This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4227 Views
  • 0 replies
  • 0 Likes

Resolved! 10G link aggregation PA-5050 to Juniper EX4500 switches

Hi everyone,I'm having a bit of trouble configuring link aggregation between my PA-5050 and Juniper EX4500 switches over 10G interfaces. The problem seems to stem from the fact that the PA-5050 link-aggregation dialog gives two options for link speed: 1000 or Auto, whereas the EX4500 configuration requires a hardcoded 10G speed setting.How can ...

Mack by L2 Linker
  • 4578 Views
  • 3 replies
  • 0 Likes

Resolved! Does anyone have Applipedia in an Excel Spreadsheet?

I am in the process of building an Internet Gateway policy and need to review the 1,791 applications and make a decision to allow or block each application.It would be really great if the application information was in an .xls (Category) (Subcategory) (Technology) (Risk) (Characteristic). Then I could add columns like (Aproved) (Global Policy) (...

Limitations in virtual wire mode?

Hello all,I've checked all docs and guides and did not find any documented limitations (such as features not available) when PA is deployed in virtual wire mode. Does this mean that ALL possible features are available both in routed and VWire mode?For example: if I deploy PA in VWire mode between the Internet router and a L3 Core switch with mul...

efellows by L1 Bithead
  • 10478 Views
  • 5 replies
  • 0 Likes

Resolved! Adding a Custom Application/Ports to Security Policy

Maybe my thought process is wrong so I am hoping somebody can set me straight. I have a few non-standard ports that need to be opened on the firewall. They don't belong to any application so I need to allow the ports. What I have done is created custom applications with basically just a name and the ports used (no signatures). I created an appli...

Resolved! Block IP address

Hello,Is there a way to block a specific IP address if you detect multiple threats coming from this IP? For example block an IP address after the detection of 5 threats coming from this IP within 1 minute.I know you can block an IP but only as an action after the detection of a specific threat.Kind regards

GlobalProtect Internal/External Network Detection Status

I have a firewall setup as a gateway/portal allowing users GlobalProtect client to prelogin and/or automatically log in when not on the corporate network. This is in the early testing stages and what I am noticing is the following. If I am on the internal network (determined by Internal Host Detection) and then switch to an external wireless c...

ccaruso by L0 Member
  • 2676 Views
  • 1 replies
  • 0 Likes

Can I use my Aruba Clearpass to resolve users on the network

We currently use Radius to resolve user logins with IPs and computer names on the firewall but I cannot resolve the BYOD user names. Since thos are resolved in clearpass is there a way I can leverage Palo Alto to use ClearPass authentication to connect those users to IPs and log them in the PA-500?

Resolved! Rest API call to clone URL Filtering profiles as "Shared" or "Vsys Specific"

Hi All,I have 2 URL Filtering Profiles. One profile has the location as "Shared" and the other has "Predefined".When I try to clone these profiles using the PAN GUI, I get an alert sayingDo you want 2 cloned URL Filtering Profile objects to be shared across multiple virtual systems?If I select "Yes", the profiles are cloned with location as "Sha...

vp194m by L1 Bithead
  • 3311 Views
  • 1 replies
  • 0 Likes

PBF: unused rules

Hey all,I am using multiple PBF rules and am 100% sure that nearly half of them have been hit after the last reboot. However, when I select "Highlight unused rules", it highlights all my rules..Anyone else seeing this?Kind regards,Bob

Resolved! Trying to unblock one website from a blocked country

I have several countries blocked in our firewall but due to business reasons I need to allow one website from one of those countries. I added a custom URL category and added the site. I then created a URL filtering profile and added that category to it. Then assigned that profile to the block rule. It is still blocking the site. I turned on dyna...

JeffTQT by L2 Linker
  • 5078 Views
  • 2 replies
  • 0 Likes

QoS and VLAN

Hi,is it possible to assign a QoS Profile to a L3 Subinterface? In my configuration on 5.0.2 there is the possibility only to physical interfaces.Best regards,Robert

Resolved! Scheduled captive portal and byod..

Hi,We use a PA500 box on 5.0.3 in a boarding school environment.I want CP only to be active during lessons and not in the afternoon / evenings.. However I cannot find how to apply a schedule to my CP. How do I do that?Also the students are complaining about having to relogin every time one of their devices are powered up from suspended mode. ...

Resolved! decrypt ldaps traffic

hey all,I would like to decrypt my ldaps traffic that is now showing up as ssl in my traffic logs.I can not seem to get it to work- with ssl forward proxy decryption, I break the ldaps connection altogether and my ldap connection just fails.- with inboud ssl decryption (with the AD-ldaps certificate + private key imported), the palo alto just re...

mr.linus by L4 Transporter
  • 4217 Views
  • 2 replies
  • 0 Likes

crilock.a (CRYPTOLOCKER HIJACK)

Does any one knows if this has been detected and addresed by PAN, just trying to stay informed, could not find it in the latest virus definitios updateThanksLuis Cabrera

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks