This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4442 Views
  • 0 replies
  • 0 Likes

Firefox SSL decryption issue

We've had PAN kit for the best part of a year and use it for SSL decryption among other things. The SSL certs were generated via a CA on our domain. IE, and Chrome work transparently, firefox used to. I know get a "This Connection is Untrusted" page in firefox.www.facebook.com uses an invalid security certificate. The certificate is not trusted...

depps by L1 Bithead
  • 5042 Views
  • 2 replies
  • 1 Likes

Resolved! Problem with SSL youtube app

Hi,From yesterday we have issues with the app categorization. We have a QoS profile defined for youtube with a max bandwith of 5mb.When we browse any https URL the PA appliance categorizes as "youtube-base", with an url categorization of "any":This is facebook browsing We have the update 406-2023, and tried to revert to the 405-2020 and we exper...

ecardona by L1 Bithead
  • 6063 Views
  • 6 replies
  • 0 Likes

Custom signature needed to detect "invalid username" response to a brute force login attempt (is it possible?)

Hi,I'm new to Palo Alto and custom threat signatures. I'm trying to detect invalid login attempts to a web site and apply a time rate. When the user enters an invalid username in the login, the site returns the text "invalid username". Which context would I use to search for this pattern match? I read the "Creating Custom Signatures" document, b...

itmgr by Not applicable
  • 6219 Views
  • 5 replies
  • 1 Likes

May I set the same ip in different interface between two virtual system?

I set ip address 192.168.1.254/24 in the ethernet1 which belong default router in the vsvy1.I try to set the same ip address in the ethernet2 which belong another VR in the vsvy2.When I commit, it will display duplicate address.I just do some lab about vistual system for my client.But I want to sure may I set the same ip in different interface ...

kylelee by L1 Bithead
  • 3133 Views
  • 1 replies
  • 0 Likes

Resolved! Exclude a Single IP from tunneling (Split Tunneling)

Hi,i can't figure out how to exclude a single IP-Address from tunneling over GlobalProtect. I actually see only the possibility to include single IP's or whole Subnets into tunneling.So what i'm trying to do is to exclude for example the IP 192.168.1.10 from tunneling. But the rest of this subnet should be tunneled. Does anyone know a solution?K...

vertical by L2 Linker
  • 7378 Views
  • 3 replies
  • 0 Likes

Can't dectec Viber ( Android Phone)

Hi allI user Viber, Kakatalk, Skype on my Android Phone.I sent text msg, voice call bay Viber, Skype, Kakaotalk.But Palo Alto only dectect Skype and Kakao talk I can't see Viber on Palo Alto?Pls help me know why.

dat.tran by L2 Linker
  • 4893 Views
  • 3 replies
  • 0 Likes

Problem with domain users to log in Palo Alto's Portal

HI all. I have the problem with domain users to log in Palo Alto's Portal. I configured as document: Admin Guide v5.0 already. However, It doesn't work correctly, domain account cannot log in. Please support me to fix this problem. Thanks

Hientt6 by Not applicable
  • 5288 Views
  • 7 replies
  • 0 Likes

Trust to DMZ (Zone to Zone) Security Policy Failure...

If an expert could please take a look at a test DMZ zone I'm trying to configure on a PA-500 with OS 5.0.8 and tell me where I've gone wrong I'd appreciate it!I realize it's wide open at the moment, but it's just for personal testing/understanding purposes.DMZ Interface:Static Route:Test NAT (should be irrelevant for this internal test):Test Pol...

Rules proccessing

Heyi have a problem that traffic does not match to a rulei have this rule"VIP Users" { profile-setting { profiles { file-blocking "Allowed file type-VIP"; } } option { disable-server-response-inspection no; ...

minow by L4 Transporter
  • 2173 Views
  • 1 replies
  • 0 Likes

PA500-Losing Config on reboot.

Hi Guys,Have an issue with a pa-500 firewall running 5.11 os. There are 2 problems:1. The system seems to reload every week or so which in itself is bad enough, but when it reloads it is backnto default config.2. A slightly lesser issue is that the monitor isnt showing any of the traffic from interfaces in the sam sec zone even though logging i...

Wes_Neary by Not applicable
  • 2448 Views
  • 1 replies
  • 0 Likes

1-to-1 NAT

Ok need some help. I have a 1-to-1 NAT that is not working. Monitor-Traffic shows the Application as incomplete. NAT PolicySecurity PolicyMonitor

ddavis1 by Not applicable
  • 6342 Views
  • 9 replies
  • 0 Likes

Routing Problem with Active/Passive and Two ISP Links

All,I have a bizarre situation and I'm wondering if anyone has seen it before. We are currently using a pair of 5050s in Active/Passive. They are configured with a very simple OSPF instance and have their default route injected via that OSPF instance. They are each connected via a single link to our ISP, let's call those interfaces on the ISP...

Resolved! Which are the PAN-DB URL categorization rules?

When an URL is categorized as malware by PAN-DB, I can´t find the reasons of such decision.Why has it been categorized as malware?Is there any way to know more about such decision?I will be grateful if you can explain me this decision.G.A.

  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks