This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

SSL Decryption firewall vs web proxy?

Hi,I see the Palo Alto firewalls can do SSL decryption inbound and outbound in order to inspect the contents for threats is there an advantage to doing this on the palo firewall as opposed to the ironport web proxy?It looks to me like a good idea to do outbound SSL on the proxy as that would see the traffic first but inbound ssl to our servers o...

sworton by L0 Member
  • 3761 Views
  • 1 replies
  • 0 Likes

Resolved! cannot understand drop reason

heyi have a client that connects to a remote site using GP, and that site have s2s vpn to my site,we have problems connecting to a server in that site, we can i cannot see and drops in the traffic or threat logs,i have put filter on the ips and used tha show global couters shows this drops:Global counters:Elapsed time since last sampling: 5.880...

minow by L4 Transporter
  • 14610 Views
  • 11 replies
  • 1 Likes

DoS Protection - Calls to aspx

Hi,I am wanting to create a DoS protection rule specific to http uri requests that have /*.aspx (so, the uri is at the root). I was approaching this by creating a custom application with a signature with the following:pattern matchcontext: http-req-uri-pathpattern: /*.aspx/*qualifier: http-method GETHowever, this pattern does not meet the 7byte ...

AmyTyler by L2 Linker
  • 3557 Views
  • 3 replies
  • 0 Likes

trafic shaping

Hi All, Please I need to prepare a document about QoS epecially about traffic shaping on PAN-500 PaloAlto firewall. so I need to know the following points: Is traffic shapping and QoS is configured based on porcentage or on the amount of bandwidth (i.e: 500kbps) per user or per application, if someone can send me a document regarding this it...

Lahcen by Not applicable
  • 3122 Views
  • 3 replies
  • 0 Likes

Pa-2020 and number of rules

Hi,I have PA-2020 and 160 rules. Management plane is slow in responding. Management CPU is often 98%. Commiting changes takes 10 minutes. From time to time first commit fails with error "Management server failed to send phase 1 to client websrvr". What is going wrong? Too many rules affect performance?Thanks,Radoslaw

UMWL by L0 Member
  • 4842 Views
  • 6 replies
  • 0 Likes

PANOS 6 Syslog Different?

I'm running a PA-200, recently upgraded to PANOS6.0, and noticed I'm not receiving traffic logs to my syslog server. When on 5.x of PANOS I was receiving change configuration, traffic logs, etc to my syslog/firewall analyzer application ManageEngine FirewallAnalyzer, but after upgrading to 6.0, I'm only receiving config messages (restarts, chang...

robg303 by Not applicable
  • 9319 Views
  • 15 replies
  • 0 Likes

NCAA Video Streaming

I work for a K12 with very limited bandwidth. I need to determine what the appid will be for to block video for the upcoming NCAA tourney.Does anyone know how this traffic will be classified? --I can't block all video streaming because our teachers use legit video in class....--Keith

Resolved! Portstatus on passive node.

Hi Guys,Just a small question.I'm going to build a small setup using a SRX-cluster with PA-200-cluster directly connected to it.My question: Are the interfaces on the passive pa-node fysically down when not in use? ( or is this configurable? )Why: I want to connect the reth-interfaces through the PA using v-wire to spare me more routing-config.T...

paulmeys by L1 Bithead
  • 3358 Views
  • 3 replies
  • 0 Likes

"Forward" Field on External OSPF Routes

I'm having some problems getting our traffic engineering working with OSPF, and I think I've finally figured out what's happening. But I can't figure out how to stop it.I think the problem is coming from how the PAN firewalls are importing the external static routes into the area. Here is a "dumplsdb" snippet for one such network, 3 0.0.0.1 ...

cosx by L2 Linker
  • 3939 Views
  • 2 replies
  • 0 Likes

LDAP Authentication Fails Becuase Username Has Space

Running into an issue with LDAP authentication. I'am able to successfully login via LDAP authentication when the username does not contain a space. However if the username contains a space (ie palo alto) the system logs show "User \'test\palo alto\' failed authentication. Reason: Authentication profile not found for the user From: x.x.x.x". I...

shp555 by L2 Linker
  • 10421 Views
  • 10 replies
  • 0 Likes

IPv6 feature list?

Is there a canonical list of IPv6 capabilities included in PAN-OS 6.0? I have a customer asking many pointed questions and it would be useful to have one to reference.Best,Corey

Getting errors: Running Configuration not synchronized after retries

Hello. I have two PA 5050's in an HA active/passive pair. I will randomly - once a week get a message "SYSTEM ALERT : critical : HA Group 1 : Running configuration not synchronized after retries. If I check on the dashboard-HighAvailability - I see the config is not synchronized. If I wait a few seconds and refresh this status and the config...

ZachSmith by Not applicable
  • 7140 Views
  • 5 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks