This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4174 Views
  • 0 replies
  • 0 Likes

DNS Proxy Functionality does not work

Hi all,i want to use the dns-proxy functionality of the palo alto to do the following:Software Versiob 4.0./ here.1. Proxy dns request for guests2. Reply to 2 speciel reverse lookups with names which i configure on the palo altoWhat i did already:-> Enabled DNS Proxy-> Entered the primary and secondary DNS Server in the proxy dns seetup-&g...

cfpa by L1 Bithead
  • 2154 Views
  • 1 replies
  • 0 Likes

custom report - vpn users activity

HelloIm looking for solution how to create custom report that shows activity of VPN users (authenticated in local database). In this report I need time of connection/disconnection IP login name and status (success or false) of connection.I spend a lot of time trying to create my own report but without success.Help me pleaseWith regardsSLawek

_slv_ by L4 Transporter
  • 2831 Views
  • 2 replies
  • 0 Likes

Wildfire Malware Domain & Palo-Alto Malware Domain Do Not Agree

Has anyone who has been using Wildfire encountered a case where a piece of Malware identified via the WF assessment has had the following in the summary:"Malware came from a malware domain"where the applicable URL category returned by Palo (Brightcloud online URL lookup) does not recognise it as a malware hosting domain?I assume that the differe...

apackard by L4 Transporter
  • 1849 Views
  • 1 replies
  • 0 Likes

Vwire NAT

I am trying to setup NAT with vwire. According to Palo Alto this is possible with PAN OS 4.1 and I am on PAN OS 4.1.6. I have setup NAT with L3 on the PAN devices so I have an idea on how to do this setup. When I setup NAT policy on the PAN device with vwire I see the traffic in the monitoring tab getting NATT'ed but I still cannot browse the...

snormoyle by Not applicable
  • 2873 Views
  • 3 replies
  • 0 Likes

Using Purchased Certificate for SSL-VPN Portal/Gateway

We have our GP portal/gateway externally facing. We’ve designated a host name for people to access the portal so they don’t have to remember the IP address - from both Untrust and Trust Networks. Currently the portal throws a certificate warning in it's setup. I purchased a certificate from a public CA for that host name, and uploaded the cert, ...

cmateam by L3 Networker
  • 3388 Views
  • 2 replies
  • 0 Likes

Active-Active or Active-Passive

Currently, we have two PA 2050s each hooked into a Brocade FCX switch, which are stacked together. We cando a heartbeat connection over our datacenter's switch, so if one of our drops fails, it will failover. However, reading through the configuration guide it seems like the 2050 does not support link aggregation, and I had planned on using it s...

lorr by Not applicable
  • 5545 Views
  • 1 replies
  • 1 Likes

Hide Public IPs

I've been getting a lot of traffic from 'unfriendly' countries trying to gain access to a service we provide via one of our NAT'ed public ip address. I know for a fact they have no business connecting to that service. Is there a setting on the Palo Alto to hide my Public ip addresses? In that same vain, can I also hide what ports/protocols I hav...

mark1ped by Not applicable
  • 3250 Views
  • 1 replies
  • 0 Likes

Resolved! IPSec VPN tunnel no longer working

Hello guysWe have a few VPN tunnels between our PA-2050 (in HA cluster) and some WatchGuard firewalls (different models). We migrated these tunnels to the PA-2050 a few weeks ago and they ran stable. Now suddenly two of 10 tunnels are down and we don't get them back up. Here's what we tried so far:- Rebooting the WatchGuard firewalls- Suspending...

oschuler by L4 Transporter
  • 20120 Views
  • 18 replies
  • 0 Likes

Resolved! Internal route problem

Had a question about internal routing.We have eth port assigned to a trust network which is a 192.168 network. We also have a Avaya VoIP PBX that is vLan'd on this network and the routing is managed on an internal core switch to access this network. In our single virtual router I have a route for the 192.168.0.00/16 with next hop to the Gatewa...

cmateam by L3 Networker
  • 4972 Views
  • 3 replies
  • 0 Likes

VWire

I have configure a 2050 in a vwire configuration can I still utilize layer3 on the device. From what I have been reading if I configure PAN device for vwire then the device cannot due any layer3 funcationality.

snormoyle by Not applicable
  • 2632 Views
  • 2 replies
  • 0 Likes

SMTP traffic mis-classified as FTP ?

The other day we discovered that our SMTP server was unable to send email to the silvacom.com domain.The problem was traced to our PAN rule which allows only SMTP traffic to eminate from our email server, on the application-default port. All attempts to deliver email to this domain, however, were being seen by the PAN as FTP traffic on TCP port ...

KGC by L3 Networker
  • 4187 Views
  • 3 replies
  • 0 Likes

amount of traffic before "unknown application" is determined

Hi,my questions deals with the application detection. As far as I know the heuristic engine is the last possibility after application signature and decoders weren't successful.But does anybody know how much traffic (bytes or packets) will/can run through a PAN before the heuristic engine gives and the application is set to "unknown"?Many thanks,...

sylvia by L1 Bithead
  • 2358 Views
  • 1 replies
  • 0 Likes
  • 24347 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks