This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! What is session_inter_cpu_sync_err count on global count???

HelloI am installing PA-5050 (PANOS-4.1.10) to my customer.I am monitoring all status of device.I am seeing many increase of global count.I have a question.What is session_inter_cpu_sync_err count on global count???andWhat is dfa_sw_fpga_not_loaded count on global count???Please let me know.

Advantages of Virtual Systems...

...What are the advantages of using Virtual Systems, other than being able to divide Management and Reporting of "Virtual" firewalls. In my case, I have a DMZ, Wireless, Trust and Untrust networks connected to a PA 5020. Should I split up the DMZ and Wireless networks into their own Virtual Systems?Something like this...eth1/1 - Untrust(intern...

jambulo by L4 Transporter
  • 5901 Views
  • 4 replies
  • 0 Likes

Resolved! BGP Configuration Clarification Needed

I am new to BGP. I am attempting to configure BGP as layed out in the following documentation with the Active/Passive configuration. I've been given an AS number and a block of /24 from ARIN. Step 2 under "Configuration for the Active/Passive Pair" explains that there needs to be a 3rd interface configured with the internal network IP address/s...

mario11584 by L4 Transporter
  • 18233 Views
  • 10 replies
  • 0 Likes

Forwarding mDNS (multicast DNS specifically for Apples' Bonjour Service)

Hi Guys,What support does the Palo Alto Firewall offer in terms of forwarding on mDNS (multicast DNS, more specifically Apples Bonjour Service)?I have a customer where they have the student and staff wireless network on a seperate VLAN, with the Palo Alto Captive Portal as the only route out. Will it require to add a "hardened" apple server to ...

Unknown user after install and configure UI Agen

Dear All, My PAN is 500 with 4.1.6 OS. I just migrate PAN agent to UI agent with version 4.1.6-5. After installation and configuration, I check the user-mapping the result show as following;> show user ip-user-mapping allIP Ident. By User Idle Timeout (s) Max. Timeout (s)--------------- --------- ...

how to block skype for 'trust' zone and allow for 'trust2' zone

Hi,I'm trying to block skype for one group of users (whitch are in 'l3-trust' security zone) and allow for second group (which are in 'l3-trust2' security zone).Both zones: 'l3-trust' and 'l3-trust2' are source-NATed to 'l3-untrust' zone, one interface, one IP address.I made policy rule allowing skype-probe from 'any' zone to 'any' zone and seco...

Captive Portal on connecting to SSID rather than via Browser for Apple devices - is it possible?

Hello Everyone,I was just wondering if it is possible to have captive portal pop up on connecting to a SSID rather than having the captive portal page upon accessing any website for apple devices? Captive Portal works on accessing any website using safari.I tried blocking www.apple.com/library/test/success.html as a custom url so that the iPad ...

AD Groups in Firewall Policy - Inconsistent Behaviour

I have two issues with managing firewall policies when using AD groups; running 4.1.7 - so am using the 'on-hardware' group retrieval rather than the PAN Agent.1) When adding new groups to be mapped they do not appear in the GUI i.e. cannot be selected for a policy from the 'drop down' selector. This will usually fix itself after a random amoun...

apackard by L4 Transporter
  • 3897 Views
  • 4 replies
  • 0 Likes

Resolved! Puffin Browser: Bypassing Filtering policies (big loop hole may be ??)

Greetings,I was pleasantly surprised when I got to know that I can download Puffin Browser as an app on mobile and tablet devices and browse my way through to otherwise blocked websites / denied applications. Just to confirm what I did:1. Created a Security policy (IP address based and not User based) "Puffin Browser Test" for my iPad and allow...

Resolved! How to cancel screen output in CLI ?

Very silly question, so I apologise now..How do you cancel the screen output in CLI... for example I show the running configuration, there's about 500 pages of it, and I dont want to sit mashing the space bar for 20 minutes!I've tried all the usual suspects, ctrl+c, esc, etc... and I had a scan through the CLI user guides.....I couldn't find any...

Dpeters1 by L2 Linker
  • 5350 Views
  • 2 replies
  • 0 Likes

Production Code Recommendations

I am getting ready to move two 5050s into production and would like to know what release code to start with based on your recommendations. I assume that 4.1.10 would be the best choice, but 5.0 has been out for a little while now. I normally wait for about 4 or 5 releases before moving to the next revision. Thanks for the info.

Best Practises from a Performance perspective.

Hello Everyone,Could someone shed some light on configuration best practises that can optimise performance from GUI , Security rule processing etc ?For example , I was told that using a App Group with a large number of Apps to whitelist might have an adverse performance impact , instead it is better to use App filters as much as possible. And wh...

Resolved! URL Filtering in Panorama

Hi All,why URL Filtering version in Panorama always shows as "0"?Where is URL Filtering database stored? I found that unlike normal PA box, there is NO URL Filtering schedule can be set in Panorama -> Dynamic update, are they related?

TerryYau by L0 Member
  • 2522 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks