This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

interface failover on PA500

Since link aggregation (LACP or etherchannel) is only supported on PA4000++ I want to build a simple interface-failover / interface-group setup (like any other enterprise firewall allows even on low-end devices).groupTo do this I would do the following:1. change interface mode to Layer2 on both interfaces making up the interface-group2. create a...

ctr_ts by L1 Bithead
  • 4015 Views
  • 1 replies
  • 0 Likes

Resolved! Does WildFire work in "Tap" mode?

We have had WildFire turned on for almost a week. In the Data Filtering logs, it has "forwarded" numerous "PE" files and only 1 "PE" file was logged as "wildfire-upload-success". That 1 file happened to be coming through the interfaces that are set to Virtual Wire. All of the other files that say "Forward" are coming through "Tap" mode.1) Can...

jambulo by L4 Transporter
  • 5409 Views
  • 3 replies
  • 0 Likes

ssl-vpn and IPsec tunnel Palo Alto with Check Point

Hello all,I'm hoping that somebody may be able to answer a few questions I have about the configuration of Palo Alto firewalls please?I want to set up two differents VPN, one ssl-vpn and one IPsec, i do this because i want to conect to my firewall from wherever place (ssl-vpn) and the second one to conect to another firewall from other networks ...

is it possible to add a CA in PA device?

Hello there. I have a question related to CA for SSL client. Customer has a certificate which issued by Trusted Root CA, but this trusted root CA is not contained in an ssl client's browser.And then, the customer certificate was issued by this CA.So, customer wants to distribute a CA of customer for all SSL VPN clients to avoid ssl certification...

willstech by L3 Networker
  • 3708 Views
  • 4 replies
  • 0 Likes

Resolved! Administrator login alert

Hello -I'd like to create an alert to notify me whenever an administrator logs in to our firewall. Any thoughts/suggestions as to how best to do this?Tnx, Tom

TomS by L1 Bithead
  • 2874 Views
  • 1 replies
  • 0 Likes

Blocking darknet hits

Is it possible to implement a darknet on PAN OS 4.1? I have a number of publically addressable subnets that aren't in use and I'd like to block all traffic, for some period of time, from Internet-based hosts who hit those subnets. I currently have rules in place to drop traffic to those subnets, but I'd like to take the additional action of bl...

dhamlin by L0 Member
  • 3652 Views
  • 3 replies
  • 0 Likes

FQDN address object resolution (multiple IP's)

HiCan't seem to find more information besides the Administrator's guide v4.1 on this. I have two questions on this (FQDN address objects):1) Security policies using a FQDN address object works great. Tested it by blocking access to certain websites. How does this method of blocking a website compare to using a custom URL profile?2) Another quest...

Quinton by L3 Networker
  • 13049 Views
  • 5 replies
  • 0 Likes

GP agent without auto starting services

Hello PAN,Some of our users has a GPAgent on their private computer in case (very rarely) that they suddenly need to be able to connect to the company.For such users - the automatic starting of the services are *extremly* annoying and disturburbing for them (and other family members) and unfortunately this happens even iff the agent is in on-dem...

sitecore by Not applicable
  • 2312 Views
  • 1 replies
  • 0 Likes

hard disk specification??

Hi all.I’d like to know hard disk specification of every each PA appliances (include PA 5000 series). What I want is a below. hard disk size Number of hard disk HDD RAID configuration level Also let me know, if you have more useful information about HDD. Thanks. Eugene.

willstech by L3 Networker
  • 8270 Views
  • 13 replies
  • 0 Likes

Panorama Issues

I'm trying to migrate my devices to Panorama, and am having a few issues.1) I cannot switch to Brightcloud URL filtering, I get the following message:Server error : Successfully set URL database to 'brightcloud'.Failed to read 'brightcloud' categories. Please restart the device for changes to take effect.Rebooting the server from the GUI doesn't...

Application limit when pass FW

Hello every one . I try to implement PA-500 on PAN-OS 4.1.6. Then I configure 2 security policies. 1. security policy for deny bittorrent from both direction (Trust and Untrust zone) . 2. security policy for allow all traffic both direction but enable AntiVirus, Spyware, Vulnerability and URL filtering on alert.My environment for imple...

Resolved! https blocking issues

Hi,I have a similar issue.the website is added into the URL filtering and also have tried in custom URL catergories.it blocks http but not https when the page has a link on it so for example https://www.google.com it will block. but when we usehttps://www.google.com/intl/en/options/ it does not block this site.How can I block this site.ThanksSean

I've messed up my port forwarding

Hi allI'm a very inexperienced Palo-Alto user - My 2050 arrived last Friday, and I've been tinkering since.I followed the advice found in https://live.paloaltonetworks.com/message/12754#12754 to setup a port forward, which is working, but a bit too well.I've given my external interface a x.x.x.x/28 address, as I've been given a nice range of add...

Torpig Phone home DNS request

Been seeing lots of detection for this threat, but the attackers are external and are trying to reach our internal DNS servers. We have checked those dns servers along with going over other traffic and AV consoles looking for bots/trojans. Any ideas why I would be seeing the Torpig phone home dns request threat from outside attempting to reach...

thandlon by Not applicable
  • 4644 Views
  • 1 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks