This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

ARP Cache Limit on PA-500

Hi PAN,When is that the PA-500 will have an ARP cache limit of 1000? I was promised during the launch of version 4.1 that the ARP cache limit had been increased to 1000 from 500 just to realise that it never happened. I am desperately waiting for something on this as clients are not at all happy with this and having a work around just to avoid...

Resolved! Renaming a VSYS

Should I expect any issues if I rename a VSYS? I assume it should rename all VSYS names in the config where applicable?

jambulo by L4 Transporter
  • 5747 Views
  • 4 replies
  • 0 Likes

Traffic log database exceeds alarm threshold

Hello,This is not very clear on Palo box, since months we have issue that everyweek we have alarm indicating that the log was exceeded 80 of the quota, infact we want to log all traffics and don’t want to disable logging on somerules, I monitored during the week the logdb-quota and Palo don’t clear/purgeor delete older log at 80%, we opened a ca...

BSadozai by L2 Linker
  • 10040 Views
  • 6 replies
  • 0 Likes

Public IP's and DMZ

I am currently setting up a DMZ using a class C address range provided by my ISP. So far I have an untagged interface built connected to a switch and a VR built. Example:I have the subnet 10.10.10.0/24I set interface G1/2 with address 10.10.10.1/24I have a VR with a route 10.10.10.0/24 destination int G1/2 next hop address 10.10.10.1I have a lap...

mgross by Not applicable
  • 4643 Views
  • 3 replies
  • 0 Likes

Is it possible to transfer the username from an authenticated user on a squid to the log in the PA ?

Hello,I have a squid proxy in the internal network, which does the user authentication against the active directory.Now I would like to see the username in the logfiles of the PA firewall.I do not want to use the username for authentication on the PA just to visulize, who is initiating this webtraffic.Something simular to x-forward-for, not usin...

cms.ext by L0 Member
  • 2185 Views
  • 1 replies
  • 0 Likes

Resolved! Issues installing the Terminal Server Agent on Server 08R2

I have this same issue at two separate clients. I installed the agent under elevated priveledges but once it is installed an I open it, I cannot click on any of the menu options. If I click on Restart Server, it says "query service fails with error5".Did I skip a step or am I missing something? I have the regular user ID agent setup just fine at...

SDorsey by L4 Transporter
  • 4230 Views
  • 4 replies
  • 0 Likes

Resolved! Captive Portal in 4.0 is abnormal when PC running Win7 is updated

Hi,I just want to know that there is anyone have the same experience ?My customer's device was running PANOS 4.0.10, using Captive Portal, and working normal.But, in the recent days, their PCs was updating then they could not open the Captive Portal page normal.I cannot find any strange event or log in System Logs, Counters, or other records.Ple...

Ethernet link speeds

I am curious what the recommended link speed settings for the various ports. The external port has to be hard speedcoded to 100/full as that is required by the ISP. The internal connection is to a gig core switch at auto detect (1000/full).Should the internal connection be set to 100/full to match the external?Thanks,Bob

BobW by L4 Transporter
  • 6693 Views
  • 5 replies
  • 0 Likes

Site to site VPN terminating in DMZ possible?

Is it possible to setup a site to site VPN and have it terminate on the DMZ interface rather than the WAN interface? We have numerous remote locations that are running small sonicwall firewalls and connecting back to our corporate site. They currently terminate on a Sonicwall, but we are migrating over to a Palo Alto unit. The reason for termina...

High Availability across a Fibre connection

We are preparing to configure High Availability in Active Active mode on our PA-2020 firewalls in London. Our first firewall sits in our main site in central London with our DR site sitting outside central London connected together via a 1Gbp Fibre.Both sites have a 200Mpb Internet connection so it would be good to make use of both. What optio...

BBHLTD by Not applicable
  • 4111 Views
  • 2 replies
  • 0 Likes

Resolved! Outbound NAT pool question

For reasons I will not go into here, I want to take outbound traffic from secure to unsecure and convert it from a many to 1 NAT rule to a many to many NAT rule. I have 1024 public IP addresses. I want to take a section of my network and provide around 1000 devices with a NAT pool of around 254 addresses. Is this possible? I've tried this...

EdwinD by L3 Networker
  • 2884 Views
  • 2 replies
  • 0 Likes

Resolved! "Stupid" Custom URL Filtering Question

If I want to block all derivations of "acme.com" in URL filtering how should I format the domain in my blocklist/custom blocking category?If I add "acme.com" then that doesn't appear to match "www.acme.com", but if I add "*.acme.com" then it doesn't match "acme.com" (although it does it that redirects to another URL such as www.acme.com).Ultimat...

apackard by L4 Transporter
  • 4126 Views
  • 5 replies
  • 0 Likes

Resolved! GlobalProtect 1.1.7 Subject Alternative Name (SAN)

I'm reading the changes to default behavior with certicifcates in the new GlobalProtect 1.1.7 and I don't know what the Subject Alternative Name (SAN) point is referring to. I generate all the certicates from the PAN firewall for the GlobaProtect authentication setup. The Common Name is clear but where do I need to check the Subject Alternative ...

frypan by L0 Member
  • 3000 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks