This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4107 Views
  • 0 replies
  • 0 Likes

Resolved! Selective Access to Facebook and Twitter

What's the best way to configure selective access to Facebook and Twitter (where some users have full access, while everyone else has no access). The sources will be identified by IP address for right now (usernames later when I get to that).So far, all my attempts using combinations of App-ID and URL Filtering Profiles have failed. I think th...

PSC_IT by L1 Bithead
  • 13755 Views
  • 12 replies
  • 1 Likes

Resolved! Management CPU ends up stuck on 100% after several commits

Hi,we are on a 2050 4.1.2 and are seeing consistenly that the management CPU heads towards and gets stuck on 100% after a series of commits, re-boot is only way to fix.Is there a way to deal with this without a re-boot as this drops all sessions for 8 minutes whilst it does it?ThanksKind regardsHoward

Wildcard for URL White/black list?

Is it possible to wildcard a URL for whitelist/blacklist? The issue we run into is that we will whitelist www.cooldomain.com, but if the user goes to just cooldomain.com it blocks it. Vice versa if we just put whitelist cooldomain.com. So we end up having to create to entries for EVERYTHING. And then if you hit a domain that load balances via a...

trentc77 by Not applicable
  • 3248 Views
  • 1 replies
  • 1 Likes

Windows live messenger disconnects constantly in virtual wire mode, even with the policies rules any to any allow

Is very strange, a have several PAN appliances in Firewall mode, and they working well, but in a couple of branches i have another PAN in virtual wire mode, and when inmediatly connects the appliance the windows live messenger disconnects and re connects constantly, the policies are made for just monitoring the traffic , so the policies are in ...

fibare by L0 Member
  • 2004 Views
  • 1 replies
  • 0 Likes

Resolved! Logging of URL Categories in Security policy

All,I have my normal URL Filtering rules setup as Policy and referenced in Profile of each rule. In those policies I have either alert or block set for each category or custom category. This works as expected, however I'm trying to setup some special access that I'm not liking the results from and need clarification, but I think I know what's go...

steveo by L3 Networker
  • 11896 Views
  • 9 replies
  • 0 Likes

Resolved! User-ID Agent Losing Users

We've been running into an issue with our User-ID Agent where it seems to not have enough discovered users but its also losing them randomly as well. Running User ID Agent version 4.1.4-3, we have it pointed at 5 DCs and it is picking up around 1500 users, but we are expecting there to be over 3000 users at any given time. After doing some inves...

Terry by L0 Member
  • 5377 Views
  • 3 replies
  • 0 Likes

How to block transferring particular file extensions in Google Talk,.?

Hi All,.Is it possible to block transferring files with particular file extensions ( eg,..pdf,dwg,dll) through Google Talk? I tried to do this but not succeeded. But in the file blocking profile the application "gtalk-file-trasfer" is there.When i am transferring the file through Google talk, in the traffic monitor it's showing the app as google...

Gururaj by L4 Transporter
  • 2201 Views
  • 1 replies
  • 0 Likes

KeyWord Search

HelloOn our old firewall which was fortinet we could block keyword search in the web in google etc.is there anyway to do this on Palo Alto?ThanksDarren

daz1981dp by Not applicable
  • 3218 Views
  • 3 replies
  • 0 Likes

Data Filtering keywords

hello can you use data filtering as a block if a user types those words in google search? eg someone types football hits search but block due to the data filter? is this possible? mark

Resolved! How to block people who are trying to exploid vulnabillities for a period of time

Hello everyone,Our PA's are using the thread prevention system which drops traffic that is trying to exploid vulnabillities, do DoS attacks etc.All works very nice - but it's only affecting the attempt on an individual basis.F. ex. - someone performs a "DNS ANY Queries Brute Force DOS Attack" and gets blocked. But then the same source re-tries s...

sitecore by Not applicable
  • 4266 Views
  • 4 replies
  • 0 Likes

Resolved! cannot put a interface to work

hello everybody,I configured an interface, ethernet/5, with ip 192.168.230.1/29 and connected to a device with ip 192.168.230.3/29Theres no way i can see each other, cannot ping PaloAlto from the other device and vice versaIve already changed cables, changed IP ranges, changed network mask, changed interface port, added a managment profile to th...

Resolved! Interface or gateway monitoring

I'm looking for an option which will disable an interface if a remote gateway is not available.This option exist for ipsec vpn (tunnel monitor) but I didn't find it for an L3 interface.For exemple, I want to use an interface for outgoing traffic and a backup interface if the gateway of the first link is down.It works fine if I shutdown the inter...

lguiraud by Not applicable
  • 2921 Views
  • 2 replies
  • 0 Likes

drop-reset application list

Hello,I found this explanation about TCP REJECT today :"The deny action used in a security policy will either ‘drop’ or ‘drop-reset’ based on the app being used in the policy.For most browser-based apps, it is drop-reset - this prevents the browser from spinning while retrying.For client-server apps that are based on http (or other protocols th...

Duplem by L2 Linker
  • 5825 Views
  • 4 replies
  • 0 Likes

delete URL logs older then 7 days

Hello,we have the legale requirement to delete access logs (URL Filter is set to "alert") which are older then 7 days.Is that possible somehow?We cant accept an answer like "please export your log, delete old stuff and import it again". The logfiles are not allowed to leave the appliance.Thanks in advanceJörg

jacobsen by Not applicable
  • 2207 Views
  • 1 replies
  • 0 Likes

Resolved! Zone Protection - Reject Non-SYN TCP

Hi everyone!I've configured a zone protection profile with SYN Flood protection and SYN Cookies enabled. In the same profile I've set the option "Reject Non-SYN TCP" to "no". I've applied this profile to my untrust zone and run a commit.When I run the CLI command show session info i noticed that under session setup TCP - reject non-SYN first pac...

sturla by Not applicable
  • 7974 Views
  • 5 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks