This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4246 Views
  • 0 replies
  • 0 Likes

SSL VPN with Global Protect Agent 1.2.0 on different port

Hello there,on a PA-500 we're running our Global Protect portal and gateway on port 8443 according to https://live.paloaltonetworks.com/docs/DOC-3457 .This worked well up to agent version 1.7.0. Since version 1.2.0 the agent ignores to port configuration and always tries to connect to port 443.I've seen numerous log entries on the webserver runn...

Resolved! Threat monitoring ( empty reports )

Hello All, Currently we have a daily Threat monitoring report sent out.If the report is empty (which it often is) it somewhat defeats the object as someone has to open it and read it only to find no issue.Is there a way to run it more on an exception basis i.e. only send an email if a threat has been detected ?I’ve read the security profiles sec...

dsp_DI by Not applicable
  • 2866 Views
  • 1 replies
  • 0 Likes

Limits of VWIRE?

One can find in the datasheets various limits regarding VSYS (where some models wants an additional license) but what about VWIRE?Are there any limits regarding number of VWIREs one can use for each model (I assume the VM-models doesnt support VWIRE at all)?Also, are there any drawbacks of putting various VWIREs into the same zone (or is this ev...

mikand by L6 Presenter
  • 5211 Views
  • 4 replies
  • 0 Likes

BGP config PAN-OS 5

Hello,I was working on a BGP configuration on a PA 500 running PAN-OS 5. It is an internet connection plugged directly into the firewall. (Its an ethernet hand-off). I couldn't find any docs for v5 so I just hacked my way through it. Is there any step by step guide for this? I found one for v4 but it looks a lot different. Also the access rule I...

DougB by L0 Member
  • 2169 Views
  • 1 replies
  • 0 Likes

Resolved! 5050 and 5020 HA Setup

Is it possible to have HA successfully setup between two different platforms? In my case I have a customer with a 5020 and a 5050. I know the documentation states that it must be the same platform, but was curious if anyone has ever tried doing this. Thank you,-Louis

Resolved! Wildfire file exceptions

Hey everyone, sorry if this was posted before and missed it in searching.I am receiving an enormous number of alerts from Wildfire, due to an internal application that our desktop engineering created. Its more or less is just an exe that creates short cuts to our internal HR portal, which Wildfire believes to be malware.What I am looking for is...

jholmes by L1 Bithead
  • 8231 Views
  • 3 replies
  • 0 Likes

Resolved! Firewall Policy Management: Tufin cannot detect PAN interfaces

Hello Everybody,I am running a PoC with Tufin SecureTrack and have some problems with PAN firewalls (PA-500 and PA-2020 running PANOS 4.1.7, PA-5050 running 4.1.12).In a nutshell sounds like Tufin detects only the interfaces that in PAN XML configuration file are listed within the default vsys: <vsys> <entry name="vsys1">... ...

Bucche by L2 Linker
  • 4181 Views
  • 1 replies
  • 1 Likes

Same model for HA to functional properly?

I understand that both firewalls should have the same feature licensing for proper failover, but has anyone implemented HA successfully using two different models? 5050 and 5020 for example? I know in the documentation it states both models must be the same.

Getting device hostname from PANOS DHCP

Hi,I'm currently using the PANOS DHCP server to serve DHCP requests to our guest network, as it's seperated on it's own VLAN. I don't want any traffic from our guest network to reach our domain controllers, which serves as DHCP for our other VLAN's.There is just a couple of features that I feel like I'm missing, and I was wondering if this actua...

arvesynd by L3 Networker
  • 4458 Views
  • 2 replies
  • 0 Likes

bad vpn connectivity\packet loss ip sec vpn

HiI have configured an fixed IP sec VPN tunell on my PA 500. The tunell comes up OK, and I can ping an traceroute an IP adress on the network I am connectod too, through the vpn tunell. But Packet loss lies between 20 and 40 % running ping tests.We experience the same thing on both sides of the tunell.what can be wrong here, to me it seems like ...

knutelde by Not applicable
  • 4380 Views
  • 2 replies
  • 0 Likes

Tweaking DSRI

So I keep hearing that disabling DSRI will improve performance. I thought I read that most vendors do not even offer the option.What are some guidelines for disabling DSRI? I understand that incoming to own internal server is probably ok, but what about disabling for some client security rules. Immediate examples are trusted sites like Netfli...

BobW by L4 Transporter
  • 5420 Views
  • 3 replies
  • 0 Likes

How does it identify unknown application where about flow logic?

Hello everyone;~I am very curiousrefer to bottom image~Where is the unknown application where?I guess that PA App-id check application signatures for the first timeand than If PA doesn't know app, PA App-id might move Heuristics engine;and If PA try what could be checked at the engine;;Does PA change unknown-tcp or unknow-udp?I haven't been look...

Can a A/A Floating IP be set to the interface IP ?

Hello - In the VRRP world, I can have 2 devices active with a single IP (VRRP IP address ) active only on 1.I have a situation where I need to vsys a box (L3 & Vwire) The vwires are replacing Tipping point IDP's , with active traffic, so I need Active Active- fine..the FW vsys only needs a single address active in one interface network at...

dbrenipc by L3 Networker
  • 3132 Views
  • 2 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks