This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4227 Views
  • 0 replies
  • 0 Likes

VPN is UP but no traffic flows through

HelloI have noticed the issue a few times, when the VPN was UP but no traffic was going through. I had to clear the VPN for the traffic to flow again. Has any one had this issue and is there anyway to stop this from happening again?When monitoring the policies, i could see incomplete applications which would be normal when traffic doesnt flow th...

shyams by L0 Member
  • 4008 Views
  • 4 replies
  • 0 Likes

Resolved! PA and SSTP

Hi,does anyone know about issues on using a MS SSTP VPN behind a PA. Especially when natting from a non-standard port (f.ex. 5002) to 443 port of the server.The Logs look good, but shows 'incomplete' in the 'application' columns.Kind regards.

vertical by L2 Linker
  • 5361 Views
  • 5 replies
  • 0 Likes

How do you Commit the configuration of a Panorama to an existing HA Pair of 5060s?

I followed the instructions from “Panorama-Device-Migration-Tech_Note-revB.pdf” using the CLI method to capture the configuration of an HA Pair of 5060 running PAN OS 5.0.11 and paste it to the Panorama running PAN OS 6.0. The Migration Checklist states during the cutover process to cutover 1 firewall first. The document states after deleting th...

Nonno1 by L0 Member
  • 2937 Views
  • 2 replies
  • 0 Likes

Captive Portal Timeout no new Session - Cisco VPN Client

Hi there,I'm facing the following challenge.We have various guest users being authenticted via the captive portal after that, they are using their cisco vpn client.So there is only one session.And because all traffic is routed to the vpn connection no new sessions would be established.Our idle timer was 1800 minutes and after that the connection...

Threshold block

I want to block access to the users only if they watch youtube and the bandwidth consumed is more than 500 Mb.Is this possible. Can this be done.

Westcon2 by L3 Networker
  • 5907 Views
  • 7 replies
  • 0 Likes

Need advice whitelisting external network vuln mgmt scanners

Curious what other PAN companies are doing for this? What best practices around whitelisting your own Vuln mgmt internal and external scanners? When we asked PAN support, they recommended adding a new security policy to top, but that's not scalable because it needs to be updated each time we allow a new service or security rule inbound. Looking ...

Panorama Virtual Appliance

We're getting ready to migrate from CP to PAN. We have a lic for the Panorma Virtual Appliance. Looking at the doc; 10 or less firewalls is recommended, we have bit more. Has anyone experienced this? Documentation doesn't say why, leaves me wondering if we should reconsider going to physical device before starting?

dvlacic by Not applicable
  • 2226 Views
  • 1 replies
  • 0 Likes

Use of Web Content Filtering for WAN VPN connected PCs?

What would be the best way to go about using the content filtering if possible through the Palo device through PCs that are connected via WAN VPN connections? The current WAN connection is a split tunnel using a Cradlepoint router. Is there a way to use the Palo device as a proxy?

cparrish by Not applicable
  • 2084 Views
  • 1 replies
  • 0 Likes

Firefox SSL decryption issue

We've had PAN kit for the best part of a year and use it for SSL decryption among other things. The SSL certs were generated via a CA on our domain. IE, and Chrome work transparently, firefox used to. I know get a "This Connection is Untrusted" page in firefox.www.facebook.com uses an invalid security certificate. The certificate is not trusted...

depps by L1 Bithead
  • 4981 Views
  • 2 replies
  • 1 Likes

Resolved! Problem with SSL youtube app

Hi,From yesterday we have issues with the app categorization. We have a QoS profile defined for youtube with a max bandwith of 5mb.When we browse any https URL the PA appliance categorizes as "youtube-base", with an url categorization of "any":This is facebook browsing We have the update 406-2023, and tried to revert to the 405-2020 and we exper...

ecardona by L1 Bithead
  • 5983 Views
  • 6 replies
  • 0 Likes

Custom signature needed to detect "invalid username" response to a brute force login attempt (is it possible?)

Hi,I'm new to Palo Alto and custom threat signatures. I'm trying to detect invalid login attempts to a web site and apply a time rate. When the user enters an invalid username in the login, the site returns the text "invalid username". Which context would I use to search for this pattern match? I read the "Creating Custom Signatures" document, b...

itmgr by Not applicable
  • 6146 Views
  • 5 replies
  • 1 Likes

May I set the same ip in different interface between two virtual system?

I set ip address 192.168.1.254/24 in the ethernet1 which belong default router in the vsvy1.I try to set the same ip address in the ethernet2 which belong another VR in the vsvy2.When I commit, it will display duplicate address.I just do some lab about vistual system for my client.But I want to sure may I set the same ip in different interface ...

kylelee by L1 Bithead
  • 3098 Views
  • 1 replies
  • 0 Likes

Resolved! Exclude a Single IP from tunneling (Split Tunneling)

Hi,i can't figure out how to exclude a single IP-Address from tunneling over GlobalProtect. I actually see only the possibility to include single IP's or whole Subnets into tunneling.So what i'm trying to do is to exclude for example the IP 192.168.1.10 from tunneling. But the rest of this subnet should be tunneled. Does anyone know a solution?K...

vertical by L2 Linker
  • 7230 Views
  • 3 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks