This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4127 Views
  • 0 replies
  • 0 Likes

Resolved! World Cup 2014

Has anyone found a "simple" way to block the majority of this type of traffic/streaming?I recall there being a discussion before regarding the Olympics but it may have been at one of our local PA information sessions --- something like a new App-Id.

HCDSB by L1 Bithead
  • 3063 Views
  • 2 replies
  • 0 Likes

Global Protect Portal with Certificate Profile - client certificate required after upgrading to 6.0

Hi,We are running Global Protect with pre-logon. The GP Portal needs to allow users to login from "clean" computers without machine certificates, and at the same time allow pre-logon user(and other users) to authenticate with machine certificate. This has in 5.0 been done by using a certificate profile with the username field set to "none".This ...

torm by L4 Transporter
  • 4607 Views
  • 4 replies
  • 1 Likes

HA deployment with IPsec tunnel

Hello Guys ,I have two PaloAltos' deployed in HA ( active - passive mode ) and have an IPSec tunnel configured. I have noticed that when the primary PAN ( active ) fail-over to the Secondary PAN, the IPsec tunnel does come up and need to manually start the IPsec ( via CLI ). Do you have a way when Secondary PAN become active the IPsec Tunnel com...

About custom vulnerability signature

Hello,My customer made vulnerability signature in FW. But FW doesn't detect this signature.Customer Vulnerability Signaturecontext : http-req-message-bodypattern : eval\(gzinflate\(str_rot13\(base64_decodeI am searching this but I don't know.So I need your assistance for it.I have read Creating_Custom_Signatures-RevA.pdf document This docume...

Check Point R77 URL policy migration

Hello,I was trying to search for examples or good documentation for migrating check point URL policy to PAN. Does anyone have any suggestions? One of the specific examples I'm having issues with: CP has an option to select Internet as a destination (all traffic leading to external interfaces). ie : SIP: userABC DIP: internet APP: applicat...

dvlacic by Not applicable
  • 2935 Views
  • 3 replies
  • 0 Likes

PAN-OS 5.0.12 vs PAN-OS 6.0.2

Hello All, I wanted to ask the community and the support engineers about the recommendation for PAN-OS for a new installation.Given PAN-OS 6.0.2 came out about a month ago, can anybody comment on the stability of this version? Anybody upgradedto it, but had to revert back? Thanks,- Andrew.

apetrov by L0 Member
  • 4770 Views
  • 7 replies
  • 0 Likes

Resolved! User-id-agent Upgrade to 6.0.3

Hi,We are planing on upgrading from 5.0.8 to 6.0.2, and we are currently user user-id agents on our DCs; do we need to also upgrade the user-id agent to 6.0 or the old one would still work?Thank you

MMCiobanu by L3 Networker
  • 4006 Views
  • 4 replies
  • 0 Likes

About DNS amplification attack issue

Dear Sir,We have a customer for education envirument and they suffered a lot of DNS amplification attacks.Last 7 days session count is 688 Million and 220G Bytes for DNS traffic.We try to drop the "Threat ID 36027 DNS Amplication Attack Query " and "Threat ID 36029 DNS Amplication Attack Response",But we only drop the ID 36027 signature once.We ...

Factory default on PA-3020

Hi, I am trying to factory default a PA-3020 series firewall but the terminal is not responding after getting into the maint section. I sits in the "continue" section there and I cant manuver. What is to be done to go to "factory reset" section in the maint section?

pranoy by Not applicable
  • 2096 Views
  • 1 replies
  • 0 Likes

Resolved! How can I configure newline mark in custom log format?

I'm trying to configure newline in custom log format.For example, if I configure "aaa<newline>bbb", and set it as mail alert.I receive email with "aaabbb".Does anyone know how to configure it? or is it impossible?Two picture shows configuration screen and my mailbox.Regards,

emr_1 by L5 Sessionator
  • 7780 Views
  • 5 replies
  • 0 Likes

Microsoft Direct Access and User-id in an IPv4 Environment confusion

Hello,We have a Microsoft 2012 DA installation that enables clients to attach to our internal Infrastructure. The clients all end up with IPv6 addresses, and the DA server uses 6to4 translation for the clients to get to services. Problem I am finding is that when these clients log onto DA, our AD sees them all coming from the same IPv4 address...

jbabcock by Not applicable
  • 3497 Views
  • 2 replies
  • 1 Likes

Resolved! Classification Risk

I have been working on getting our ACC threat risk down to a respectable level...currently ~4.0. I noticed that if I navigate to the Objects>Applications menu, and click on an application, the screen displays a section called "Classification". Under this section I have the ability to customize the Risk value (i.e. 1 - 5). DNS for example has ...

TDS_NOC by L0 Member
  • 2843 Views
  • 1 replies
  • 0 Likes

Resolved! WAN Failover NAT issue

Hello all,I am trying to set up WAN failover on a Palo Alto PA-3020. I used the document at the bottom of this post. When I unplug the interface that is set up in the PBR, it switches over to the secondary ISP like it is supposed to. The problem is the Primary-NAT policy is still active so traffic doesn't pass because the Backup-NAT never tak...

ClintL by L2 Linker
  • 3947 Views
  • 4 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks