This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4254 Views
  • 0 replies
  • 0 Likes

Resolved! We had a vendor run a vulnerability report I was hoping someone could decipher for me?

Not sure what this means and how to alleviate it? The firewall is running 4.1.13.SSL/TLS Protocol Initialization Vector Implementation Information Disclosure VulnerabilitySynopsis : It may be possible to obtain sensitive information from the remote host with SSL/TLS-enabled services. Description : A vulnerability exists inSSL 3.0 and TLS 1.0 tha...

Resolved! Application Still showing up after removal from Security Rule

I recently added the ms-lync-online app to a rule in my PA-500. We decided we didn't need it and removed it. After a month of commits and saves that app is still showing up in the commit window summary and asking for a required app with it. I have checked everywhere and that app is not part of any rule but the PA unit still thinks it is. Any...

GlobalProtect Host State Does Not Detect Antivirus

I have a support ticket open about this as well, but I was wondering if anyone has encountered an issue where GlobalPortect does not detect the antivirus installed on your computer for HIP checks to work and know of a fix for it? I have the latest version of Microsoft Security Essentials with the latest version of GlobalProtect (2.0.0). Thanks,Mark

MarkTan by L2 Linker
  • 3731 Views
  • 1 replies
  • 0 Likes

How to increase amount of log data removed by database purge

I currently have a very large number of "Current size of threat log database exceeds alarm threshold."On occasion I do see that logging stops at some point during the day and then resumes after the nightly database purge occurs.I would like for the nightly purge to purge out more of the log data than it is currently purging. I would like to not...

EdwinD by L3 Networker
  • 6718 Views
  • 7 replies
  • 0 Likes

NTP attacks - threshold-based blocks?

Our campus has been getting a lot of NTP DDoS attacks of late. While the simple solution would be to shut it down except for necessary systems, the problem (as per usual in public-sector) is that everyone seems to want to run something that uses it and complains if we start blocking. Looking at the attacks, it's very easy to see the difference ...

aaronm by L1 Bithead
  • 9657 Views
  • 9 replies
  • 1 Likes

Resolved! activ/passiv-cluster police in sync but different rule handling

Hi everyone,some trouble if i turn the activ one to the passiv and vice versa. the policy was syncronized but the result was different.Same rule and same source / destination and same App (ssh). in the unsuccessful log i can't either see session- id or outbound-interface.successfulunsuccesfulboth ports are identically configured and are up. I ap...

kdd by L4 Transporter
  • 3089 Views
  • 2 replies
  • 0 Likes

Dynamic updates ERROR after updated 6.0.0. Why? HELP

HI I updated yesterday software from 5.0.10 to 6.0.0 But after such an error occurredBefore that everything was normalBut after such an error occurredmany reboots, many check updates but the error is stillWHY HOW TO FIX HELP

MRPAM by L1 Bithead
  • 4506 Views
  • 4 replies
  • 0 Likes

Resolved! Wildfire in Dynamic Update

Hello~Since PAN OS 5.0.x more We can download wildfire signatures in dynamic updatebut I don't know understand about Minutes Pass HourIs it same the other AV, Content threshold (hours)?

Resolved! Where is SSL processing done - data plane or management plane?

Bit of a curly one which I'm not sure of the answer on.We're hitting our PA2020's pretty hard in the SSL VPN department (now hitting up to 50 or 60 clients at a time), a reasonably recent ramp-up owing to some business expansion - also have several IPSEC VPN's running through the same box.I'm noticing that in my performance graphing, the firewal...

darren_g by L4 Transporter
  • 5642 Views
  • 6 replies
  • 0 Likes

DoS applictation attack to DNS server - how to prevent, and how to create report showing IP addressess with the highest number of session (not bytes) opened to it

From time to time I observe a lots of DNS queries (not UDP floods) from Internet to my DNS servers. Unfortunately those queries have negative inpact to my old firewall (it can't establish so many sessions, which makes the network stops).Probably my DNS servers are targets of:- DoS application layer attacks: target specific applications, eg DNS d...

PA acquires stealth mode startup Morta

"Morta Security is a stealth-mode start-up developing a new paradigm to counter advanced cyber threats. Traditional layered network defense is broken and Morta is poised to turn the tables on advanced attackers. Led by executives and engineers from the National Security Agency, Morta's technology uniquely combats advanced malware. We mix start-u...

Cisco VPN Client syslog to user-id agent

Hi,We are trying to have Cisco ASA VPN server to send syslog message to kiwi syslog server. The kiwi syslog server uses the vbscript to feed vpn username and vpn assigned ip address to user-id agents. The cisco vpn client log-off message does not contain the vpn assigned ip address. Anyone solve this problem before?Thanks,Ernest

  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks