This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4236 Views
  • 0 replies
  • 0 Likes

AET & PAN

Hi everybody,last week I had a Stonesoft engineer in my lab demonstrating their techniques of exploit attack via AET. I tested my PAN NFR units (PA-200 & PA-2050) with IPS license last update, together with other vendors IPS units, protecting 2 pretty vulnerable client (one win xp sp2 the other ubuntu 6.04) .The result scared my quite a bit....

NGS_SOC by L3 Networker
  • 5561 Views
  • 5 replies
  • 0 Likes

Resolved! Aggregate Interface Failover

Hello, Is it possible to have two interfaces configured as aggregate interfaces in one AE group in way that if one interface goes down it does not force a failover to the backup firewall? Here's some background...I have two PAs set up with high availability. I have configured e1/1 and e1/2 as aggregate interfaces joined to the aggregate group ae...

MarkTan by L2 Linker
  • 4160 Views
  • 1 replies
  • 0 Likes

PA3050 Install

Install of a PA3050 from Cisco ASA. Getting data transfer errors and mail in a degraded state. Some mail is getting deferred from the mx servers. Some tcp syns are not being acknowledged correctly. Anyone see these same type of issues after a PAN 3050 install. Nat in place for external mail servers.Thanks,

Layer-3 Active/Active mode with ARP load-sharing

Hi AllI'm just wondering, if I'm using layer-3 sub-interfaces in active/active mode, is it possible to create ARP load-sharing for each sub-interface on both PA.by EX: sub-interface 1.102 with IP address 192.168.102.2 on PA-1 and 192.168.102.3 on PA-2 ARP IP 192.168.102.1sub-interface 1.110 with IP address 192.168.110.2 on PA-1 and 192.168.110....

Resolved! Antivirus Profile Issue

Hi Gents,I installed Palo Alto between clients and my server farm in VWire Active/Active mode.I created a policy for user access to the file server, and when I apply the antivirus profile to the policy the share accidentally hangs from time to time.the share size is a round 2 TB.how can I resolve that Issue, and by the way I created the antiviru...

Resolved! Active/Active HA in VWire Mode

Hi Gents,I'm just wandering if the Floating IP or ARP load-sharing configuration are required in vwire mode. or they are only required in layer-3 mode.all of the documentation I've read about that aren't clear enough.Regards,Maher

How to know object name of OID on PAN

I have an alert system to monitor performance all of device in my system, include my PAN.I can add all of each oid on the PAN, but I can not know the correspond name of each oid.Example : OID 11.3.6.1.2.1.2.2.1.10.1 is "ifInOctets"I have so many oid key: .iso.3.6.1.2.1.2.2.1.12.6; ..... many oid .I want to know name of each oid.Please help me ho...

Resolved! IPSec tunnel, delayed status update

I had one of our remote sites go offline two days ago due to an ISP outage. However, the site to site link showed as up for several hours before it finally dropped and showed as offline. IS there a setting to have this respond faster so it shows offline within minutes? Or is this working as designed?

QoS Bandwidth Per User

I would like to be able to limit our users to a certain amount of bandwidth at a time. I know I can do this for individual IPs, however is there a way with QoS to basically say, don't allow each individual IP on the network any more than 25Mbps or something along those lines?As it is now, I am having to setup DHCP reservations when I find a stu...

Resolved! Is it possible to have Global Protect start on Windows and Mac automatically?

Is it possible to have Global Protect start on Windows and Mac automatically when logging in? On a Mac I have added the Global Protect (GP) application to 'Login Items' (System Preference -> Users & Groups --> Login Items). GP starts automatically when logging in, however I am getting an error message saying 'Detected another instance ...

bbsoc by L2 Linker
  • 5822 Views
  • 4 replies
  • 0 Likes

Do Management Port, Console Port use MP?

Hello~PA Devices'plane divide MP, DPMGT, Console Port, Dedicate HA1, and usb port connect to MPand than the others port connect to DPIf RJ45 or SFP can be given mgt function or HA1 backup portDoesn't that use dp resource?If MP is worried Can HA1 Port keep communication between each device?

Treating & Blocking "incomplete" TCP traffic like a Brute Force?

Short question - can it be done?Now, I know what "incomplete" entries are in the log - they are failed 3-way handshakes, or ones that completed with no additional data. The problem is that "incomplete" is not an application or vulnerability that I can select and apply to rules in order to drop it. Now, I realize I could get rid of it by crafti...

aaronm by L1 Bithead
  • 5077 Views
  • 3 replies
  • 0 Likes

Monitor ISP with PA 3020

What is the method to monitor an ISP bandwidth usage through the palo alto firewall especially if you do not have google chrome?

infotech by L4 Transporter
  • 2529 Views
  • 2 replies
  • 0 Likes

Resolved! Optimizing a particular website

We have a website which all of our 500 users use daily. Our users do a lot of streaming (youtube, netflix, you name it). Depending on the user the "allow" rule for http, https and New-relic coudl be as much as 40+ rules down.Would it be beneficial to put a rule specific to that URL at the top of the site and disable AV, antispyware, "disable s...

BobW by L4 Transporter
  • 4170 Views
  • 3 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks