This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4139 Views
  • 0 replies
  • 0 Likes

Resolved! PA-500 Virtual Wire implementation (HA)

I am planning a deployment of two PA-500's for just Threat Prevention and URL monitoring. I am working through the best way to do it for physical cabling and figuring out where everything should go. I would also like to use the Active Directory integration to base URL Filtering policies to groups/users. My question is, will I need to connect ...

Application Group for DC to DC communication

I have 2 domain controllers across 2 dmz's and i need them to talk. I have a list of ports I want to open but I want to keep it neat and create a application group. I dont see an easy way to search applications by ports.Does anyone have a list of PA applications by name that is required for dc to dc communication ? This is not client to dc commu...

jhickey by L3 Networker
  • 4083 Views
  • 3 replies
  • 0 Likes

Resolved! Future DoD or NIST criteria evaluations for PAN devices? (e.g. EAL 4)

I see that the PA 2000 and PA 4000 devices achieved EAL 2 certification (EAL or Evaluation Assurance Level is a common US Department of Defense "hurdle" that firewall vendors have to jump over in order to even be considered in DoD networks):http://www.commoncriteriaportal.org/files/epfiles/st_vid10330-vr.pdfAlso NIAP_CCEVS: Product Compliant Lis...

Resolved! Why do "incomplete" sessions show as "allowed"

Hi.I've got some pretty specific firewall rules for machine in our DMZ, and I noticed some intriguing log entries while checking into an (unrelated) issue today.I get a log entry which reads like this02/27 11:42:30 end outside DMZ <source_ip> <destination_ip> 1433 incomplete allow <rule_name&g...

darren_g by L4 Transporter
  • 41491 Views
  • 14 replies
  • 1 Likes

Blocking via file extension (Text only)

Am I able to block via file extension, the text file extension ony, without any inspection and/or identification by the Palo Alto unit?I want to block jar files but the PA keeps telling me they are zip files and then allows them. I would like to block anything named *.jar no matter what the PA identifies it as.Thanks!

choff123 by L3 Networker
  • 6089 Views
  • 5 replies
  • 0 Likes

Many "not-resolved" category in URL Filtering log when using "URL Category" column in Security rules

Hi, all,First, my customer doesn't buy "URL Filtering" license.I use the "Custom URL Category" in the "URL Category" column at Security rules, as the attachement named "security-rules.png".https://live.paloaltonetworks.com/servlet/JiveServlet/download/2-5074/security-rules.pngBut, I see many category named "not-resolved" in URL Filtering log, as...

Polycom Real Presence issue

Hi (it's my day for asking questions, it seems).We have a client who desires that we connect to a Polycom video conferencing system using some software called "PolyCom Real Presence".The trouble is - it doesn't work, or works intermittently - sometimes video works and sound doesn't, sometimes sound works and video doesn't, sometimes it doesn't w...

darren_g by L4 Transporter
  • 5379 Views
  • 6 replies
  • 0 Likes

Resolved! Help: how to use dynamic block list

Hi all.I want use " Dynamic Block List" to block some IP.I creat a IP list on a local web serversBut I can't import list in to Palo Alto?Something wrong?Pls help me.Thanks

dat.tran by L2 Linker
  • 5719 Views
  • 4 replies
  • 0 Likes

PBR on 5.0 with redundant internet connections questions

Hello All,New to Palo Alto. I think PBR is working right. But functionality is not what I wanted to happen.I have Cisco DMVPN from all my remote sites to my corporate site. This tunnel is created inside of the firewall.my desired affect is to have 2 ISPs. When the primary fails it dynamically fails over to the secondary internet. Then when ...

JColby by Not applicable
  • 2351 Views
  • 1 replies
  • 0 Likes

Resolved! Cant select app to clone

This might be a dumb question but I am having trouble cloning the Oracle application in the GUI. I have admin rights, there are no pending changes, and I've tried this from 2 different browsers. I find the application and there is a clone button below it. Unfortunately there is no way I can see to select the app. There is no check box, and when ...

jickfoo by Not applicable
  • 8331 Views
  • 7 replies
  • 0 Likes

Resolved! PBF Interface Choices

I want to set up a policy-based forwarding rule to send all traffic from a particular Source IP out through port ethernet1/8. I can't figure out how to get "1/8" in my list of interface choices. All I have to choose from is vlan, loopback and tunnel.Thanks in advance.

wildfire and security policy - problem

I have enabled wilfdire protection on polisy for NAT (also antyvirus/antyspyware/Volnerability).From time totime I get email with information that someone from my network downloaded some files infected ie. by malware.Until now I think that this file was blocked by PAN.Today I tryed (just for test) download file from link from that email (storage...

_slv_ by L4 Transporter
  • 7798 Views
  • 5 replies
  • 0 Likes

Blocking a site hosted malware

A new "parked domain" company and come to surface, and they seem to own a LOT of domain names, none of which brightcloud has correctly classified as "parked domain". The server in question is hosting a piece of malware called seedabutor.b. Our AV is catching it, but I'd love to just block the whole server instead of handling this each time I s...

cenders by L3 Networker
  • 2923 Views
  • 2 replies
  • 0 Likes

Resolved! Virus install high CPU on Active, not standby?

Hi.Configuration : 2 x PA2020, Active/passive, running 4.1.11, trying to install AV release 957-1328I noticed today while pushing a virus definition update that the active node in my active/standby takes an absolute age to install/update, with the management CPU running at 100% for most of the process, but the standby node not only finishes fast...

darren_g by L4 Transporter
  • 2368 Views
  • 1 replies
  • 0 Likes

Resolved! Can I get all managed devices to show in Panorama Maps?

Do anyone out there know if it is possible to display all managed devices in Panorama in either the Threat or Traffic Maps?We have branch firewalls in locations all over the country and it would be nice to see which were getting hit with more traffic or threats in a visual manner.

  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks