This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4237 Views
  • 0 replies
  • 0 Likes

Resolved! decrypt ldaps traffic

hey all,I would like to decrypt my ldaps traffic that is now showing up as ssl in my traffic logs.I can not seem to get it to work- with ssl forward proxy decryption, I break the ldaps connection altogether and my ldap connection just fails.- with inboud ssl decryption (with the AD-ldaps certificate + private key imported), the palo alto just re...

mr.linus by L4 Transporter
  • 4224 Views
  • 2 replies
  • 0 Likes

crilock.a (CRYPTOLOCKER HIJACK)

Does any one knows if this has been detected and addresed by PAN, just trying to stay informed, could not find it in the latest virus definitios updateThanksLuis Cabrera

Resolved! Monitor incoming and outgoing network traffic

We are going to switch over to a new CRM system Monday that will be hosted in the cloud. I am wanting to monitor the network traffic to see what the increase is once we switch over and where there are any bottlenecks. Can someone tell me how to setup this tyupe of monitring on a Palo Alto device? I have a PA-3020Thanks

Resolved! Block User Internet connectivity if not connected to Global Protect

Hi,I've already setup a Global Protect for a client, I've also went through all possible guides and discussion here and never found a word on that.My client wants to block all internet connectivity for users having the GP Agent if it is not connected. They are looking at this as a measure to enforce centralized Internet access , therefore securi...

efellows by L1 Bithead
  • 7286 Views
  • 2 replies
  • 0 Likes

Dropped traffic - no log

Hey,Setup:LAN network on interface eth1/2, security device on interface eth1/3 and vpn on interface tunnel.1.Zone L3-LAN contains eth1/2Zone L3-VPN contains eth1/3 and tunnel.1Traffic flow:A client in the LAN sends a packet to a device behind the VPN tunnel. A PBF rule is in place that traffic originating from eth1/2 to a network behind the VPN ...

Resolved! I'm not able to setup Netflow on Palo alto 5.0.4

Dear all I'm not able to setup netflow on Palo alto 5.0.4As i followed the menu Network-> Interfaces-> Ethernet. Click the link for the interface on the Ethernet tab -. But i can not find netflow on this menuCould you advise me more.. please ? Thanks

Firewall Statistics Report

We are looking at upgrading our firewalls from the PA-500 to the PA-3050s. The company I work for is growing fairly rapidly and it's looking good that the company will continue to grow. In order to get the funding for these firewalls we need to prove that we need them or at least that the 500s are obsolete or are quickly becoming that way. I am ...

Unauthorized SSH access through port 22

HelloI have a rule that permit traffic from "untrust" to some servers in "DMZ" but only for applicacions FTP, SSL and web-browsing, the problem is someone has gained access through SSH using the tcp 22. Shouldn't the PaloAlto has block this kind of traffic? Anyone knows a solution for this problem or know how to block some ip address?Best regard...

SOC_CSG by L4 Transporter
  • 5408 Views
  • 2 replies
  • 1 Likes

URL Filtering in Vwire SSL Trust Question

Hi,I have a customer who is currently only running the PA in vwire. They need to have custom URL filtering continue and override pages.My question is what needs to be done to have the end users browsers trust the certificate in vwire?I know in layer 3 mode I can use a pushed out trusted root certificate going to a L3 interface. Based on my testi...

bparker by Not applicable
  • 3047 Views
  • 2 replies
  • 0 Likes

Resolved! Integration between websense and Palo Alto

Hello All,I really need your fast help in an issue I have.I would like to know, if I configured the Palo Alto to forward http and https traffic on ports 80, 443 to websense using "policy based forwarding" , can websense normally receive traffic and do its URL Filtering on it?I have read on websense that:"Websense Filter Service is a receiver for...

gshaker by L1 Bithead
  • 5880 Views
  • 1 replies
  • 0 Likes

Changing communication port

Dear All,Hope you are doing well.I want to access the PaloAlto web portal from the internet. if I type the public IP it will be connected but i want to put a port number that only my team know it and for more security.Ex: 10.10.10.10 :44443or is there another way to connect from public IP

Resolved! Detailed troubleshooting of drop counters

Hi,I am having some issues with odd packet drops, and "show counter global filter severity drop" shows a lot of packets being dropped due to "Packets dropped: 802.1q tag not configured/Packets dropped: invalid interface" (same amount of packets dropped on both, so I assume these are related).Are there any way of getting a log of what has been ha...

arvesynd by L3 Networker
  • 33035 Views
  • 6 replies
  • 0 Likes

GlobalProtect and Proxy

We are running 5.0.8 on a 5020 with GlobalProtect 1.2.7. Iam just setting up GP (single gateway version) and am running into an issuewith proxy. Our laptops have a variety of proxy settings depending on the OUthey are in. The automatic configuration script works just fine after I put inan exception for our DSN name to the vpn hostname, but even ...

ldavie by L2 Linker
  • 2734 Views
  • 1 replies
  • 0 Likes

API call to clone multiple URL Filtering categories

Hi,I am trying to clone 2 URL Filtering Profiles "testProfile1" and "testProfile2" into "testProfile1-1" and "testProfile2-1" using the following REST API call.https://HOST_IP_ADDRESS/api/?key=LUFRPT1mQUJoTjh4S05rbkpBcWtLb2pZRERJekJTcDA9U2F1cU8ybzFzajFiaG5DSXV4UHJOOUdRWTJOaTVEQmU0eVY2VkZlMlVwQT0=&type=config&action=clone&xpath=/confi...

vp194m by L1 Bithead
  • 3119 Views
  • 2 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks