This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Resolved! DoS Protection Logs

If you have a DoS policy setup with both an aggregate and a classified DoS profile to protect a webserver and you see flood logs in the Threat Tab.. is it possible to tell whether or not the flood matched on the aggregate or the classifed DoS profile while splitting those into two separate DoS policies?

SDorsey by L4 Transporter
  • 7633 Views
  • 1 replies
  • 0 Likes

Resolved! PAN VM series throughput

Is the throughput on the PAN VM series an arbitrary cap set by the PAN software? It seems that it certainly shouldn't be on the hardware side as one could do 10gb netorking, put it on SSD and throw as much ram/cpu at is as they desired. And I would think it's not a software 'limitation' since the PAN 3000s and up go well above 600mbps.

SDorsey by L4 Transporter
  • 3840 Views
  • 2 replies
  • 0 Likes

Has anybody encountered a situation where a rule was configured for one application but matched other applications?

I have the following ruleI used 'any' as the service because we have web servers running on multiple ports and not just on the default.While it does match ssl and web-browsing traffic as expected, it also matches unexpected application traffic like the followingI don't understand why it would match oracle traffic. Any ideas?

palo_al by L1 Bithead
  • 10357 Views
  • 15 replies
  • 0 Likes

mgmt appweb3[4591]: appweb3 error: : appweb3 ?

Hi,My PA-2050 recently management cpu always high to 70%, and 100% when commit. check the log as below,appweb3 error: : appweb3: Error: Ignoring unknown directive "Action" At line 121 in /etc/appweb3/appweb.pan.conf Make sure the required modules are loaded. Aug 13 06:03:32 mgmt appweb3[4324]: appweb3 error: : appweb3: Error: Can't find stag...

ArcherY by L0 Member
  • 2561 Views
  • 1 replies
  • 0 Likes

SSL decryption feature

Hi All,I wish to ask do i have to have my own Certificate in order to use SSL decryption feature, in order to decryption my users SSL traffic ?OR i can just go and setup this feature and use it right away ?I use PA-VM-100, PAN OS 6.0.4

Difficulties creating a secondary VPN tunnel

I'm having trouble authenticating with a second VPN tunnel that I've created.I've created a new Portal and Gateway, almost identical to the previous ones. Obviously with it's own external IP, certificate that fits the given domain.Created a new Zone with a tunnel interface associated with it, which is also connected to a static route with the ne...

Disable SSLv3/TLSv1

Is it possible to disable SSLv3 and TLSv1 for Global Protect? Vulnerability scanners flag the interface of the PAN where Global Protect portal/gateway are hosted as it allows these deprecated versions.

SDorsey by L4 Transporter
  • 2960 Views
  • 2 replies
  • 1 Likes

Resolved! Not able to Push the policy to a device

Hello ,Can any one please explain me the error i am getting while pushing the policies to a device of a device group.I want to push the policies only to the particular device ,member of device group.Thanks

tiwara by L3 Networker
  • 3480 Views
  • 2 replies
  • 0 Likes

Resolved! How to Configure HA on PAN-OS 5.0.6

Hi,Any advise configuring HA on mentioned PAN-OS as documentation seems not very detailed..Have configured HA for control plane with ip addresses /30 , enabled HA, group 1 and Peer HA ip address; after commit am getting generic failure errorCheers

paul_w by L2 Linker
  • 4491 Views
  • 3 replies
  • 0 Likes

Resolved! PA blocking returned traffic!!!

Hi,I've deployed PA-500 recently, and I'm experiencing an interesting situation.PA-500 is deployed in virtual-wire, and I'm filtering only my main ISP connection (ISP 1). The connection for ISP 2 goes directly to the router.We have a web server, which accepts requests from users through ISP2, and replies back but the router sends the replies thr...

Besfort by L2 Linker
  • 4193 Views
  • 2 replies
  • 0 Likes

HA broken after upgrading to 6.0.3

Hi,We have just upgraded our 5020s and 3020s to 6.0.3 and encountered an issue, where the secondary device became the Active one and the primary displays this error, only on the 5020:does anybody else had this issue or knows how to solve it?Thank you.

MMCiobanu by L3 Networker
  • 17594 Views
  • 28 replies
  • 0 Likes

Resolved! 'enable-user-identification' turned on!

Hi everyone,I wanted to do user based filtering on PA-500, but after I've successfully connected PA with active directory, and applied a security policy on user based I get this warning:Warning: Rulebase 'security'Rule 'LAN-r2'; Zone 'LAN' does not have 'enable-user-identification' turned on.Does anyone know how to enable user identification?

Besfort by L2 Linker
  • 3498 Views
  • 2 replies
  • 0 Likes

HA queue full

Hi, im receiving this snmp trap in my Palo Alto (PA-3020 PANOS 6.0.3). Checking the system logs i see each 15 mins this log message "HA-queue-full". Why is this happening?

SOC_CSG by L4 Transporter
  • 7151 Views
  • 13 replies
  • 0 Likes

HA queue is full

Hi there,I'm not sure if anyone else has seen this alert show up on their devices but I have Critical system messages sent to me by email and I have received this afternoon every 15 minutes a message saying "HA queue is full". I made a small tweak to a random description in a policy line so that I would be offered the oportunity to do a commit a...

UKRB by L3 Networker
  • 4464 Views
  • 4 replies
  • 1 Likes

Resolved! URL Rewrite - any update in new PanOS 4.1?

We are increasingly seeing the need for a URL rewrite feature - we had hoped to use it for one of the ways to force Google SafeSearch (vs. the existing option of blocking searches using an app signature)We now would like to use YouTube for Schools, which depends on URL modification:http://support.google.com/youtube/bin/answer.py?hl=en&answer...

keklund by L1 Bithead
  • 16626 Views
  • 25 replies
  • 1 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks