This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

Resolved! Virus definition upgrade server issues - anyone else?

Hi.I've just noticed that my PA's can't download the latest virus upgrade from Palo Alto.Every time I try, I get "Failed to download due to server error - please try again later".I've been getting this error for several days now - is anyone else seeing it?Trying to download virus incremental upgrade 835-1175, dated 2012/10/07. My automatic overn...

darren_g by L4 Transporter
  • 3472 Views
  • 4 replies
  • 0 Likes

Resolved! 4.0 to 4.1 Upgrade Path

I have 22 firewalls plus Panorama that I am looking to upgrade from 4.0 to 4.1.x. Part of this will also require the upgrade of the User-ID Agent on a few servers.I have seen a few threads saying that Panorama needs to be a higher version than the firewalls, but have not seen an answer to the question if Panorama 4.1 can push policy to a 4.0 fir...

Resolved! iOS 6 and IPSec VPN

We have iPad 3's with IPSec VPN working with the Palo Alto 5020. We upgraded one iPad from iOS 5 to iOS 6 and now the VPN is not working. I know iOS 6 just officially came out this morning, but anyone else have this problem? Here's what I'm getting from a tail of the ikemgr.log...2012-09-19 17:22:39 [INTERNAL_ERR]: decrypt output length does n...

jambulo by L4 Transporter
  • 4373 Views
  • 4 replies
  • 0 Likes

Resolved! Add second ip to tunnel interface

Hello All,I am wondering if it is possible to add a second IP to a tunnel interface. I want to add some extra IPs to a tunnel interface (/28 subnet). To allow a remote party to connect to some servers in our internal network using NAT over IPsec tunnel. I have been looking at both CLI and GUI both cannot find it.Kind regards,Jorg

jorgdc by L0 Member
  • 6204 Views
  • 3 replies
  • 0 Likes

Resolved! File Blocking and the Continue Action

Hello,I understand the main purpose of the continue action, and the additional level of effort the end user must take to ensure they intended to download a specific file. Can anyone verify that the continue feature works if someone was trying to upload a file? Think of a scenario where a company roles out a new AUP and they are trying to ease ...

jclimer by L0 Member
  • 6455 Views
  • 5 replies
  • 0 Likes

Resolved! Can't get internet access, routing problem?

I have worked with many different types of firewalls, but this is my first time with the Palo Alto 5050. Currently I have a basic configuration, a single internet connection and a VR with a default route, properly addressed interface, policy that allows all traffic, zones, etc. Right now I just want to be able to ping out to the internet, the re...

mgross by Not applicable
  • 18981 Views
  • 5 replies
  • 0 Likes

Resolved! Does the current PAN-OS support public-key site-to-site VPNs?

Hi all!Going through the documentation and forums, it doesn't seem the current Palo Alto PAN-OS support public key site-to-site IPSec VPNs. That is to say, there's no support for certificate-based IPSec VPNs like the Cisco ASA has.Are there any plans to implement this feature?Many Thanks!RegardsDavid V

Removed user from a AD group still given the access

So here my problem.I have create a new rule with a new AD group. I have added 4 users in the group, including myself.I have open a new custom URL group there. All work fine so far.Here my problem. I try to remove myself from the group. After applied many time rules, i still have an access to this rule.- I have remove myself from that AD gro...

SSL VPN (with Global Protect) and reserved IP for one user

We use basic global protect functionality (no global protect licenses) to connect with SSL VPN. One of user (businnes owner) must have always the same IP address when he connect via SSL VPN. How can I resolve this? In global protect configuration isn't possible to reserve IP addresses for MAC address (like in DHCP server).

darkfibre by Not applicable
  • 10252 Views
  • 8 replies
  • 0 Likes

Could PA show the email content/mail body?

Does anyone try to use the data filter function to block the keyword which sent by hotmail or outlook? I defined a policy to alert those sent by hotmail or outlook mail, I could see the event happened in data filter log but cannot see the full mail content/body. Does anyone know PA support to see the mail content or not?

carsent by L1 Bithead
  • 2974 Views
  • 2 replies
  • 0 Likes

Resolved! Malware Site blocking: 94.102.55.20

Hello forum, I am seeing traffic to a particular IP address from one computer that I know has been infected with a virus (we're busy getting rid of it). The connection is SSL and we are about to implement SSL decryption on our Palo, just not this second. The hoster of the IP address is Ecatel who are synonymous with with malwares. We have a vali...

Conde01 by L1 Bithead
  • 2754 Views
  • 2 replies
  • 0 Likes

Resolved! URL FILTER QUESTION

So I have a URL Filtering Profile and I have entered a site that I want on the allowed list (play.typeracer.com). See screen shot below:When a user that is listed under that profile tries to go to the said site (play.typeracer.com) they get blocked. See screen shot below:Am I not understanding how to allow a site? Can someone point me in the ...

almay by L2 Linker
  • 3182 Views
  • 1 replies
  • 0 Likes

no globalprotect portal license: SSL VPN config "Client VPN internal gateway will not take effect

HelloI need some help with this. The other day we committed changes to our firewall due to switching back to our original server certificate that we were using temporary a TestGP certificate which was created by PA support team to test our global protect issue.Once the changes were committed, we get the error "no globalprotect portal license: SS...

Resolved! HA Sync Error on Commit

Hi All,I have two PA-2020 in Active/Passive HA. Both on same code (v4.1.4) and latest subscriptions.The pair have been running fine for almost 12 months.Recently, when I tried to Commit a fairly basic change on the Active node, it fails to Sync with the passive node.The Passive logs shows an interface config mis-match: one of the Trust zone inte...

  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks