This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

How does it identify unknown application where about flow logic?

Hello everyone;~I am very curiousrefer to bottom image~Where is the unknown application where?I guess that PA App-id check application signatures for the first timeand than If PA doesn't know app, PA App-id might move Heuristics engine;and If PA try what could be checked at the engine;;Does PA change unknown-tcp or unknow-udp?I haven't been look...

Can a A/A Floating IP be set to the interface IP ?

Hello - In the VRRP world, I can have 2 devices active with a single IP (VRRP IP address ) active only on 1.I have a situation where I need to vsys a box (L3 & Vwire) The vwires are replacing Tipping point IDP's , with active traffic, so I need Active Active- fine..the FW vsys only needs a single address active in one interface network at...

dbrenipc by L3 Networker
  • 3098 Views
  • 2 replies
  • 0 Likes

Any experience with MediaFire?

I have an end customer who was attempting to download a file from mediafire (also known as causeway.com). His policy allows the mediafire application, and the initial connection is made, so the web site is accessible.If he is provided with a download link to a file from another user (this seems to be a common usage of this site), the connection ...

Can PAN block proxy traffic originated from other country?

Hello guysI'm trying to block some traffic originated from other country. PAN can block those traffics with its source address and regional info. But what if they use some kind of proxy(like ultra surf) to disguise its original source ip and change its ip to domestic ip , and what if they use ssl proxy? If that ssl server is in my country, its s...

JTR by Not applicable
  • 8681 Views
  • 5 replies
  • 0 Likes

Pan OS 5.0

i have set up Palo Alto to send logs to syslog server.Yesterday i have seen something unusual in THREAT,url log?The length of the URL is 1044 bytes but in the Palo Alto log i can see some of the bytes is truncated?Original URL:http://s.youtube.com/api/stats/watchtime?feature=fvwrel&rt=6.827&cos=Windows&cosver=6.1&len=300&cpn=...

Resolved! Using variable for PANOS version when using CEF (Arcsight)?

According to https://live.paloaltonetworks.com/docs/DOC-2835 the (current) certified formats for use with CEF is:TrafficCEF:0|Palo Alto Networks|PAN-OS|4.1.0|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser...

mikand by L6 Presenter
  • 4811 Views
  • 4 replies
  • 0 Likes

with Net Optics bypass switch deployment

Hi,The bypass switch detects heartbeat from Palo Alto firewall to determine if it is alive.What happens if, by any chance, PANOS become unresponsive but the hearbeat ping is still alive? will the bypass mode be ON?anyone having this experience with bypass switch deployment before?thanks.

cl_wong by Not applicable
  • 2490 Views
  • 2 replies
  • 0 Likes

Anyone know of an official PA supported equivalent to the Check Point Web Visualization Tool?

See here for examples:Exporting Check Point configuration from Security Management Server into readable format using Web Visualization Toolhttp://www.checkpoint.com/techsupport/downloads/docs/firewall1/r54/WebVisualizationTool.pdfWe're getting ready for audit season, and it would be really nice to have a neat HTML file to show the auditor, for s...

Resolved! copy security profiles and log options

Hey all,Do you find it annoying you can not copy security profiles and log options the way you can copy zones, objects, user, applications and services from one security rule to another through the GUI?Manually adding the same security profile for a large number of rules requires a lot of clicking and can be quite time consuming.I usually switch...

mr.linus by L4 Transporter
  • 2927 Views
  • 2 replies
  • 0 Likes

Resolved! DMZ or NAT for web server

Hi there,I'm looking for some insight on the best security design for several externally accessible web applications. We have several public IP addresses available and can simply do a 1:1 NAT for each web server, put it in a DMZ, or both. Each web server has an internal SQL database to complicate things. From a best security perspective i'm not ...

Resolved! panorama user for specific vsys

Hi,we created a user with device group and template admin role(only selecting monitor allowed)also created a user with that role and choosing only 1 vsys for access controlwhen we logged in with that user we can see other vsys's traffic logs which are sent to Panorama.Is that normal behaviour ?

Twinax Cable for PA-5000

Hello everyone,Has anyone installed an PA-5000 series (PA-5020 and PA-5050) with a standard twinax wire? I want to connect a PA-5020 and PA-5050 to a Juniper SW with a twinax cable (EX-SFP-10GE-DAC-5m), and I want to know if it is possible or if anyone has tried it (with a third party and a standard cable)...Thanks for your help,

Smartekh by L1 Bithead
  • 3833 Views
  • 3 replies
  • 0 Likes

Terminating multiple IPsec tunnels on an interface

Currenly all routing must take place on our core network. (due to backup ipsec tunnels and faster MPLS circuts)Here is what we want to do but I am not sure how to accomplish this.We have four IPsec Tunnels that we do not want to be routed to each other without touching the core network first.Our current setup has all four IPsec tunnels terminati...

rbit0965 by L1 Bithead
  • 3396 Views
  • 2 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks