This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Allowing access (read only) to docs.google.com/viewer without allowing access to Online Personal Storage categorized sites

We have a situation where a site categorized as "computers and internet" (allowed for all users in our environment) references a pdf located on Google Docs (which is categorized as online personal storage). An example is docs.google.com/viewer?url=http://www.netapp.com/us/media/ds-3546-0114.pdf&embedded=true. This uses the app Google-Docs...

Art by L3 Networker
  • 4089 Views
  • 1 replies
  • 0 Likes

PAN as a DNS Forwarder to resolve External DNS Names

I'm looking on how to configure DNS proxy on PAN and found below link that provide great information.https://live.paloaltonetworks.com/docs/DOC-3637https://live.paloaltonetworks.com/docs/DOC-3522https://live.paloaltonetworks.com/docs/DOC-4633However, it does not cover the design that I want for DNS resolution and protect our internal DNS servers...

Resolved! HA Group 1: Dataplane is down: packet descriptor leak detected on slot 1 dp0

Hi Guys,Just encountered a failure on 4000 in an HA setup.First error is tasks: DP packet descriptor leak detected on slot 1 dp0HA Group 1: Dataplane is down: packet descriptor leak detected on slot 1 dp0HA Group 1: Moved from Active to state Non-Functional.Running recently upgraded to 5.0.12.Has anyone seen something this or something similar?...

x by L1 Bithead
  • 11485 Views
  • 3 replies
  • 0 Likes

Resolved! What happens when the ARP table is full?

Hello Guys,What happens when the ARP table is full? Does the firewall clear old entries?Just trying to figure out if what's causing an issue with our wireless is due to the ARP table being full. Thanks, Chris

x by L1 Bithead
  • 7887 Views
  • 4 replies
  • 0 Likes

Resolved! telnet

How do you telnet from the PA firewall on port 500 to and external IP address?

infotech by L4 Transporter
  • 2949 Views
  • 2 replies
  • 0 Likes

VMotion on ESXi

Hi PA-Admins,we installed a VM-100 (version 6.0.2) in our ESXi environment. By accident we forgot to disable vmotion for the VM and the VM moves from one host to others...I thought vmotion is not supported but our VM-100 is still running and the licenses are valid.from the Virtualization_Admin_Guide_6.0: System Requirements and Limitations This ...

Hithead by L4 Transporter
  • 7712 Views
  • 6 replies
  • 0 Likes

Assistance: my palo is not accessible.

Assistance: my palo is not accessible. I n is happening more access to my palo, after having placed in demo for a client, only the power LED lights. I try dy by console access and management, but it did nothing.----------------------------------------------------------------------------------------------------------------------------je n est arr...

camagate by L1 Bithead
  • 7772 Views
  • 10 replies
  • 0 Likes

Resolved! GlobalProtect authentication problem

Hello,The group I use to authenticate GP connections doesn't work properly.I followed the advice on this thread: https://live.paloaltonetworks.com/thread/8661It was necessary to place the NETBIOS domain name in the LDAP server profile. Output from the CLI now clearly displays the logon format with domain\user, unlike before, for GP clients.The...

TheBest by L1 Bithead
  • 4207 Views
  • 4 replies
  • 0 Likes

TLS Syslog cert import

Hi all,Certificates, can anybody help?I have a cert syslog-ng.cert that ArcSight logger auto-generated and I want to import this on to the firewall as a "Certificate for Secure SYSLOG"It imports OK as Base64 encoded PEM format, with the option to import a private key disabled (if I choose this I need to give a Key File or a Passphrase...which I ...

unable to redirect web traffic towards Websense

hi I am planning to deploy Paloalto firewall in my network, but my biggest challenge is how to redirect web traffic towards Websense which I am using as a web content filtering engine.can any one one help me regarding this to how I can do so.Regards,Om@Spicejet

om by Not applicable
  • 3063 Views
  • 1 replies
  • 0 Likes

Resolved! How to configure PaloAlto to Fail-over to another ISP on a remote location

I'm new in using PaloAlto Firewall. We have to sites that have it's own dedicated ISP connections and I've been task to configure the PAN firewall to route the Internet connections to another ISP if the main internet connections encounter a connectivity problem.HQ1 RT1-------PAN FW--------Internet RTR------------------ISP1||| -> Connections ...

Resolved! App-ID,dependencies and ports

Hello,I noticed that when adding the Application MS-Lync and its dependencies, ports TCP 5065 & 49152-65535 are needed. In the Applipedia, it states TCP/Dynamic, but in order for this to work, I have to add these ports manually to the rule before this traffic is allowed. Shouldn't this be automatic or is this due to the fact that the ports a...

mbattle by Not applicable
  • 3309 Views
  • 2 replies
  • 0 Likes

Admin authentication using RADIUS without local accounts

Hi All,I ran across a strange issue when provisioning a new Administrator on our team. The background is that we use Cisco ACS 5.1 as our RADIUS authentication for our PA firewalls. All of the correct VSAs are input and appropriate Authorization Policies created for Firewalls and Panorama. We do not use local accounts, and instead rely on ACS to...

Slow Performanced Based on Order of ACL Rules

We have several PAN 3020s at a client site with similar issues but for this, I’ll focus on a specific case. One pair in Active\Passive HA has 124 rules. We started noticing really slow RDP connect performance. (it would take 45 seconds to establish an RDP session to a target where the traffic was passed through the firewall). Out of the 124 rule...

SDorsey by L4 Transporter
  • 11312 Views
  • 17 replies
  • 0 Likes

Inbox | Palo Alto Networks Live

Inbox | Palo Alto Networks Live Hello All, I have faced the similar kind of issue for panorama , one Job got stuck in 40% and we are not able to commit to the panorama. Also the management CPU was 100. Well after restart the management server the issue is resolved for clearing the job .but i took the PA support guy to clear the PID to redu...

tiwara by L3 Networker
  • 2977 Views
  • 2 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks