This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4236 Views
  • 0 replies
  • 0 Likes

Resolved! block-url threat level

I am trying to set up notification for blocked urls. I can see block-url syslog messages when I set log forwarding to log severity level informational. Is there a way to modify the threat level for blocked urls? I would like to use a higher threat level as an indication of when to send an email alert.Thanks.

oshcomp by Not applicable
  • 3021 Views
  • 2 replies
  • 0 Likes

Resolved! Static nat commit warning valid...?

When I commit my configuration, I am currently getting the following commit warning:· - Rule '<public ip removed>-snat' shadows rule '<public ip removed>-snat'I know why I am getting this and its because I have 2 bi-directional static source NATs with 2 different public IPs that go to the same internal IP. I understand that in the o...

Rjschultz by Not applicable
  • 4259 Views
  • 4 replies
  • 0 Likes

Failing close..

I think Palo Alto refers to "Failing Close" as still allowing traffic through in the event of a failure. And by default, I think the Palo Alto 4020 Fails OPEN. Is there any way to set it to fail closed?We are using our Palo Alto as more of a sensor/monitor, not so much as a Firewall. We would like to put the Palo Alto inline with some parts o...

jambulo by L4 Transporter
  • 7218 Views
  • 4 replies
  • 0 Likes

Resolved! URL filtering allow_list configure without URL license(BC-url database)

Hi all,We have try to configure the URL allow list in policy without the URL filtering license.but we fail because we just config the allow list.In URL filtering process execution1. black list2. allow list3. custom categories4. BC URL categoriesSo, if we just configure the allow list, another URL would not be control it because the database is e...

Resolved! High rate on "flow_host_ha_encap_err"

Hi folks,By chance (okay, we were troubleshooting another issue) we found a potentially strange issue on our active PA-2050 (there is a secondary (HA passive) PA-2050 in place as well).1) We issue the following command on the prompt: show counter global filter delta yes severity drop2) We get the following output:Global counters:Elapsed time sin...

oschuler by L4 Transporter
  • 7548 Views
  • 5 replies
  • 0 Likes

Resolved! New Java vulnerability, CVE-2013-0422, released 1/11/13

Hello all,Just wondering if anyone might be able to tell me whether this vulnerability, CVE-2013-0422, is being addressed? And, if so, when could we expect to see a patch for this? Thank you!http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422&utm_source=dlvr.it&utm_medium=twhttp://msisac.cisecurity.org/advisories/2013/2013-006.cfm

u13987 by Not applicable
  • 3893 Views
  • 4 replies
  • 0 Likes

Wildfire questions

Ran a very quick and dirty test with Wildfire using a few malicious files I could find online. 2 out of 8 of these were judged "benign" by Wildfire (the 2 that were missed were very similar, so 1 out of 7 may be more accurate). Anyway, I know that nothing like this is going to be perfect, so I'm not complaining about the false negatives.Question...

mscox42 by L0 Member
  • 2526 Views
  • 1 replies
  • 0 Likes

Resolved! NAT to multiple https sites

It is possible to NAT to multiple internal https sites behind a single external IP address? If so any guidance on how to create the NAT policy would be most apprecaited.

tjcarter by L1 Bithead
  • 8119 Views
  • 10 replies
  • 0 Likes

PA-500 dual internet connections

Hello all,First post here!!I have a PA-500 that I'm trying to add a second internet connection to and I'm running into an issue. The goal here is to keep the primary line (a bonded T1 solution) for corperate traffic such as VPN tunnels, remote connectivity, SIP phones, mail delivery and then add the second line (a standard cable line) for genera...

Resolved! Block DMZ specific URL

Hi dear,I wanted to block from Internet a specific URL on our publicwebserver that located on our DMZ:We have a webserver on our DMZ example (https://toto.ourcompany.com) so we havea policy that allow from Internet to access this webserver by SSL, what I wantto do is to block only for example (https://toto.ourcompany.com/Web/login.html).I did a ...

BSadozai by L2 Linker
  • 3416 Views
  • 2 replies
  • 0 Likes

Routing to the same IP address via different tunnels.

routing the same IP within a VR via 2 different ipsec tunnels, I currently have a primary tunnel and a backup tunnel built for a customer. All traffic from this customer comes from the same PAT address to my firewall. I have 2 static routes going to the same IP addresses via 2 different tunnel interfaces using a metric of 1 for the primary and...

cmoore50 by Not applicable
  • 3347 Views
  • 1 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks