This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Resolved! DMZ or NAT for web server

Hi there,I'm looking for some insight on the best security design for several externally accessible web applications. We have several public IP addresses available and can simply do a 1:1 NAT for each web server, put it in a DMZ, or both. Each web server has an internal SQL database to complicate things. From a best security perspective i'm not ...

Resolved! panorama user for specific vsys

Hi,we created a user with device group and template admin role(only selecting monitor allowed)also created a user with that role and choosing only 1 vsys for access controlwhen we logged in with that user we can see other vsys's traffic logs which are sent to Panorama.Is that normal behaviour ?

Twinax Cable for PA-5000

Hello everyone,Has anyone installed an PA-5000 series (PA-5020 and PA-5050) with a standard twinax wire? I want to connect a PA-5020 and PA-5050 to a Juniper SW with a twinax cable (EX-SFP-10GE-DAC-5m), and I want to know if it is possible or if anyone has tried it (with a third party and a standard cable)...Thanks for your help,

Smartekh by L1 Bithead
  • 3845 Views
  • 3 replies
  • 0 Likes

Terminating multiple IPsec tunnels on an interface

Currenly all routing must take place on our core network. (due to backup ipsec tunnels and faster MPLS circuts)Here is what we want to do but I am not sure how to accomplish this.We have four IPsec Tunnels that we do not want to be routed to each other without touching the core network first.Our current setup has all four IPsec tunnels terminati...

rbit0965 by L1 Bithead
  • 3402 Views
  • 2 replies
  • 0 Likes

SSL decryption

How would one implement a man in the middle SSL decryption configuration on the Palo Alto without the client's browser popping up with a untrusted cert message?

DendreT by L1 Bithead
  • 2393 Views
  • 2 replies
  • 0 Likes

Resolved! What is the 'Session metering: sessions throttled by management session threshold' on drop count?

Hello,I am testing about VM-FW on ESXi environment. But Traffic from VMs don't go through Internet.There is VM-FW between VMs and Internet.So I have checked PCAP and packet filtering.I have seen all packet drop.Drop count name is 'flow_meter_host_throttle 'This count description is 'Session metering: sessions throttled by management session thre...

Resolved! In management plane there's some mysterious process.

Hi guys, I've found out that our customers PA keeps high management cpu usage, and it seems that this process use most of the resource.what's the 'appweb3' process and why the user is 'nobody'? Is there somebody who can explain this??Thank you very much ahead.

JTR by Not applicable
  • 5575 Views
  • 4 replies
  • 0 Likes

Resolved! Paloalto Panorama Communication after license expired

We have couple of Paloalto 5050 firewall, which license got expired recently. Is it possible to connect these firewalls with Panorama.After device has been added in Panorama with device serial number, it is not connected and device IP details not shown in Panorama. It is in out of sync state.I am suspecting that because of license issue, I am ...

Resolved! URL Log displays a lot of '%16%03%01/' as url for SSL traffic

What's wrong with the URL filtering and logging of the PaloAlto FW? We have many URL logs like '%16%03%01/' when users visit SSL websites.Is URL detection for SSL websites broken?Are there other users who have this problems?We are not 100% sure but it seems this log happens only when Internet Explorer 8 is used. But still investigatingRegards,O....

obor by L1 Bithead
  • 6314 Views
  • 9 replies
  • 0 Likes

DNS Response Address Translation

Can the PA's perform an address translation (assuming an appropriate NAT rule is configured) for an IP address that's presented as an answer in a DNS response message? I.E as highlighted in red below.I have tested it and it doesn't work, if the functionality doesn't currently exist is it on any road-map to be added?==============================...

debsPal0 by Not applicable
  • 2973 Views
  • 3 replies
  • 0 Likes

Looking for best way for using DoS protection

Hi guys,I have question related to both Zone and DoS Protection features.I'm testing with PA-200 and PA-2050 by using following DoS tool.LOIC | Free Security & Utilities software downloads at SourceForge.netI'm configuring this tool to generate lots of UDP packets in short time and see how CPU usage of dataplane goes.I could find that CPU e...

emr_1 by L5 Sessionator
  • 3281 Views
  • 3 replies
  • 0 Likes

manually download/install GlobalProtect Data File

Hey guys,Is there a way to manually download/install the GlobalProtect Data File? Though CLI maybe, like you can for content and anti-virus?Or should you just schedule it under dynamic updates to daily, and set it to download at a time 1 minute in the future, wait for the automatic dynamic update and then adjust the schedule to once a week?Tanx

mr.linus by L4 Transporter
  • 3461 Views
  • 1 replies
  • 0 Likes

PanOS 5.0

i have configured syslog setting on palo alto to send log to syslog server?i have mention the port number 601(tcp port) and server address : xx.xx.xx.xx and facility : LOG_USERbut i cannot see the log on my syslog server which is listening on tcp the port.Does palo alto support forwarding event to syslog on tcp port?

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks