This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4254 Views
  • 0 replies
  • 0 Likes

Resolved! PaloAlto and VCS gateway - H323 / SIP

Hi all,Installing a palo on network with VCSExpressway (cisco ToIP) module.After reading other discussion (https://live.paloaltonetworks.com/message/7757#7757, https://live.paloaltonetworks.com/message/12132#12132, , for a "full" compatibility between palo and VCS, we have to create app override for disabling the app L7 PA's analyse (for NAT rea...

VinceM by L5 Sessionator
  • 4412 Views
  • 2 replies
  • 0 Likes

Resolved! Can a Subnet Live on Both Sides of an IPSEC Tunnel?

We are planning on moving to a new office space. We need the networks in the new office space and the current office space up and running at the same time during the transition. This has raised the question on how this can even be done. We were wondering if it's possible to create IPSec VPN tunnels between offices on our PA3020s and have the sam...

Service Contract Ending

My service contract is about to end, and we are not planning on extending it as we are replacing our 3020s with some other firewalls. We are still planning on using the firewalls in our network, but not to do the threat detection stuff.I would like to make sure theses boxes still work if they are not under a service contract. It seems silly to...

kzaugg by L0 Member
  • 2921 Views
  • 3 replies
  • 0 Likes

SSL-VPN Portal not being displayed

Hello,we're running a couple of PA-500 v.3.1.5 in HA, with SSL VPN Client v.1.3.4.We're experiencing strange access issues to the VPN Portal depending on the browser being used.When trying to access the portal url we get a blank page with endless loading icon.This happens on Win7 64 with Firefox 28, while it works fine with IE9/10.On another sim...

GRE over ipsec

hello,I have an existing customer with an Cisco router. On this router is terminated a GRE over IPsec tunnel.Now they have bought an PA500 appliance. Is it possible to have the GRE over IPsec tunnel on PA, or the only way will be to reconfigure the tunnel to IPsec?thanks alotRudolf

PA-500/PA-20xx - tuning mgmt performance

Hi All,I`d like to start a discussion what we can do to improve the bad mgmtplane-performance (gui, commit times etc.) on the older platforms PA-500 and PA-20xx because there are still several customers out there with these devices and for the PA-500 there is still no new plattform (something like PA-1000) availble.Hardware:- RAM Upgrade: well...

indup089 by L2 Linker
  • 3718 Views
  • 5 replies
  • 0 Likes

Error when trying to commit

Hello,I am getting the following error when trying to commit and am not sure where to look. Error: Need to config WMI account and password for querying Microsoft directory serversThanks in advance.Bob

VPN Encryption/Authentication key's for Wireshark Decryption

It is possible to debug ESP packet's in Wireshark but to do so I will need to obtain the encryption key and the authentication key for the given VPN from my Palo Alto 5050. As an example - In Linux it's possible to get this information by running the command 'ip xfrm state':gw205:/ # ip xfrm statesrc 192.168.140.200 dst 192.168.140.205 proto es...

debsPal0 by Not applicable
  • 2556 Views
  • 1 replies
  • 0 Likes

Best or recommended way to connect PA to Windows Domain

What is the recommended way to connect a PA box to a windows domain?I see know there is a radius way of doing it, and i know this is the way other like to configure it.But there is alot more work configuring, and reconfiguring if i want to change/add any groups or access.Is there a reason we should not use Kerberos or LDAP?

Resolved! Comprehensive report

I have had my PA 3020 in line for about 4 months. Can anyone suggest a report to run that we give me a good over all idea of how well the firewall is working?

infotech by L4 Transporter
  • 4707 Views
  • 7 replies
  • 0 Likes

youtube detection failure

creating security policy to allow specif users to use applications web-browsing and SSL with destination any with using SSL decryption policy which decrypt all.after this policy there is implicit deny .the issue that palo alto cant` detect youtube application , monitoring shows that is web-browsing is permitted and falsh is denied !!!!how i can...

User-ID Agent

hello.... Can a User-ID Agent connect to more than one firewall?if so, how do you set up the other ones?

Resolved! Active/Active & IPSec Trouble

After implementing HA Active/Active, we left S2S VPN tunnels alone. Ultimately no changes to IKE Gateways. The S2S terminate to a /30 address that is statically routed from the ISP to ethernet1/12 on the active-primary. Tunnel interfaces and their routes are identical on both primary and secondary, IKE Gateways are NOT synced as this is just ...

dshue by L2 Linker
  • 8080 Views
  • 4 replies
  • 0 Likes
  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks