This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4254 Views
  • 0 replies
  • 0 Likes

PA-500 and memory upgrade

Recently I ordered and installed the memory upgrade for my PA-500. It was under $400, is a simple end user install and upgraded the management plane to 2gb (from 1gb).I will not give any estimates as to improvement as I do not want to exaggerate, however, I highly recommend anyone with a PA-500 spend the $400 (ish).Hope that helps,Bob

BobW by L4 Transporter
  • 12642 Views
  • 16 replies
  • 1 Likes

Custom Reports by Interface

Is it possible to get custom reports for traffic on a per interface basis? The only thing remotely close that I have found is under Traffic Reports I can see ingress interfaces and egress interfaces, but all that shows me is a daily total. What I'm looking for is to see these statistics on a more granular basis (by minute or hour) as a custom re...

Traffic denied by one context is allowed in the other

Hello All,I have a strange situation and need some help.I have 2 legs of my firewall implemented on Core and Edge level. I have a host 10.1.1.10 behind my Core layer firewall trying to access an external FTP server.On the core layer I have a policy to deny ftp traffic from inside to outside and the logs show the traffic is denied.But on the Edge...

Resolved! Application

I am trying to block some websites such as music.yahoo.com ,mylife.com Spaces.live.com and Talkgadget.com . But they aren't one of the listed choices and I am unable to add them to my blocked application list. How can I do that?

infotech by L4 Transporter
  • 6773 Views
  • 11 replies
  • 0 Likes

Global Protect Pre-Authentication with public SSL cert

Folks.My boss wants me to implement "pre-authentication" for my Global protect clients, so that they authenticate against AD before logging on to their laptops when on VPN, and ergo run login scripts, group policies etc.I have https://live.paloaltonetworks.com/docs/DOC-5229 and read through it, and it describes setting up using self-signed certi...

darren_g by L4 Transporter
  • 5842 Views
  • 9 replies
  • 0 Likes

Resolved! GlobalProtect DNS server ignores the access routes

Hey all,Just another PaloAlto funkiness I found out today...When you configure a DNS server under the gateway configuration for GlobalProtect a route will automatically be added to route traffic to this DNS-ip through the tunnel: REGARDLESS of what you fill in in the access routes.Ex: DNS server: 10.0.0.1 and access route: 192.168.0.0/16When con...

mr.linus by L4 Transporter
  • 3146 Views
  • 2 replies
  • 0 Likes

Resolved! FTPS and Service - problem

HelloI have FTP server on Debian 7 (ProFTPD 1.3.1) and security rule:and now FTPS connection works.With "application-default" as a service FTPS sessions hangs on listing directory and sfter some time FTP client was disconected.I'm on 6.0.2 PAN with latest updates.Is this a normal behaviour? According to best practice we should use "application-d...

_slv_ by L4 Transporter
  • 13887 Views
  • 20 replies
  • 0 Likes

Resolved! Cannot run GlobalProtect Portal on preferred IP address

Please correct any wrong statements:1. I connect my PA to the "untrust internet" via ethernet 1/12. My ISP assigned me 164.67.80.0/24 block of IPV4 addresses (actually this is a lie...)3. I assigned 164.67.80.2/24 to ethernet 1/14. The PA is capable of running NAT on any of the addresses in the entire 164.67.80.0/24 subnet using Proxy ARP5. I wa...

cstech by L2 Linker
  • 4630 Views
  • 3 replies
  • 0 Likes

Mirror traffic from tunnel interfaces to SPAN port

Hello Everyone, I'm new to the PA firewall's and trying to figure out how to monitor my tunnel interfaces, and the traffic flowing through them. I have a PA-3020 running as an endpoint for several tunnels. I want to mirror the traffic from those tunnels when it hits the PA before it is routed and offload it to a specific interface port. I've don...

edevansky by Not applicable
  • 6853 Views
  • 5 replies
  • 0 Likes

Destination NAT on a Vwire?

Is there documentation on how to do this? All I have found is incomplete. Is the Destination Zone the same or different than the Source Zone? Do the addresses have to include the subnet mask? Are there any complete examples available?

kentjday by L1 Bithead
  • 6867 Views
  • 10 replies
  • 0 Likes

Resolved! Help with custom vulnerability signature

Can someone provide documentation and insight in regards to creating custom IPS signatures based on the follow scenario?Consider you have an FTP server. The USER command is vulnerable to buffer overflow. How does one create a custom signature to identify and block this activity? The buffer and payload the attack sends could have 1000 variations.

SDorsey by L4 Transporter
  • 4128 Views
  • 4 replies
  • 0 Likes

EDNS Support

In the recent code releases has support for EDNS been added...If so, what release and can you point me in the direction of a good EDNS tech doc?!!Thank you in advanced, -jc

jclimer by L0 Member
  • 7071 Views
  • 5 replies
  • 0 Likes

Security Policy-by Computer Name in domain

Hi,I have a requirement from a customer, that he doesn't want user based security policy for a certain location.He want that only specific computer names which are in domain should be blocked for certain application. Is this possible using global proctect or any work around for the same?Please help..Thanks & RegardsNitesh Saxena

NiteshS by L2 Linker
  • 4262 Views
  • 2 replies
  • 0 Likes
  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks