This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

Resolved! security rule add web

Hi, i have to create a rule to permit my ubuntu server to take updates from es.archive.ubuntu.com and security.ubuntu.com. How can i create the rule for this two webs suing dns name?? the ips are changing so i cant use the web ips in destination........thanks....

SOC_CSG by L4 Transporter
  • 3019 Views
  • 2 replies
  • 0 Likes

Rate limit port forwards

Hey guys,Some of the iptables servers I'm replacing with Palo Alto firewall provide port forwards to RDP servers. In order to prevent abuse, they were rate limited, such that a single IP can only connect a few times before being blacklisted for a few minutes.This functionality existed within IP tables - is there a way to replicate this within a ...

daraco by L0 Member
  • 2027 Views
  • 1 replies
  • 0 Likes

ldap user authentication in security policy not working

i have configured ldap server profile with "base=" and "basedn=ldap string " and domain= blank.in group mapping under available groups only groups are there and no users can be viewed. i have included two groups here. which is added in security policy rule under user option.In authentication profile i have added above included ldap groups in a...

Resolved! Recommended cable length for HA

I'm unable to determine from the tech-docs if PAN has a recommended (or suggested) cable length for those cases where the HA ports are directly connected via crossover cable. Does anyone have any intel on this topic? I've set-up many HA pairs and when using directly-connected HA ports via crossover I typically use a 6' cable. I'm working at a pl...

tommyluke by Not applicable
  • 6226 Views
  • 5 replies
  • 0 Likes

Automated alerts when Log Forwarding stops / freezes?

Hey Community - Wondering if anyone has come up with a good way to automate an alert / alarm when there is an issue with a Firewall reporting to a DLC (distributed log collector)? We have about 27 firewalls all of which send to 1 of 4 log collectors, and we are seeing an increase of Log Forwarding issues --> Some sending only Denies (when a...

WildFire Capacity Issues - Confirmed by Palo Alto SE

Apparently Palo Alto have confirmed that there are times when WildFire is simply too busy to serve all update requests (we've been seeing frequent failures).Can anyone from Palo Alto comment on what the capacity situation is, what is being done to resolve it, and when the upgrades are expected to be in place by please?It's a fantastic service bu...

PAN-VM license upgrade from eval to full with HA setup

Hi,I have two PAN-VMs in HA setup running on eval license and just got my full license Auth code but it seems like going from eval license to full license can not be done seamless. I have read about the cloning procedure but need to know how I should proceed with an HA setup in a way that I have minimum interruptions.Appreciate any help on this...

URL Filtering Log shows FORWARD

Hey All - I have several URL-Filtering logs that come through with a category of FORWARD. Everything else is blank (URL, From Zone, To Zone, etc.). Can anyone shed some light on what this means?Thanks!Matt

Decryption certificate

Hi,I have a PA500 (OS 5.0.11)I already configured it for SSL Decryption with a self signed certificate.I need to use a Digicert Certificate. I already have a wildcard certificate with Digicert.Question is: can I use my wildcard certificate for SSL Decryption?How?I try to import my certificate but I cannot use it for SSL DecryptionThanksRegards

diennea by L3 Networker
  • 6322 Views
  • 5 replies
  • 0 Likes

FTP

How can I verify whether port 21 ftp traffic is being blocked by the PA 302?

infotech by L4 Transporter
  • 9498 Views
  • 17 replies
  • 0 Likes

Resolved! PA-200 - commit change and then nothing

I have opened a critical ticket, but was looking for community feedback on this issue.Setting up my new PA-200, troubleshooting a route problem. I removed a rule to simplify troubleshooting, hit 'commit' The progress bar reached '98%' then the device was unreachable by https.I called the colocation staff, asked for a power reset. The device n...

bdunbar by L3 Networker
  • 5740 Views
  • 4 replies
  • 0 Likes

Tunnel

I have a vpn tunnel that works fine most of the time and then is just goes down for no reason any suggestion

infotech by L4 Transporter
  • 18080 Views
  • 30 replies
  • 0 Likes

Resolved! Management PORTs

Hi guys ,how can i change the management port to other port than 443 ?Best Regards.Thiago Lima.

Thiago by L3 Networker
  • 3636 Views
  • 4 replies
  • 0 Likes

Special Character in domain name

Hi,I have a domain with special character "&" in the NetBios domain name. In the FQDN name this character has been substituted by "e".By user-identification, PAN discover the users, but some have the "&" character in domain name and some have "e" character in domain name. Then the user's identification doesn't operate well. There is a wo...

lauro7 by L0 Member
  • 3680 Views
  • 4 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks