This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

4.1 series GUI dashboard

I have one box presently on 4.0.8 and one on 4.1.1. If I compare the dashboards, the 4.0 series one has the dates in the widgets in an international format (2012/01/12), which I have no trouble with. The 4.1 has the widget dates in a partial American format (01/12), which I read as 1 December for just a moment until I think. The times on the 4.0...

Resolved! DHCP / DHCPD server stopped working 5.0

PAN OS 5.0App Version 342-1602 (12/04/12)Uptime 22 daysPAN-OS DHCP server stopped working today (worked earliar only change wildfire & global protect updates)DHCP server status shows it is not enabled although configured.<says not configured>admin@PA-200> show dhcp server lease ethernet1/4dhcp server is not enabled on interface 'eth...

jkim2 by L3 Networker
  • 7612 Views
  • 7 replies
  • 0 Likes

Agentless User-ID with PAN5.x - AD Configuration

I have read the tech article "How to Configure Agentless User-ID in PAN- OS 5.0.x"I'd love to see this document broken into two docs - one that I can send out to customers to prepare for POC - the AD user account setup portion without the PAN firewall config portion . . . does this already exist somewhere?

cindyb by Not applicable
  • 5535 Views
  • 6 replies
  • 0 Likes

CP Policy

I'm trying to setup a captive portal and authenticate users via a user certificate, but I cannot get it to work in 5.0.1.I already have a client certificate profile created but which setting do I need in the CP policy (action):web-form => does not work since the user needs to specify username/passwordno-captive-portal => does not prompt th...

loosj by Not applicable
  • 4266 Views
  • 6 replies
  • 0 Likes

User Identification Agent Capacity

In your Pan Agent 2.1 documentation you did an excellent job of documenting User Identification from start to finish. I have yet to see one document such as this for 3.1.Please reference page 7 of the Pan Agent 2.1 document and confirm or correct what the current User Identification capacity is.Please consider updating the Pan Agent 2.1 document...

Resolved! Using VM firewall as "offline" configuration management for ALL models of PAN devices?

GroupI am pretty sure it can be done (have not tested), but I thought maybe a SE or partner could test and confirm, or provide warnings/pitfalls.I am thinking that if I offloaded a copy of a customer's FW, for archival purposes and then needed to make changes, when I am not at the customer site, that I could just load their configuration into my...

scantwell by L4 Transporter
  • 5443 Views
  • 6 replies
  • 0 Likes

Email Security

Is there a way for the PA firewalls to monitor scam email? For example, email that looks legitimate but has manipulated links (again that look legitimate) taking you to a redirected website that is malicious in nature? Is there a way the PA can monitor and alert me of this kind of activity?

Resolved! PA-500 Virtual Wire implementation (HA)

I am planning a deployment of two PA-500's for just Threat Prevention and URL monitoring. I am working through the best way to do it for physical cabling and figuring out where everything should go. I would also like to use the Active Directory integration to base URL Filtering policies to groups/users. My question is, will I need to connect ...

Application Group for DC to DC communication

I have 2 domain controllers across 2 dmz's and i need them to talk. I have a list of ports I want to open but I want to keep it neat and create a application group. I dont see an easy way to search applications by ports.Does anyone have a list of PA applications by name that is required for dc to dc communication ? This is not client to dc commu...

jhickey by L3 Networker
  • 4067 Views
  • 3 replies
  • 0 Likes

Resolved! Future DoD or NIST criteria evaluations for PAN devices? (e.g. EAL 4)

I see that the PA 2000 and PA 4000 devices achieved EAL 2 certification (EAL or Evaluation Assurance Level is a common US Department of Defense "hurdle" that firewall vendors have to jump over in order to even be considered in DoD networks):http://www.commoncriteriaportal.org/files/epfiles/st_vid10330-vr.pdfAlso NIAP_CCEVS: Product Compliant Lis...

Resolved! Why do "incomplete" sessions show as "allowed"

Hi.I've got some pretty specific firewall rules for machine in our DMZ, and I noticed some intriguing log entries while checking into an (unrelated) issue today.I get a log entry which reads like this02/27 11:42:30 end outside DMZ <source_ip> <destination_ip> 1433 incomplete allow <rule_name&g...

darren_g by L4 Transporter
  • 41383 Views
  • 14 replies
  • 1 Likes

Blocking via file extension (Text only)

Am I able to block via file extension, the text file extension ony, without any inspection and/or identification by the Palo Alto unit?I want to block jar files but the PA keeps telling me they are zip files and then allows them. I would like to block anything named *.jar no matter what the PA identifies it as.Thanks!

choff123 by L3 Networker
  • 6062 Views
  • 5 replies
  • 0 Likes

Many "not-resolved" category in URL Filtering log when using "URL Category" column in Security rules

Hi, all,First, my customer doesn't buy "URL Filtering" license.I use the "Custom URL Category" in the "URL Category" column at Security rules, as the attachement named "security-rules.png".https://live.paloaltonetworks.com/servlet/JiveServlet/download/2-5074/security-rules.pngBut, I see many category named "not-resolved" in URL Filtering log, as...

Polycom Real Presence issue

Hi (it's my day for asking questions, it seems).We have a client who desires that we connect to a Polycom video conferencing system using some software called "PolyCom Real Presence".The trouble is - it doesn't work, or works intermittently - sometimes video works and sound doesn't, sometimes sound works and video doesn't, sometimes it doesn't w...

darren_g by L4 Transporter
  • 5345 Views
  • 6 replies
  • 0 Likes

Resolved! Help: how to use dynamic block list

Hi all.I want use " Dynamic Block List" to block some IP.I creat a IP list on a local web serversBut I can't import list in to Palo Alto?Something wrong?Pls help me.Thanks

dat.tran by L2 Linker
  • 5694 Views
  • 4 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks