This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Resolved! PCI and WSUS

I need to create rules for a PCI firewall for a WSUS server. Microsoft does not publish IP's for their update points so this is problematic on a PCI firewall (or it seems to me). I can either:1) create a rule which allows the server out to "any" using port 80 and 4432) use url filtering (I'm new to the box and it seems this opens the network to ...

Gerry_RH by L0 Member
  • 5137 Views
  • 4 replies
  • 0 Likes

Resolved! Captive Portal Certain AD-Users

I have a unique situation. Currently, I have a 10,000 + user based network and implemented Captive Portal Policy. We have certain AD accounts that auto login with certain machines. We want to always captive portal those certain logins. So I am wanting to ignore the AD authentication for those forcing them to be CPed. Any ideas on the best wa...

netslh by Not applicable
  • 2420 Views
  • 1 replies
  • 0 Likes

Resolved! help to configure a DMZ and NAT

hi,i need a little help to configure a DMZ. here is our situation:interfacesethernet1/1 - 1.1.1.1 (public - NAT clients)ethernet1/1.1 - 1.1.1.2 (public - NAT DMZ)ethernet1/1.2 - 1.1.1.3 (public)..ethernet1/6 - 10.10.30.1 (DMZ).ethernet1/8 - 10.10.20.1 (clients)routingdefault route 0.0.0.0 -> 1.1.1.1 (works!)NATclientOut dynamic-ip-and-port et...

assona by L0 Member
  • 4158 Views
  • 2 replies
  • 0 Likes

Resolved! Aggregate Ethernet interface: LACP and PaGP support

Hello, Everybody,we would like to aggregate ethernet interfaces of our PA-5050 (4.1.7 PANOS) in order to have a redundant physical connection towards our Cisco Catalyst switches.Sound like LACP is not working with PAN and we had to set PaGP, which, on the other hand, cannot be configured to aggregate interfaces of different Catalyst switches, ev...

Bucche by L2 Linker
  • 12311 Views
  • 7 replies
  • 2 Likes

Resolved! Untagged sub-interface doesn't support in OSPF on v4.1.6.

Hello,Cause untagged sub-interface does not support in OSPF routing from v4.1.5. If I have that configuration usage in firmware before v4.1.5 (v4.1.1). What is the right way to configure OSPF area interface, if I want to keep IP address(subnet) of that sub-interface to be re-distributed in OSPF routing table?Now, I use Loopback sub-inteface inst...

Resolved! URL/Application Blocking

Hi Guys,Just wanna ask a few question. I was testing out the URL and Application Blocking. I was trying to block the facebook-chat, facebook-posting, etc.to cut the story, I want to block the applications inside facebook but not the whole website. sadly, it doesn't work.I can still chat post etc..so if you guys have something to say please let m...

HA email alert

hello guys,does email configuration on pan allow you to receive email alert when primary or secondary pan ( in HA-mode ) when the primary firewall goes down? or when any of them stop responding ?regards,bp

Nike Plus

I have a Palo Alto 2050, software version 4.1.6I have a user behind my Palo who can't log on to his Nike+ account. When he attempts to log on he gets redirected back to the sign on page continually. We've tested this outside the firewall and he has no problem. Anyone else seen this problemThank you,David Scott

Decryption

Does the PAN still inspect secured traffic for all threats if it's not decrypting it?

jorge by Not applicable
  • 4873 Views
  • 7 replies
  • 0 Likes

Creating user activity report with all the username in AD

Hi AllI am trying to create a report that will display all my users in my active directory and their activities, the current user activity report only allow a single user. I have also try using the custom report creation but there is no tab for users. anyone has any idea?

RIS by Not applicable
  • 2728 Views
  • 2 replies
  • 0 Likes

Authentication profile + Kerberos + group restrictions - should work?

Running 4.0.5 here.I setup SSL VPN a while ago, and setup an authentication profile to pull from our Active Directory via Kerberos. I have an AD group and I only want the members of that group (or members of groups that are children of that master group) to have VPN access.I only add that single group to the allow list, and nothing else.For som...

bradenmcg by L3 Networker
  • 3958 Views
  • 3 replies
  • 0 Likes

How to route internet traffic through a tunnel interface

What's the best way to route all internet traffic (except IPSec VPN tunnels) through a IPSec VPN tunnel interface?We want to have a single point where all internet traffic passes through and uses the same policies for web and applications.

helge by Not applicable
  • 6509 Views
  • 5 replies
  • 0 Likes

Resolved! Panos 4.1 and new pan agent

Hİ i tried panos 4.1 and new agent(4.1-0-43) with active directory domain (but a way agent successfuly connect to active directory domain and showing active directory users)...i have trouble panos 4.1 when pa box try to connect pan agent i see below message on the pa box and connection unsuccessful but when i use the pan agent 3.1.2 with panos 4...

lildeniz by L3 Networker
  • 3569 Views
  • 4 replies
  • 0 Likes

Resolved! Round Robin NAT?

Hello,I'm running PANOS 4.0.11 and I'd like to be able to set NAT to round robin between 2 servers in the DMZ. We would have a single public IP round robin NAT'd to two internal IPs. Is this possible on 4.0? How would I accomplish this?Thanks,Ian

iguarino by L0 Member
  • 4059 Views
  • 3 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks