This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4468 Views
  • 0 replies
  • 0 Likes

Resolved! unauthenticated users

Is there a simple way to prevent unauthenticated users from accessing the internet from the inside?It is my understanding that you cannot negate AD Groups? True?I was hoping to create a policy like this that would deny any unauthenticated users from accessing the internet.Zone Address User ...

Does anyone know "flow_fwd_zonechange" and "Packet routed to different zone"???

Hello All.I use PA-5050 , PANOS-4.0.9 , 10G InterfacesDMZ zone has FTP Server. It work for file download service to Internet.FTP data traffics are very slow (about 50KByte/s).But the device is working "commit" that FTP data traffics are fast(about 10MB/s)And FTP data traffic are slow again after commit 10 minute.I had checked Interface count on...

Resolved! User-ID functionality for 5.0+

I am playing around with a new PA200 we recently purchased. I am interested in learning more about he new User-ID functionality that is built into firmware version 5.0+. Is there any documentation, white papers, etc. that I could use to try and get this setup? Everything I have found seems to be fairly dated. Any help would be appreciated.Thanks!

AD Tools and Lync do not work over our SSL-VPN

I connect to the VPN (NetConnect). I get all my ipconfig correctly. I can ping anywhere in the network.If I bring up an MMC I can add an RDP snap-in and RDP to machines.However, the AD, DNS, DHCP snap-ins cannot connect to our servers.Checked the firewalls on the servers.The tunnel terminates into the same zone as the servers.Mysterious....

Resolved! Apple or Mac viruii scanning

GroupI have a student in one of my classes who asked what scanning techniques do we have, surrounding the AV security profiles that we apply.Apple File Protocol is not one of the 6 precanned decoders that we apply in our AV scanner.How does/would Palo Alto scan for viruses that could be transmitted using AFP (Apple Filing Protocol)Thank you.Steve

scantwell by L4 Transporter
  • 2627 Views
  • 1 replies
  • 0 Likes

Resolved! HOW to disable DHCP Lease start in system log

Hello,DHCP server is enabled on PA for some customers.It works fine BUT it creates a lot of entry in the sytem logs.( receive_time leq '2013/02/06 11:49:27' ) and ( subtype eq dhcp ) and ( severity eq informational ) and ( eventid eq lease-start ) and ( description contains 'DHCP lease started ip 192.168.99.13 --> mac 68:96:7b:36:2d:8d, inter...

licenselu by L4 Transporter
  • 4341 Views
  • 3 replies
  • 0 Likes

Resolved! Global Protect Setup

I have attached pictures of my current Global Protect setup. Now we have had a request to allow IPAD's, and Android tablets on to the VPN. Can I have multiple profiles? One for our Domain laptops and one for tablets? I see from the documentation that the tablets will need a Root Certificate from the PAN. If I create a Root Certificate for the ta...

Resolved! Selective cut-paste of the config

Hi,I have to deploy 9 PA boxes. I would like to create all objects on one box and copy that section to all the boxes. How do I achieve that? The config seems to be in XML format and section cut-paste is not working on command line. So far only way I could see it working is export the config from GUI to xml format, edit whole file in notepad and ...

smunzani by Not applicable
  • 7277 Views
  • 5 replies
  • 0 Likes

Number of supported Global Protect clients per box ?

In all the specifications sheets there is a different number listed for the concurrent SSLVPN and IPSECVPN supported clients. eg. on a 5020 2,000 IPSec VPN tunnels/tunnel interfaces5,000 SSL VPN UsersI find these number very confusing :Globalprotect uses both IPSEC and SSL ( IPSEC is preferred I was told).So my question, how many globalprotect c...

Resolved! Threat Prevention Throughput

Hi,Just want to know if there is a way to see how much threat prevention throughput is consuming? The command I use to check for the current throughput is show systems statistics sessions but I believe this is for the firewall throughput. Please correct me if I'm wrong.Thanks,MBS

Blocking jar and class files. What about *.pack.gz?

To mitigate the threat of the non stop java exploits Ive started to block jar file and class files. Now in the data filter logs i spot *.jar.pack.gz files. Im wondering about a few thingsIs blocking jar and class files a good mitigation against browser based desktop java exploits (drive by's)? As far as I can tell from my research the answer is ...

choff123 by L3 Networker
  • 5254 Views
  • 3 replies
  • 0 Likes

Resolved! flow_inter_cpu_nat_mismatch

Hi All, Noticed this Global Counter incrementing on our 5060 platforms ( running 4.1.x code ). When messing with the command "set session processing-cpu" and pointing all new sessions to a single CPU the counter stop incrementing (makes sense, no inter CPU communication requred ). Is this something we should be worried about ? No issues to re...

dpenhall by L2 Linker
  • 2330 Views
  • 1 replies
  • 0 Likes

Shared Application Groups in Panorama Version 5

In Panorama Version 5 it can be configured that address and service objects are only applied to firewalls which actually need these objects because they are used in the policy. Unused objects are not pushed to the firewall. However we found out this only applies to address and service objects (as the setting "Share Unused Address and Service Obj...

Anon1 by L4 Transporter
  • 2080 Views
  • 1 replies
  • 0 Likes

GlobalProtect Vsys issue

HelloI want to configure GlobalProtect Remote Access to limit the connection to a Vsys from external administration users to just the ones that uses VPN.I have tried on a PA-200 and works but There's an error when I configure the same settings on PA-5050 with Vsys.The error message I get is:Invalid configuration. Schema verification failed.netwo...

Resolved! Routing Daemon

Hi All. Could you please let me know the routing daemon used in Palo Alto firewalls.Thanks in advance.Hari.R

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks