This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

Heratbleed CVE-2014-0160 - New Vulnerability Signatures

Palo Alto released multiple vulnerabilities for the Heartbleed bug.New Vulnerability Signatures (3)SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Versionmedium40039OpenSSL TLS Heartbeat Brute Force - HeartbleedCVE-2014-0160alert3.1.0informational36417OpenSSL TLS Heartbeat Foundalert3.1.0medium36418OpenSSL TLS Malformed Heartbea...

Antivirus and apps - Error in retreiving data - PAN OS 6.0.1

Hi,I'm a customer with two PaloAlto PA-2020 with active/passive config running without issues.I've just upgraded from 5.0.11 to 6.0.0 and then to PAN OS 6.0.1 (latest)Starting with PAN OS 6.0.0 I can't check for apps and antivirus upgrades from the "Dynamic Updates" link. It gives the error "Error in retrieving data".This situation didn't happen...

MGCP being dropped since upgrading to 6.0.1

We upgraded our PA5020 from 5.07 to 6.0.1 to utilize TLS 1.2 to handle decryption but as a result we have created an issue with our phones. We have a couple call managers behind the PA5020's at our data center and several branch offices around the world that rely on them. The branch MGCP gateway uses UDP 2427 to send notification messages and TC...

froggyj by Not applicable
  • 5120 Views
  • 4 replies
  • 0 Likes

Resolved! PaloAlto and VCS gateway - H323 / SIP

Hi all,Installing a palo on network with VCSExpressway (cisco ToIP) module.After reading other discussion (https://live.paloaltonetworks.com/message/7757#7757, https://live.paloaltonetworks.com/message/12132#12132, , for a "full" compatibility between palo and VCS, we have to create app override for disabling the app L7 PA's analyse (for NAT rea...

VinceM by L5 Sessionator
  • 4363 Views
  • 2 replies
  • 0 Likes

Resolved! Can a Subnet Live on Both Sides of an IPSEC Tunnel?

We are planning on moving to a new office space. We need the networks in the new office space and the current office space up and running at the same time during the transition. This has raised the question on how this can even be done. We were wondering if it's possible to create IPSec VPN tunnels between offices on our PA3020s and have the sam...

Service Contract Ending

My service contract is about to end, and we are not planning on extending it as we are replacing our 3020s with some other firewalls. We are still planning on using the firewalls in our network, but not to do the threat detection stuff.I would like to make sure theses boxes still work if they are not under a service contract. It seems silly to...

kzaugg by L0 Member
  • 2858 Views
  • 3 replies
  • 0 Likes

SSL-VPN Portal not being displayed

Hello,we're running a couple of PA-500 v.3.1.5 in HA, with SSL VPN Client v.1.3.4.We're experiencing strange access issues to the VPN Portal depending on the browser being used.When trying to access the portal url we get a blank page with endless loading icon.This happens on Win7 64 with Firefox 28, while it works fine with IE9/10.On another sim...

GRE over ipsec

hello,I have an existing customer with an Cisco router. On this router is terminated a GRE over IPsec tunnel.Now they have bought an PA500 appliance. Is it possible to have the GRE over IPsec tunnel on PA, or the only way will be to reconfigure the tunnel to IPsec?thanks alotRudolf

PA-500/PA-20xx - tuning mgmt performance

Hi All,I`d like to start a discussion what we can do to improve the bad mgmtplane-performance (gui, commit times etc.) on the older platforms PA-500 and PA-20xx because there are still several customers out there with these devices and for the PA-500 there is still no new plattform (something like PA-1000) availble.Hardware:- RAM Upgrade: well...

indup089 by L2 Linker
  • 3663 Views
  • 5 replies
  • 0 Likes

Error when trying to commit

Hello,I am getting the following error when trying to commit and am not sure where to look. Error: Need to config WMI account and password for querying Microsoft directory serversThanks in advance.Bob

VPN Encryption/Authentication key's for Wireshark Decryption

It is possible to debug ESP packet's in Wireshark but to do so I will need to obtain the encryption key and the authentication key for the given VPN from my Palo Alto 5050. As an example - In Linux it's possible to get this information by running the command 'ip xfrm state':gw205:/ # ip xfrm statesrc 192.168.140.200 dst 192.168.140.205 proto es...

debsPal0 by Not applicable
  • 2523 Views
  • 1 replies
  • 0 Likes

Best or recommended way to connect PA to Windows Domain

What is the recommended way to connect a PA box to a windows domain?I see know there is a radius way of doing it, and i know this is the way other like to configure it.But there is alot more work configuring, and reconfiguring if i want to change/add any groups or access.Is there a reason we should not use Kerberos or LDAP?

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks