This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! permitting/denying asymetric TCP flows at the VYSY level?

Can "set deviceconfig setting session tcp-reject-non-syn no" or similar somehow be configured at just the VSYS level? ( I know it functions at the device level)So as to provide some VSYS's the ability to process asymetric flows and others not.Regards,

CMG by L2 Linker
  • 3005 Views
  • 2 replies
  • 0 Likes

Resolved! V5.0.4 HA Group1: Running configuration not synchronized after retries

This message appears (email, and SNMP trap) pretty much anytime I run a "commit" on the box. It appears cosmetic, as the GUI on both boxes show them being in synch. (possible latency/delay issues during synchsynch causing this mis-fire?)I noted this was an issue in the 3.x version of code, did they somehow "unfix" this bug? Anyone else experienc...

User mapped via CLI but no through Web-UI

Hello all:I am trying to configure an user in a security policy but when I write the first 4 letters of his username it doesn't appear (screenshoot attached). However, it does appear throug CLI:admin@PA1(active)> show user ip-user-mapping all | match mmlu10.161.34.189 vsys1 UIA idc\mmluque 3516 3516Any cl...

COMIP by L2 Linker
  • 6247 Views
  • 6 replies
  • 0 Likes

Resolved! untrusted webbrowsing

Hi thereIve set up the firewall with a trusted lan for staff and untrusted lan for visitors.I don want the visitor lan to access the staff lan, however the first rule created was to allow webbrowsing, i cloned it and added the visitor source addess to the rule, however anything on the visitor side cannot access any web site.Ive allowed dns from ...

zip file blocking is also blocking docx files

The organization policy is to block ZIP file types.We are having problems with docx file type which they are a ZIP file but in the file blocking profile I can see Paloalto should know how to recognize docx files but we still get dropsi would like to know how this machanism is workingplease review attached file

minow by L4 Transporter
  • 5808 Views
  • 4 replies
  • 0 Likes

File Types and Md5 Hashes

I write SIEM content (Mostly Arcsight and Q1), I have found PAN to be very effective in identifying adverse traffic. One thing that would be great, that in addition to recognizing the file type such as "file Microsoft PE File(52060)" which is useful as a poor mans DLP, with which I can track whats coming and going, it's only so effective by just...

Another PA bypass

Found this one recently:http://www.what2code.net/?p=150http://www.youtube.com/watch?v=wPHeAkv8BaEWhere dns is being used to tunnel ssh traffic through and of course there will be ways to bypass things but how is/will PA address this latest finding?(and to be fair pretty much the same bypass exists in other vendors equipment aswell such as Checkp...

mikand by L6 Presenter
  • 9220 Views
  • 10 replies
  • 0 Likes

Ignore_user_list

Hello,I'm using PAN Agent 3.1.2 on WIN2008 server and somethimes after restart the Ignore_user_list seams to be ignored )user on the lista are still identified by the PAN firewall).Does someone had this problem ? there is way to have an alert or log in case of this problem ?Can we debug PAN agent to see if the ignore_user_list is not loaded ?The...

Security policies did not take effect after Sleep Mode

Hi,Just like to find out if there is a known issue with Palo Alto and Windows 8 for direct internet policy. Currently, we have defined a policy in PA to allow AD user to connect to internet. However, based on my observation, once my notebook goes to sleep mode, then wake up, then login the policy doesn’t seem to take effect. To gain direct i...

Operation Failed: Invalid Sequence

Hello,I recently upgraded to Panorama 5.1.0 (I know, I'm a glutton for punishment!) and am experiencing an issue when attempting to add items to an application group. We've tested this with several workstations and both IE and Chrome and each result is the same. As soon as we attempt to type in a new application to find it in the list, we are gr...

Resolved! syslog no log sometimes

Hi,Pa200 configured to send all to syslog.Sometimes(Random) no log comes to syslog.Did Anyone see an issue like this ?5.0.5 panos.

Resolved! GlobalProtect assigning zone based on AD group membership?

I'm fairly sure I can't do as the subject line, so I'll explain why I think I want it, and hope someone can suggest a better workaround.We're a college campus with (roughly) 3 classes of users: students, general faculty and staff, and "special" staff. On the wired/wireless networks, we segregate users based on 802.1X and some pretense of physica...

rgraves by Not applicable
  • 5801 Views
  • 6 replies
  • 0 Likes

In HA, Pasive firewall sent the traps and CACTI shows data, Active send nothing

Hello everybodyI have 2 PA-2050 with PanOS 4.0.11 configured with HA. The traps are sent by the Pasive Firewall not the Active, also source IP of the trap belongs to Pasive not by the shared management IP.I just checked the managemtn Profile and SNMP its available.Moreover, I have a CACTI server, the graphs of the Pasive firewall works fine but ...

SOC_CSG by L4 Transporter
  • 2039 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks