This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4476 Views
  • 0 replies
  • 0 Likes

The publisher could not be verified

I noticed that when I download programs from the Internet with Decryption turned on, the downloaded file says "The publisher could not be verified", whereas if I grab the same file off a non-decrypted connection I do not get this same message.How do I resolve this?

EdwinD by L3 Networker
  • 1963 Views
  • 1 replies
  • 0 Likes

Blocking Application Filters

I've browsed through these forums regarding the best way to block applications. I've saw the posts of folks blocking applications by app filter. I have AD integrated AD groups. These groups tie to individual Palo Alto security rules that allow any port any service as the destination, and then use group profiles to block specific categories.I a...

EdwinD by L3 Networker
  • 2302 Views
  • 1 replies
  • 0 Likes

fqdn - policies - wildcard

Hi,i want to place a policy with fqdn entrys completed with wildcards.e.g.Our PCs have names like this:LABPC01, LABPC02, LABPC03Now i want to deny the internet traffic for every PC with the name LABPC*But i also want to allow it to a special list of pcs.I wanted to use a policy with fqdn entrys - but i'm not allowed.When i want to do an address ...

axel5le by Not applicable
  • 3333 Views
  • 1 replies
  • 0 Likes

Resolved! Eicar Testvirus will not be recognized

On the website EICAT TESTVIRUS resides a lot of different kinds of eicar. Most of them will not be recognized by the Palo Alto Networks AV-Engine. The behaviour of the firewall is thereby a bit confusing. It seems: if you click on the links more then one time, you can download the virus on the second or third instance. Especially the PDF-Eicar ...

mhuels by L3 Networker
  • 11496 Views
  • 5 replies
  • 0 Likes

Resolved! Security Policy Rule for Application and URL Category

Hi,We have recently updated to 4.1.6 which gives more funtioinality regarding Security Policies.I would like to know what steps are required to mix apps and URL categories in a single policy.I had wanted to grant a user iTunes Access by Adding App-ID - 'itunes' and under the Service/URL Category - have 'Online Music'.I believe this would remove...

gaitken by L0 Member
  • 3684 Views
  • 1 replies
  • 0 Likes

FTP Brute Force attack blocked only after 13 seconds

Hello,Two months ago we correctly set up a rule to block Brute Force attacks on our FTP server in DMZ.The related information can be found here: https://live.paloaltonetworks.com/message/16977#16977We tested it manually by just entering wrong passwords quickly for the FTP server and after 10 attempts we were blocked from our own FTP server.The c...

palo alto安全防范是否支持一下功能????

具备Land攻击防范功能 具备Smurf攻击防范功能 具备Fraggle攻击防范功能 具备ICMP Flood攻击防范功能 具备地址扫描攻击防范功能 具备带路由记录选项IP报文攻击防范功能 具备超大ICMP报文攻击防范功能具备time-stamp攻击防范功能 具备带源路由选项报文攻击防范功能 具备端口扫描攻击防范功能 具备ICMP不可达报文攻击防范功能 具备ICMP重定向报文攻击防范功能 WinNuke攻击防范功能

Resolved! Pan-agent settings over the WAN

We are having some issues with our remote sites as they browse the internet through the central site however they authenticate to Domain Controllers locally in the remote sites.When we enter the remote site DC's in the pan-agent (which resides in the central site) the traffic generated by the agent when pulling the security event logs kills the ...

rds by L2 Linker
  • 9845 Views
  • 12 replies
  • 0 Likes

Using QoS to set application priority

Is it possible to set priority based on application? Most of the configurations I've found were to limit bandwidth to certain applications, so I'm curious if this is even possible.On my PA-500 I created a QoS policy with the smtp application and set it to class 2. The default QoS profile already has class 2 as a higher priority than the defaul...

Connecting a Tier 1 firewall pair to a Tier 2 firewall pair without a switch

Internet||Tier 1 FW||Tier 2 FW (Palo Alto Firewall) in Active/Passive mode||Core Switch (HA)Hi,Can I connect a pair of Tier 2 firewalls (A/P HA) to a Tier 1 firewall pair (A/P HA) without using a switch(s) in between? there will be 2 UTP from each T1 firewall - 1 to each Palo Alto Firewall.the main reason is that there's no available switches fo...

afiq by L1 Bithead
  • 4984 Views
  • 3 replies
  • 0 Likes

Allowing just the application "web-browsing" breaks websites

I’ve been trying to figure this one out and would appreciate input from the community. What recommended "helper" applications must be enabled along with the application “web-browsing” to have websites work as close to normal as possible? For example allowing just the application “web-browsing” and “SSL” is not sufficient since plenty of websites...

Quinton by L3 Networker
  • 10358 Views
  • 5 replies
  • 3 Likes

Packet with application status insufficient-data

Dear All,Do you ever face a problem in Paloalto with appliaction logged as "Insufficient-data"?My policies set to permit the connection, but every traffic that logged in Firewall always as "Insufficient-data", also the application can't establish connection.Thank you

User-Id Agent no longer showing domain

I setup the user id agent with the PA for an organization several months back. They reported it not blocking correctly so I logged in to take a peek. The PA used to report their username as domain\user but now it is just reporting the username (with no domain) which explains the rules not matching correctly.Their PA was last updated a month ago ...

SDorsey by L4 Transporter
  • 3124 Views
  • 1 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks