This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Failed to get CRL http:// ...

Im getting tons of failed to get CRL errors in my logs all of the sudden. Im not sure what I did (if anything) to cause this.Ive tried to fix it,I tried to enable "Server CRL"I did a nslookup on crl.verisign.com and I cant see any connections outbound being denied.I cannot fix this.Any sugestions on how to fix this?What is this even for? I was ...

choff123 by L3 Networker
  • 5381 Views
  • 4 replies
  • 0 Likes

Resolved! Security Policy Configuration.

Hi Gents, here is my PA design as active active.to be clear, the server farm is connected to the Core switches, and the Clients are connected to both Agg switches.the PA Configuration is in VWire mode.the question here is, when I create a security policy to allow access clients to access the servers for specific applications on the servers. shou...

Methods for creating security policies

When creating security policies would it be better to create a separate policy for inbound and outbound traffic, trusted and untrusted, per user group or one policy to manage both ways to minimize number of policies

Resolved! GRE protocol traffic

Hello to All, I noticed some strange behavior regarding GRE protocol, and try to explain what exactly is strange:Customer has unfortunate GRE VPN tunnel and in one policy "Public_ulaz_GRE" they stated to pass only GRE and NVGRE protocol respectively. (following picture) But, when you filter traffic by mentioned policy, you can see that beside l...

Tician by L3 Networker
  • 6391 Views
  • 2 replies
  • 0 Likes

Setting Restricted Access to Certain GlobalProtect Users

All,I am a PA beginner so bare with me. I am trying to restrict access to only a few servers to several of our GlobalProtect VPN users. I could set these users into groups but how would I restrict access for each group? We have a PA-500 with 5.0.6 OS version. Let me know if any other info is needed.Any help would be appreciated!Thanks,Troy

TroyFlex by Not applicable
  • 12458 Views
  • 4 replies
  • 0 Likes

Captive Portal - need help with configuration

HelloI'm using CP since over 6 months. It's working quite good.I moved my servers from internet (untrust zone) to my DMZ zone. I realized that traffic between WiFi network and servers in DMZ (using public adreses) is allowed without CP.In WiFi zone I have two networks: WiFi and WiFi_konferencja - traffic between them also should be blocked.I cre...

_slv_ by L4 Transporter
  • 5155 Views
  • 5 replies
  • 0 Likes

Application and Threat Summary report

Hello,i am confused a little bit when i found out that 10.0.0.0-10.255.255.255 is listed in Top 5 Destination country. What actually refers 10.0.0.0-10.255.255.255 in this instance?Regards,

OmarKhan by Not applicable
  • 2561 Views
  • 1 replies
  • 0 Likes

Resolved! schedule dynamic updates from Panorama

Dear,I was wondering if it was possible to schedule a dynamic update (download&install) from Panorama.I know I can configure dynamic updates from the panorama (templates/device/dynamic updates). But I don't want my devices to download the dynamic updates since they have no internet access; I want the Panorama to download them and push them t...

mr.linus by L4 Transporter
  • 3271 Views
  • 1 replies
  • 2 Likes

M-100 - Log collector storage commands

Anyone know the command to show the actual distribution of current logs on a log collector? Basically, i need the output of "show system logdb-quota" at a collector level. I know how to view my defined % allocations and how view the overall disk space usage. I just need a current view of my current usage by log type, so i can re-allocate more to...

chrisp by L3 Networker
  • 2991 Views
  • 2 replies
  • 0 Likes

Resolved! File Types blocking and logging

Hi Gents,I have installed Palo Alto 5050 between the users and my Server Farm.the Issue here is that I created a policy that allows access to the file server based on specific applications or ports, but now I want to prevent usersfrom saving mp3, and video files on my server. so I created a files profile that blocks these file types, and assigne...

Resolved! Blocking videos for a special url category

Hi,We know that url category only works with http and https.So if we want to block all videos(http-video,flash,youtube videos) for a url category(for example social-networking), can we do this with PaloAlto ?(with custom signatures or anyhting else)

Zone protection isnt blocking scan

HiWe have created a zone protection profile for zones UNTRUST/DMZ/TRUST to prevent scan but we have realised that this zone protection profile isnt working.Why isnt blocking this scan??? we have the default values in the zone protection profiles....I attach a screenshot about the scanThanks

Network Monitor

Hello all,I've noticed that when I compare the last 6 hours verses the last 12+ hours the bandwidth show double the bandwidth usage? Can some please explain why this is the case?thanks for all replies.

Resolved! Blocking file downloads based on content disposition

Hello,We are trying to block specific files based on the content disposition. Using all the different context values for http traffic has proven ineffective. The issue is that we don't see the file name until the end of the file download. A screen shot of the packet capture is shown. Support has not been successful at providing me how to ide...

HITSSEC by L4 Transporter
  • 3224 Views
  • 2 replies
  • 0 Likes

How to export all logs ( eg 5 moths detailed) to CSV or any other format?

Hi All,How to export all logs ( eg 5 moths detailed) to CSV or any other format?From monitor -> logs -> traffic i tried to export to CSV but it showing only for one day, is there any way to export all logs? In monitor -> Reports it showing logs from From 4th Feb 2013 to till date, bur when i tried to export to CSV from logs -> traf...

Gururaj by L4 Transporter
  • 15771 Views
  • 10 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks