This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Online Cloud Storage

Hi, I want to put together a policy to manage our user's access to online storage. We would like to restrict access to all but a few storage companies (DropBox, Hightail) and wondered how others manage such a task. Also, I'd like to accurately pull a report on the applications that fall under this umbrella. The difficulty I see is that not all o...

nickcx1 by Not applicable
  • 3314 Views
  • 1 replies
  • 0 Likes

Resolved! Enabling Jumbo Frames

Enabled jumbo frames at Device, Setup, Session. Question is, do I still have to go to each interface and specify the MTU size per interface or is the default value what I set at the device level? Basically, if I don't touch the interfaces what MTU will each interface use by default (assuming I enabled jumbo's)?Thanks!!!

fma by L1 Bithead
  • 15007 Views
  • 4 replies
  • 0 Likes

Why pdf file action is forward on wildfire?

Hello.I am seeing data-filtering logs for wildfire and have found some logs.It is pdf file log that action is forward.Wildfire configuration is any application and action forward.But PDF is not PE file.I don't understand Why pdf file action is forward.forwardData plan detected a PE file on a WildFire-enabled policy. The PE file is buffered in m...

Resolved! PA-500 - Error: Number of profiles (4294967292) exceeds vsys capacity (50)

I've inherited the management of a PA-500 that was previously linked to a Panorama server. When I try to commit I receive the following errorVSYS1 Error: Number of profiles (4294967292) exceeds vsys capacity (50)(Module: device)Commit failedI've looked through the the configuration and there only appears to be a handful of av, malware, threat...

Smi12 by L2 Linker
  • 4131 Views
  • 2 replies
  • 0 Likes

Resolved! Configuring CRLs

All,I am using a microsoft CA to issue machine certificates for global protect authentication. All is working, but the downloading of my internal CRL. Is there something I need to configure besides checking the "User CRL" option in my certificate profile? I have changed the publish time on my CA, have revoked a working cert, but still able to...

dan731028 by L3 Networker
  • 4502 Views
  • 1 replies
  • 0 Likes

Using client certificates with an authentication sequence for Global Protect

Hello,Is it possible to use client certificates for both AD and local users for global protect? I have a working authentication sequence, but have a requirement to use client certs. If it is possible, would it be better to generate the certificates from the domain microsoft CA or could I generate them on the PAN device? I would prefer to use ...

dan731028 by L3 Networker
  • 3808 Views
  • 2 replies
  • 0 Likes

Resolved! Prevent Scan

HI,we have detected that we are suffering a scan of all servers in our DMZ, the IP source is 151.236.14.140, on port 443.How can we avoid this kind of attack or prevent it??Thanks

HTTP Report

Hi,I want to create a report based on the predifined canned report HTTP Applications. I have tried loading it as a template and it doesn't show up in the list of templates. I have also found it in the CLI as top-http-applications the output of which is below. However when I try and create a report in the CLI based on this there is no option f...

CHammock by L2 Linker
  • 2055 Views
  • 1 replies
  • 0 Likes

Resolved! smtp/pop3 over SSL - how to configure security rules?

HiI moved my email serwer from untrust to DMZ. Everything almost is working fine, almost ...This server has ftp and webmail function too, so my security rules looks:I checked on aplipedia for aplication smtp and pop3. Accroding to aplipedia smtp uses tcp/25,587 and pop3 tcp/110.Thats true for on secure connections. But how _properly_ pass SSL t...

_slv_ by L4 Transporter
  • 18809 Views
  • 7 replies
  • 0 Likes

Torrent

Hello Guys,Have anyone of you noticed something regarding torrent(bittorrent, transmission..etc..)?We received a report that a torrent app which is transmission is able to evade the app detection of Palo Alto NGFW.I tested it in my lab, I use Bittorrent and I saw that it can really breach Palo Alto NGFW and successfully downloaded a file.We trac...

Migrate from ASA 5505 to a PA 3020

Any one know the best what to migrate this configuration from a Cisco ASA 5505 to a PA 3020 here it show run information for the interfaces from the ASA 5505interface Ethernet0/0 switchport accessvlan 900 !interface Ethernet0/1 switchport accessvlan 300 ! interface Ethernet0/2 switchport trunkallowed vlan 1,999switchport trunk native vlan...

infotech by L4 Transporter
  • 3018 Views
  • 4 replies
  • 0 Likes

Problem with chained Cert

HelloI made a CSR. Got my Cert and did the stuff mentioned in the "how to chained certificate", Copied the intermediate on top of my cert.but the PA-500 did not accept it. okey i tried it without the intermediate cert text - and it worked. Request is gone and now there is a valid cert.but now when i try to open the captivePortal Response page i ...

User_333 by L2 Linker
  • 2113 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks