This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4226 Views
  • 0 replies
  • 0 Likes

How to match MAC to IP in BYOD environments with IPv4 and IPv6

Hi,it is not easy to locate devices making trouble without having a reliable MAC-IP mapping in BYOD environments. With IPv4 we can solve this at the switches side with DHCP-Snooping ans ARP-Protect to assure that only IP addresses assigned by DHCP can be used. With IPv6 I have to find a new solution assure only IP addresses I can map to a device...

Unibw by L2 Linker
  • 3220 Views
  • 2 replies
  • 0 Likes

Why does User-ID suddenly stops ?

Hello,We have a customer who is using PA-3020 in L3 A/P cluster, running PanOS 5.0.2.We have set up User-ID with PanAgent services (Primary and Secondary) installed on two different servers members of the domain.User-ID is configured to be based on :- Security logs- Sessions- ProbingOn 4 different servers :- 2 AD servers- 2 Exchange serversThe U...

ldormond by L3 Networker
  • 3999 Views
  • 2 replies
  • 0 Likes

Resolved! Rate limiting egress on perimeter install

I have a client where I would like to rate limit egress traffic from an internal source IP. This source IP tends to be a major bandwidth hog. I currently have no QOS profiles setup but I do see the option to limit egress I believe.Are QOS profiles the easiest / only way to do this? Does QOS allow you to limit based on a single IP?

SDorsey by L4 Transporter
  • 2416 Views
  • 1 replies
  • 0 Likes

Resolved! Can I create a custom file type?

As per the subject, is this possible to do?We'd like to have specific types of files logged when it enters or leaves our network but since there is no such file type on the system, it isn't being logged.Thanks

eugenep by L3 Networker
  • 5749 Views
  • 6 replies
  • 0 Likes

Cannot set new certificate to portal

Hello all,Because of a domain name change, I created a new CA certificate on the PA500 which is our portal. I set this certificate as server certificate in the Portal settings. I committed, restarted the web-server and sslvpn processes.But the new portal website still has the old certificate. How can I make the new certificate active on the port...

bsanders by L2 Linker
  • 3834 Views
  • 4 replies
  • 0 Likes

Vulnerability Protection - Host Type field

I am looking for clarification as to how the 'Host Type' field works in a vulnerability protection profile.For instance, we have a profile configured to protect our DMZ with six rules as follows:RuleThreat NameCVEHost TypeSeverityActionclient-criticalanyanyclientcriticalblockclient-highanyanyclienthighblockclient-mediumanyanyclientmediumalertser...

MikeBull by L0 Member
  • 4405 Views
  • 1 replies
  • 0 Likes

Resolved! No new traffic logs

I have a problem that my PA 2020 firewall is not generating any new logs. I was on a remote session with an engineer yesterday for something unrelated and in the course of that call the logs stopped generating. It wasn't until today that I went and checked the logs for a problem I was trying to investigate did I notice the logs stopped generatin...

JRussell by L3 Networker
  • 3102 Views
  • 2 replies
  • 0 Likes

Resolved! forwarding with pbf No Nat

Hi,We wanted to forward the traffic coming on public interface (1.1.1.1) with port 80 to an another ip address on another interface (DMZ - 2.2.2.2)just to forward, not want to NAT,we've written a Pbf untrust to 1.1.1.1 with destination port 80 forward eth/DMZ 2.2.2.2That did not work.Also traffic doesn't match to that pbf.What is missing ?

Resolved! Custom search in ACC

Hi,Is it somehow possible to use "custom" filters in the ACC?I like the drill-down features in the Application Command Center(ACC), but what I'm trying to do is to drill-down on specific applications that do not appear in the "top 25".Currently I have to "click" on the application to continue to drill down, but what I want to do is to manually s...

Natti by L1 Bithead
  • 4559 Views
  • 3 replies
  • 0 Likes

MIBS for SSL VPN

Does Palo Alto have any documentation on MIBS for SSL. If so could someone point me in the right direction.

Resolved! Web Management DOWN?

Hi,We are trying to look at the ACC tab, but we receive "No Matching Records" in all te categories:I tried to restart the web-management, but I received this error: admin@PA> debug software restart management-serverProcess 'mgmtsrvr' executing RESTARTDec 06 12:35:16 Error: pan_read_full(comm_utils.c:97): srvr: fatal recv error. sock=3 err=Co...

ecardona by L1 Bithead
  • 3545 Views
  • 3 replies
  • 0 Likes

NAT Over IPSEC VPN

Hi,I am facing a problem with NAT over IPSEC VPN.I am trying to configure the NAt for incoming traffic from the client over a site to site VPN and basically i want to do a destination translation of the IP they access to my internal server IP.The Client is in VPN zone and my server sits in the DMZI configured Rule like thisSource zone(VPN)-Sourc...

Resolved! Deny internet access by OS

hi there,is there a possibility to create a rule to deny internet acces by specific os?i want to disconnect a large set windows xp clients from the internet, but allow access fo win7 clients.thank yousascha

skemena by L1 Bithead
  • 3303 Views
  • 2 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks