This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! Help: SSL decrypt vs yahoo & google driver

Hi all!I config PA to decrypt SSL traffic.I test traffic Https on gmail, facebook, it okBut my yahoo and google driver client can not connect to servers.This is my config.Pls help methanks

dat.tran by L2 Linker
  • 4881 Views
  • 1 replies
  • 0 Likes

Is PAN OS buggy?

If I only had my personal experience and the amount of chatter on the support forum, I'd say that the PAN OS is buggy. Is there more comprehensive information available on bugs in the various releases, like Cisco's Bug Toolkit? I'd like to make more informed decisions on when to take the plunge into the next release.Thanks,Mike

msullivan by L3 Networker
  • 8770 Views
  • 11 replies
  • 0 Likes

User-ID-Agent Traffic

We have user-id-agents on ou core DC's and all our local DC's (across the WAN). We receive reports with high SMB traffic polling from the core DC -> local DC. Anyway to eliminate or reduce?

rrau by L3 Networker
  • 4796 Views
  • 6 replies
  • 0 Likes

Resolved! Update application v 339

Hello,Since I have updated my active/passive cluster with latest Application and threat content (version 339, released yesterday), some ssl traffic is now recognized as "tor" application.This traffic is only ssl, not tor.Is someone else have this problem ??I have 2 PA-4020 version 4.1.9.I open a case for this with my network integrator.I returne...

Performance with Spirent

Hi All,Test with PA 5020, with PAN OS 4.0.11 with tcp reject non syn disableTraffic generate from 50k IP Source and 1 IP DestinationCan anyone give explain about why in small packet (64 bytes) test in Spirent, there is no result ?Or someone already test it?Thanks.

mgp by Not applicable
  • 2728 Views
  • 2 replies
  • 0 Likes

Resolved! SMTP Authentication for Reports, Alerts, etc.

Hello,I'm trying to setup my PA-500 (running PAN-OS 5.0.0) to e-mail me reports and alerts. But, there are no options for SMTP authentication, which our mail server requires us to use. Am I missing the options somewhere, or is this feature not built-in to the PAN-OS?If it isn't, can we please add this to a feature request list, since I'm sure ...

ndblew by L0 Member
  • 4504 Views
  • 1 replies
  • 2 Likes

Resolved! unauthorized application goes to specific rule

Hello,I have defined a rule that allow pings (using the "ping" application). However there are a lots of other applications that flows through this rule, even "web-browsing" !!!How is this possible ?Regards,Laurent

ldormond by L3 Networker
  • 10747 Views
  • 10 replies
  • 0 Likes

Firefox Error ssl_error_rx_unexpected_new_session_ticket

Hi,after PA-500 upgrade (from 4.1.7 to 4.1.9) I solved SSL problem with Chrome but now I have a problem with firefox opening SSL pages (when they was decrypted by the firewall).For example opening https://www.google.com I receive this error:"SSL ha ricevuto un messaggio inatteso di tipo New Session Ticket handshake.(Codice di errore: ssl_error_r...

diennea by L3 Networker
  • 4850 Views
  • 2 replies
  • 0 Likes

Resolved! Application Blocking page for HTTPS traffic through Web Proxy

Hello,I experienced an issue with 'application blocking page' for https traffic through web proxy.The firewall is configured to decrypt the HTTPS traffic.Layout : Client -- Palo Alto FW -- Web proxy (Squid)If the traffic (https session like https://www.facebook.com) is sent directly to Internet, I receive the 'Application Blocked page' in the br...

licenselu by L4 Transporter
  • 6616 Views
  • 4 replies
  • 0 Likes

Resolved! LDAP authentication not matching user groups

Hi.I've got LDAP authentication configured to allow users into a Global protect portal. I'm 100% sure it works OK, because I can authenticate against it.Trouble is, I *can't* get it to authenticate against an Active Directory group. if I add individual usernames into the authentication profile used by the Global Protect setup, they work - which ...

darren_g by L4 Transporter
  • 12115 Views
  • 11 replies
  • 0 Likes

Resolved! Using wildcard cert

Being smart we thought it best to use a wildcard cert as we were going to be setting up about a half dozen SSL certs and various domains, that seem to be ever expanding.One place we wish to use is on our PAN device for VPN access.but as i go to import it, it requires a passphrase, something we never set up, and going thru the CSR process, on the...

rhawley by L0 Member
  • 3338 Views
  • 1 replies
  • 0 Likes

issue with uturn nat, please help!

Hi AllI have a u turn nat rule and security policy in place that has been working fine to allow internal access to the external url of our exchange owa and now it has stopped working - nothing has changed on the firewalls or on the exchange system that could explain the problem.The u-turn nat rule is setup as followsSource Zone: L3_InsideDestina...

no fpga memory for dfa

Hi all,I get some warning message as below, is there anybody meeting such messages?What does it mean?Nov 08 15:08:57 Warning: pan_fpga_alloc_dfa_partition(pan_fpga_handler.c:909): no fpga memory for dfa, subtype 2 size 180Nov 08 15:08:57 Warning: pan_fpga_alloc_dfa_partition(pan_fpga_handler.c:909): no fpga memory for dfa, subtype 2 size 180Nov ...

Blocking Downloads - Real World Examples?

We currently use our PAN in quite a dumb way where most internet access for end users is controlled by a single rule at the top of our rule set which simply allows https/https as outbound services, we don't block/allow specific applications but we do block by URL category and we do monitor using app-id.Could I please get a little feedback on how...

Ipad detection

We've configured the PA500 to accept IPAD connections using IPSEC, but is there a way to detect the fact that an Ipad is connected using HIP rules? We would like to only allow traffic to certain systems.Version PA OS = 4.1.4

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks