This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4240 Views
  • 0 replies
  • 0 Likes

M100 - incorrect Message Authentication Code

I have the following setup: A VM100 that has multiple VLANs, for example LAN, Guest and DMZ. In the DMZ are some https websites, hosted on VM's on the same VM server as the M-100.Everything is working as expected, so internet, DHCP, DNS etc. is all working fine.However, when connected to the LAN, surfing to a https website in the DMZ results in:...

Palo Alto in Virtual Wire mode - problem with perimeter gateway (Firewall)

Hello everyone,I decided to post here a question that I hope someone would be able to answer or at least provide some guide to which direction to move.I have an opportunity to sell Palo Alto appliances to one of our clients and for that I need to show to the client that it is better that their current firewall.So configuration:Clients Perimeter ...

Panorama VM is misaligned.

Hi everyone,I have installed the Panorama from the OVF file that Palo Alto provide. But when the VM is deployed, it is misaligned. Did anyone solve this issue already?I have tried to align it with MBRAlign in ESX, but after that the alignment the VM will not startup anymore.Does anyone have any idea how to solve this?

plim01 by Not applicable
  • 12565 Views
  • 23 replies
  • 0 Likes

Resolved! LDAP for User Mapping

Hi,Can anyone explain: LDAP profile is needed just for User group mapping or in general for user mapping? Now i'm confuse.

Interface by L3 Networker
  • 3813 Views
  • 4 replies
  • 0 Likes

Resolved! Failed to email PDF reports

Hi,Sometimes scheduled PDF reports fails to send. I get the message: "failed to get ip for host." It is email server problem or something wrong with configuration? Is any possibility to send scheduled PDF reports on another time or repeat sending?

Interface by L3 Networker
  • 3974 Views
  • 3 replies
  • 0 Likes

IPSEC VPN through PAN comes up but does not pass traffic

What needs to be enabled to allow a VPN that once worked to be allowed through a 3020. I had a Juniper to Juniper IPSEC VPN that worked before the 3020 was placed between the 2 junipers. What needs to be allowed to make sure that the traffic passes.The VPN comes up,but no data is able to pass

tuckert by L0 Member
  • 2686 Views
  • 2 replies
  • 0 Likes

Resolved! The use of use-cache-for-identification introduced in PANOS 5.0.2?

According to the release note for PANOS 5.0.2 (released 2013-01-15):"47195 – When the App-ID cache feature was enabled in previous releases (enabled by default), it was possible to pollute the cache to allow some applications to pass through the firewall, even when a rule was set to block the application. If you are running an older version of P...

mikand by L6 Presenter
  • 7969 Views
  • 5 replies
  • 2 Likes

Resolved! Palo Alto Dictionary file for Steel Belted Radius

Hi,We are using Steel Belted Radius Enterprise Edition v6.1.6 for authentication on all the network devices.We have few PA3020 and PA500. Now we would like to authenticate these firewalls via the same Steel Belted Radius Server.I am unable to locate Palo Alto as vendor in the SBR admin GUI. I have tried selecting the Standard Radius Option, but ...

DCN by Not applicable
  • 4011 Views
  • 3 replies
  • 0 Likes

SSL decryption fails

We are testing SSL decryption on our PA at the moment. We have found a site that could not be decrypted: https://posteo.de/Has anyone of you an idea why the decryption fails for that site?And how could I troubleshoot such problems? Because the normal log does not show any problem, but the browser shows an error message.Thank you!

Resolved! Active Directory help

Hi All,We received our first pan 3020 Monday and I have been trying to learn about the product in order to setup for production. I'm making good progress so far, but I have run into an issue importing AD users. I setup group mapping and I'm able to see groups that were imported, but no users. What am I missing?Thanks in advance for your help.

jbo by L0 Member
  • 5441 Views
  • 8 replies
  • 0 Likes

Resolved! Dynamic Block List Site

Is there a list of known bad IP addresses? I would like to include a dynamic block list in my policy but I don't have a list of known bad IP addresses. Does Palo Alto have a canned list of IPs that I can reference to insert into my policy?

das by Not applicable
  • 7782 Views
  • 6 replies
  • 0 Likes

Hosted Verizon PBX solution with phones behind a PA200; calls drop at exactly 15 minutes. Anyone else seeing this?

We have a remote office with a PA200 and we are using VoIP phones that use a Verizon remote hosted PBX solution. Outbound VoIP calls drop at exactly 15 minutes... meaning any and all calls out drop at that exact time. We can pull reports and see that no call ever exceeds 15 minutes in length.Has anyone else seen anything like this? initially I t...

Ipsec vpn from MS ISA 2006 to PaloAlto

Hello,A third party has a isa 2006 server which they use for ipsec vpn. We do not seem to be able to create an ipsec site 2 site vpn. Can this be done? If so, any howto's,

mikeh by Not applicable
  • 2601 Views
  • 1 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks