This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Setup Alert for Traffic to Specific IPs

We are trying to figure out if there is a way to have the firewall create an alert in the logs when traffic hits a specific IP range. We don't want to block access to this range of IP addresses but we want to be able to confirm if users are conversing with IPs in a specific range. Any thoughts on this would be appreciated?Thanks in advance!

Resolved! PA Web-UI Strange~

Hello~ everyoneHave the used Windows 7 Enterprise?as far as We know that IE has installed Windows basicallyThe Windows version is 7 Enterprise x64IE is 8.0We know that When PA set something we have to click object, device, policy etc,,,so,, Object Tab select and than we can look left there are many menus when some of the menu something click in ...

Possible Bug in Global Protect

I am wondering if anyone else is having this issue. We are using on-demand mode. When setting up a new laptop we install the 1.2.5 agent. At this point our helpdesk tech is logged in and the VPN connects correctly as it is our process to test it. From here he disconnects and reboots the workstation. I then log into the machine with the user...

nthen by L3 Networker
  • 5464 Views
  • 8 replies
  • 0 Likes

PAN Agent to FW connectivity

Guys,we have a PAN agent User-ID version 5 running on the network, all is working fine, but just thaton the PAN agent User ID, I see only one device PA-FW as connected.The active one, and the standby does not show up.Is this the right observation, or should I see both the PA-FW's on the PAN Agent.Active and standby.Please advise.Regards,Tau_

rz185016 by Not applicable
  • 2489 Views
  • 3 replies
  • 0 Likes

UserID debug Log. high load CPU?

Palo Alto support ask me about send them the debug lof of UserID. I can enable this debug log with my DC in production. There is risk about load CPU in the UserID device (Domain controller). I could do it in production?thanks

PDF Summary Report (Missing Custom Reports/Widgets)

It has been a few versions since I played with PDF summary reports however, I am currently running version 5.0.5 and in the GUI if I go and create a PDF summary report there is no 6th drop down for custom reports as I remember and as shown in the help window.I guess these are classed as custom widgets. I have made the assumption this is an "ove...

CHammock by L2 Linker
  • 4453 Views
  • 5 replies
  • 0 Likes

Suspicious DNS Query - conficker

Hey,Is there a way for not letting conficker fill up the threat logs? Or an easy way to filter them out? I have 1000+ logs from 1 host on just a few hours and it is getting hard to see the other threats... Even in the ACC, I get a list full of conficker, nothing else. This is caused by every conficker URL being identified as a different threat I...

URL Filtering Exception

Per company policy, we block all online personal storage sites. However, as always, there are some exceptions. What is the best way to allow 1 specific user to 1 specific site? Do I really need to create a separate URL Security Profile for each exception? That would be a nightmare to manage as we add more exceptions. There must be a better ...

Can you configure Policy Based Forwarding without knowing the "Next Hop" address?

Hi folks,I am trying to set up a PA200, running 5.0.6, to use two ISPs and set one set of users to use one ISP and the other users to use the second ISP for their outbound traffic. My problem is that as these are ADSL circuits, each time the connection is made to the ISP, the next hop ip address may change and therefore the PBF rules that are t...

Resolved! Clear SSL opt-out response cache for client

PanOS 4.1.14How does one clear the cache for an individual client IP, so that the end-user is presented with the SSL Opt-Out page again when they next try a site which uses SSL? All I can think of is clear session all filter ssl-decrypt yes. If I do a show session all I don't know which session ID I should be clearing, if any...Thanks

nickcx1 by Not applicable
  • 4015 Views
  • 4 replies
  • 0 Likes

Security Rules dont match propertly

Hi,I just migrated from 5.0.3 to 5.0.6 and the user-id is giving problems......... Some rules is not matching correctly.......I have the rule on top ,deny Twitter application and in the end i have a rule allowing this traffic.....but the twitter traffic is ju..why the traffic jump this rule? admin@FW1(active)> test security-policy-match sour...

DNS Proxy Errors

We have a remote office using a PA-200 in the middle east. I configured it to use DNS proxy with caching to lower the time for resolution over the VPN tunnel back to our corporate DNS servers in the US. We also have intermittent disconnects due to the unreliable internet connection there and this seemed to help eliminate some of the complaints o...

CRL not downloading

Hi,I have just noticed that my PA-2050 has in it's system logs regular entries as follows:Failed to get CRL http://crl.godaddy.com/gds1-16.crlI also get similar entries for every different certificate server I can think of.Reason I ended up looking at this stuff was actually for a different certificate error.The other problem I get is when I log...

Strachf by L1 Bithead
  • 5142 Views
  • 4 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks