This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4448 Views
  • 0 replies
  • 0 Likes

Resolved! BGP Configuration Clarification Needed

I am new to BGP. I am attempting to configure BGP as layed out in the following documentation with the Active/Passive configuration. I've been given an AS number and a block of /24 from ARIN. Step 2 under "Configuration for the Active/Passive Pair" explains that there needs to be a 3rd interface configured with the internal network IP address/s...

mario11584 by L4 Transporter
  • 18839 Views
  • 10 replies
  • 0 Likes

Forwarding mDNS (multicast DNS specifically for Apples' Bonjour Service)

Hi Guys,What support does the Palo Alto Firewall offer in terms of forwarding on mDNS (multicast DNS, more specifically Apples Bonjour Service)?I have a customer where they have the student and staff wireless network on a seperate VLAN, with the Palo Alto Captive Portal as the only route out. Will it require to add a "hardened" apple server to ...

Unknown user after install and configure UI Agen

Dear All, My PAN is 500 with 4.1.6 OS. I just migrate PAN agent to UI agent with version 4.1.6-5. After installation and configuration, I check the user-mapping the result show as following;> show user ip-user-mapping allIP Ident. By User Idle Timeout (s) Max. Timeout (s)--------------- --------- ...

how to block skype for 'trust' zone and allow for 'trust2' zone

Hi,I'm trying to block skype for one group of users (whitch are in 'l3-trust' security zone) and allow for second group (which are in 'l3-trust2' security zone).Both zones: 'l3-trust' and 'l3-trust2' are source-NATed to 'l3-untrust' zone, one interface, one IP address.I made policy rule allowing skype-probe from 'any' zone to 'any' zone and seco...

Captive Portal on connecting to SSID rather than via Browser for Apple devices - is it possible?

Hello Everyone,I was just wondering if it is possible to have captive portal pop up on connecting to a SSID rather than having the captive portal page upon accessing any website for apple devices? Captive Portal works on accessing any website using safari.I tried blocking www.apple.com/library/test/success.html as a custom url so that the iPad ...

AD Groups in Firewall Policy - Inconsistent Behaviour

I have two issues with managing firewall policies when using AD groups; running 4.1.7 - so am using the 'on-hardware' group retrieval rather than the PAN Agent.1) When adding new groups to be mapped they do not appear in the GUI i.e. cannot be selected for a policy from the 'drop down' selector. This will usually fix itself after a random amoun...

apackard by L4 Transporter
  • 4001 Views
  • 4 replies
  • 0 Likes

Resolved! Puffin Browser: Bypassing Filtering policies (big loop hole may be ??)

Greetings,I was pleasantly surprised when I got to know that I can download Puffin Browser as an app on mobile and tablet devices and browse my way through to otherwise blocked websites / denied applications. Just to confirm what I did:1. Created a Security policy (IP address based and not User based) "Puffin Browser Test" for my iPad and allow...

Resolved! How to cancel screen output in CLI ?

Very silly question, so I apologise now..How do you cancel the screen output in CLI... for example I show the running configuration, there's about 500 pages of it, and I dont want to sit mashing the space bar for 20 minutes!I've tried all the usual suspects, ctrl+c, esc, etc... and I had a scan through the CLI user guides.....I couldn't find any...

Dpeters1 by L2 Linker
  • 5494 Views
  • 2 replies
  • 0 Likes

Production Code Recommendations

I am getting ready to move two 5050s into production and would like to know what release code to start with based on your recommendations. I assume that 4.1.10 would be the best choice, but 5.0 has been out for a little while now. I normally wait for about 4 or 5 releases before moving to the next revision. Thanks for the info.

Best Practises from a Performance perspective.

Hello Everyone,Could someone shed some light on configuration best practises that can optimise performance from GUI , Security rule processing etc ?For example , I was told that using a App Group with a large number of Apps to whitelist might have an adverse performance impact , instead it is better to use App filters as much as possible. And wh...

Resolved! URL Filtering in Panorama

Hi All,why URL Filtering version in Panorama always shows as "0"?Where is URL Filtering database stored? I found that unlike normal PA box, there is NO URL Filtering schedule can be set in Panorama -> Dynamic update, are they related?

TerryYau by L0 Member
  • 2570 Views
  • 1 replies
  • 0 Likes

Resolved! Are PA-devices affected by the packets of death?

For more information see Not Just AstLinux Stuff: Packets of Death and http://www.kriskinc.com/intel-podhttp://sourceforge.net/p/e1000/bugs/119/?page=3 might be related aswell.In short, a magic combo in packets will make the nic go completely offline. Only a powercycle (reboot will not help) will bring it back online (nice DoS capability). Seems...

mikand by L6 Presenter
  • 3848 Views
  • 5 replies
  • 1 Likes

What possible reason cause MP CPU higher after integrate with Panorama

Hello,As this article's title, I setup a Panorama to collect the logs from a PA-2050.But, when I complete the integration between Panorama and PA-2050, the CPU percentage of Management Plane become higher.Before the integration, the MP CPU is lower then 15%. One month later, the average keeps about 59%, sometimes higher then 60%.But I check the...

  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks