This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Policies - Security - Rule shadowed by 2nd rule

Much like an access list on a cisco router top to bottom. I recently created 2 rules for our 3rd party ISP to connect internet sticks via our firewall.1st rule - Allow all traffic via TELUS internet sticks from Trust Vpn, Source (telus), Destination (Any), Actions (Allow), No profile type.2nd rule - Deny all traffic via TELUS internet sticks fro...

Is it PAN 4.1.8 ready for production environment?

HelloI find that in PAN 4.1.8 is new feature:"User/Group-based Portal Configurations – The GlobalProtect Portal now supports multiple agent configurations on a per-user or user-group basis within one portal configuration."I know that its fresh ... but I need this feature.Is it safe to put it on my PA-200 at the moment?With regardsSLawek

_slv_ by L4 Transporter
  • 7572 Views
  • 13 replies
  • 0 Likes

Resolved! configuring NAT with TAGGED subinterfaces

In order to overcome the limited number of physical interfaces on the PA-200, I need to have one physical interface handle traffic for two different zones, A & B. These zones need to talk to each other and to other internal zones (with security policies enforced by the firewall). In addition, they need to access the Internet using Dynamic-IP...

ewilen by Not applicable
  • 5855 Views
  • 5 replies
  • 0 Likes

Resolved! PA in VWire mode between trunked ports

Greetings,Before, I get to the matter, I have browsed through the discussions and did find solutions. But I am unable to understand a few concepts. I have a scenario where;1. The present firewall is a virtual firewall hosted on an ESXi Server.2. Links are from Core to the ESXi Server.3. Two ports used on the ESXi Server are trunked ports.4. Th...

Resolved! Exporting NAT configuration

So I'm wanting to get the XML out of the firewall for specific DMZ's so that I can assemble IPAM updates from the XML.Right now, if I ssh into Panorama, go into config mode, and issue this command:show device-group DMZ pre-rulebase nat rulesThen I get the output I want, however, doing it interactively isn't what I want - what I'd like to do is c...

jsilvia by Not applicable
  • 7694 Views
  • 2 replies
  • 0 Likes

Resolved! Global Protect (basic-mode) for Android and PC - licensing and coexistence

Hello everyone, one of my customers wants to connect using their Android smartphone. I read the doc, seems like the only gotcha is it requires client certs. If I do this, then all SSLVPN users will be required to have client certs. I did not see a way to allow android/ios devices to use client certs while allowing PC's to simply connect in.Ha...

dbrenipc by L3 Networker
  • 3828 Views
  • 2 replies
  • 0 Likes

Using Third Party Certificates on a Palo

Does anyone know what the best certificate to use on a Palo is please? We have a customer who is failing PCI compliance testing as we are using a self signed certificate which was generated on the Palo for Global Protect. Any help or advise would be greatly appreciated.Many Thanks

Filter out certain traffic (DNS)

I am looking for a way to omit DNS traffic from showing up in the Top Applications widget. I thought Application Override might have been the way but it proved unsuccessful. Anyone try this before? Or have something you can point me to?Thanks in advance for any help!

phalen00 by Not applicable
  • 2084 Views
  • 1 replies
  • 0 Likes

Traffic on untrust interface - problem

I have a problem. I have 8Mb internet connections some of my servers are directly connected to internet (I have a switch connected to servers and PA200).Every day throught untrust interface are made backups of this servers. So the traffic on untrust interface dramatically rise from few Mb to about 100Mbit during the time where backups are made.I...

_slv_ by L4 Transporter
  • 3342 Views
  • 4 replies
  • 0 Likes

Resolved! Guidance in setting up ssl decryption - cert management

I am trying to get this setup for a customer and this is my first time setting up ssl decryption. The customer has SBS2011 so they do have AD CA. I created a domain cert for the PA and exported the root cert. I imported both of these into the PAN firewall. I set the PA cert as the forward trust and forward untrust and the other as a root cert. I...

SDorsey by L4 Transporter
  • 5446 Views
  • 7 replies
  • 0 Likes

Best Practices for Application Policies?

I was wondering if there is a best practices document for setting up a policy to control particular applications. I've already dug through the Skype tech document which tells to enable unknown applications. Are there any other applications that work better or require unknown applications to be enabled? To take it further, is there an application...

nugentec by L1 Bithead
  • 14685 Views
  • 19 replies
  • 0 Likes

SMB Fragment Packet Found(32332)

Hi,Anyone have experience of this firing off continuously for 'normal' LAN traffic (deffo not being used as an evasion technique) since the signature was modified (v337)?Cheers

apackard by L4 Transporter
  • 2184 Views
  • 1 replies
  • 0 Likes

VMWare series firewall

Just noticed a section of he help file for PANOS 5 which mentions a virtual firewall series from Palo Alto. Sure am interested in some more info....Bob

BobW by L4 Transporter
  • 1907 Views
  • 1 replies
  • 0 Likes

Yahoo Toolbar uses port 443. The application database on the PAN only looks for port 80.

Hi, I noticed my PAN is blocking connections from my client computers to the yahoo toolbar over port 443. After looking around in the database I noticed that it's only looking for this app to use port 80. Is there a way for me to add port 443 to this application. Or can PAN update their app database? How do I do about making this request?Thanks ...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks