names which are in domain should be blocked for certain application. Is this possible using global proctect or any work around for the same?Please help..Thanks & RegardsNitesh Saxena

NiteshS by L2 Linker
  • 4223 Views
  • 2 replies
  • 0 Likes

Redundant Ports

Hi,the customer is looking for a redundant ports as there looking for a cross connection between two different switches.is this possible? etherchannel/aggregate port configuration doesn't solve that issue as aggregate port goes in the same switch only.Please suggest a way to resolve this.Thanks & RegardsNitesh

NiteshS by L2 Linker
  • 4985 Views
  • 4 replies
  • 0 Likes

PBF ISP Failover with one ISP interface as DHCP client

Hi all,I have a client who has (for reasons beyond my ability to comprehend) decided to be pathologically cheap about one ISP link at one of their sites (running a PA-200), and are dropping their static IP in preference for more bandwidth at less cost.Anyway...Stable internet connectivity via any available ISP at this particular site is a dicey ...

List of custom risks

Hi,Just started out configuring a new PA3020 and decided to block all risk level 5... there are a couple of apps that I wanted to allow through so re-graded them risk 4.In the future I want to ensure this is manageable, is there somewhere on the system I can review these re-graded risks in one place as a list?Or... should I do this another way t...

Resolved! Panorama Botnet View

Hi All,Where do you find the Botnet monitor and reports for firewalls running 4.x from a Panorama interface running 4.x? And minimum level permission is required in order to see these Botnet reports?Appreciate the assistance.

apc050 by Not applicable
  • 7203 Views
  • 6 replies
  • 0 Likes

Active Directory Users not Authenticating to GP

Hi,We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the following error when trying to login:User is not in allowlistdescription contains 'User \'abc\user1\'...

rsaber by L1 Bithead
  • 3357 Views
  • 3 replies
  • 0 Likes

Resolved! Disabled Vulnerability Signatures: FTP evasion attack (id:30401)

HelloCould someone explain me why signature FTP evasion attack (id:30401) was disabled in thread update version 453?This signature wasn't replaced by new one. Bruteforce attacs on FTP serwers still exist and nothing will change in this case.With regardsSLawek

_slv_ by L4 Transporter
  • 4387 Views
  • 3 replies
  • 0 Likes

Resolved! Using Local DB and LDAP for Global Protect

Hi All,Is it possible to have Local and LDAP users authenticate to the Global Protect Client.In the GP configuration, I can only choose one Authentication Profile, which is chosen for Local DB.I tried to configure another GP Portal but I could not use the same interface and IP Address.So, is the only solution is to create another GP Portal using...

rsaber by L1 Bithead
  • 4198 Views
  • 3 replies
  • 0 Likes

Best practices for HA PANs and switch stack

For this scenario, assume a simple setup. Two firewalls in HA and two switches in a stack. Also assume the firewalls are in active/passive. Consider the below setup, each firewall has one physical link to separate switch members of the stack.In this configuration, if switch member 1 fails and firewall 1 is the active firewall, does it automatica...

SDorsey by L4 Transporter
  • 13469 Views
  • 14 replies
  • 0 Likes

Resolved! Mask MAC on interface

Does the PAN allow you to clone or mask the MAC address on an interface to one of your choosing?

SDorsey by L4 Transporter
  • 2739 Views
  • 2 replies
  • 0 Likes

Voip external server

I'm experiencing an issue with a connection to an external voip server.Directly attached to a PA-500 ethernet port there is a patton (fxo voip appliance).Now, I'm allowing any traffic to outside, any application.When I surf from that interface I can access external sites, but the issue seems to be NAT.Voip uses port 5060 udp.I can see the packet...

Global Protect - Split Tunnel

Is it possible with global protect and split tunnel setup to have policies applied for url filtering to the local client so that sites can be blocked in split tunnel mode?

markk96 by L3 Networker
  • 5530 Views
  • 9 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks