This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4113 Views
  • 0 replies
  • 0 Likes

Resolved! Captive portal not redirecting for some users

Hi thereWe've just enabled Captive Portal for all of our users but I'm getting a small number of users who are simply not being redirected to the captive portal to authenticate. I've noticed that Safari on Mac is a common theme but there are a number of PC users with the same problem.I have a small selection of trusted IP addresses which do not ...

Domain is pointed as Malware

Hello,today we had a suspicious DNS Query warning because we tried to reslove a domain (pandaro.be).So Palo Alto gets information about domains and checks some information about these domeains.My questions about this:1/ What is PA using to decide which status a domain gets2/ What is PA checking at a domain to decide about the status2/ If a dom...

wolfrene by Not applicable
  • 3921 Views
  • 2 replies
  • 0 Likes

Resolved! link aggregation down

Hi,We configured link aggregation but although switch side ports become up, on PaloAlto they are down.Any idea ?show interface ae1--------------------------------------------------------------------------------Name: ae1, ID: 48Link status: Runtime link speed/duplex/state: unknown/unknown/down Configured link speed/duplex/state: auto/auto/auto ...

vpn issue

Hi,After side to side vpn established correctly after sometime(I do not know how many hours) Phase1 becomes passive.Side1 cannot access Side2.when we try to use test vpn command for ike it becomes up and it works.What can be reason for that ?

VWire configuration testing

Hi,At a recent PA training, the instructor mentioned a testing method for testing the configuration of VWire objects and the traffic flow, as configured in your Security Policy. The goal of this method is the ability to do testing in a lab environment vs. testing your traffic flow after you've put the device into production.With your device in ...

Mic by Not applicable
  • 3380 Views
  • 2 replies
  • 0 Likes

App and Threat Version fail when update.

When I download and install (choose sync HA) the update App and Threat version 386-1889 (2013/07/30), Dashboard in my device show info App Version and Threat Version mismatch (view attach files). And when I commit any change, HA will not work (view attach files). I must rollback to old Version and my device is ok. When I reinstall new update 3...

Multiple ISP load balancing

We currently have an Internet setup as shown in the image below. ISP1 is Metro Ethernet running over a disparate fiber path at 100Mbps symmetrical bandwidth. ISP2 is ATM over 1Gb Fiber, with a disparate fiber path and 250Mbps symmetrical bandwidth. ISP1 and ISP1 are running BGP. I use padding to control my preferred link, which changes depe...

EdwinD by L3 Networker
  • 6094 Views
  • 2 replies
  • 0 Likes

Resolved! ACC and filtering App Category or Sub Category

I couldn't find an answer after searching for a bit, so I thought I'd ask the community.In the ACC tab within the PANOS web UI, if I select an application in the report, within the Application Information section that appears I get links for the App Category and App Sub Category. I can then drop the filter for the Application, and work with the...

Resolved! No exempt profile in threat details

Dear,We have some traffic that is getting blocked because of a strict vulnerability profile.I want to exempt a certain IP from this profile.But when I click on details in the threat logs, there is nothing filled in the "Exempt profiles"Which is strange because it is blocking the traffic because of some profile, only it will not show me which one...

mr.linus by L4 Transporter
  • 5282 Views
  • 8 replies
  • 0 Likes

Resolved! NAT for ldap

I need to configure my PAN to allow LDAP and port 636 inbound from 10 specific IP addresses for authentication with a software company. Can't figure out how to do this correctly.

jpzynski by Not applicable
  • 4265 Views
  • 3 replies
  • 0 Likes

How to create custom vulnerability signature for SIP packets?

Hi,we are trying to create custom vulnerability signature for triggering on the specific string in the udp packet payload with destination port 5060. Unfortunately there is no context for SIP. We used "Pattern Match" and chose "unknown -req-udp-payload" as a context. We applied a Vulnerability protection profile to the security policy (a rule ...

Resolved! Spoofed IP address zone protection of vwire

Dear,We have created a zone protection profile with protection against "Spoofed IP address".We have put this protection profile on a vwire interface.Question:What will happen since a vwire interface has no IPs?Will this "feature" be ignored, or what will happen / how can we configure this to apply the protection?KR

mr.linus by L4 Transporter
  • 5840 Views
  • 6 replies
  • 0 Likes
  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks