This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4453 Views
  • 0 replies
  • 0 Likes

Allow download of file types that show as ZIP

Hello,I have had a few instances where I've needed to allow certain files types through the data filter. One annoying case was native Office 2007/2010 documents that end in x. What I did was add it to my file blocking profile with the action of ALERT. This is now letting them in. Sometimes I actually have a FQDN or IPs that I can use to allo...

gsvarney by L1 Bithead
  • 9755 Views
  • 6 replies
  • 0 Likes

4.0.9 to 4.1.6 - Issues to be aware of?

Are there any known issues to be aware of if I wanted to go from 4.0.9 to 4.1.6?We had an issue when we went from 4.0.9 to 4.0.11 where the dataplane on our PA-500 randomly rebooted several times and support's initial suggestion was to do a factory reset/restore of the box.I'd prefer not to do that if it's avoidable, so I figure there should be ...

Dual/HA IPsec tunnels with 2 ISPs ?

Hello,I have 2 PaloAltos, one is running on robust and redundant Corp internet ISP, another one on a remote location with 2 public ADSL (and miserable quality ofc !). My goal is to have a redundant IPsec link between the two PaloAltos :How would you achieve this ? I have several scenarios in mind:PA2 builds 2 tunnels (one from each ISP) all tim...

essnet by L4 Transporter
  • 2539 Views
  • 1 replies
  • 1 Likes

Resolved! Hotmail Categorization Weirdness

Hey folks,User reported MSN mail being blocked as phishing-and-other-frauds, but my Hotmail and her other MSN email accounts work fine. I investigated and found that the server:sn123w.snt123.mail.live.comIs being categorized by the PAN device as phishing-and-other-frauds, but other MSN servers are not, like this one:co105w.col105.mail.live.comw...

Negative lookahead regular expression not working

HiBit of an advanced regex feature, but I would like to set up a custom vulnerability signature to detect browsers (user-agent) that are not Internet Explorer. True, one could detect Firefox specifically, but there are so many different browsers in the wild that it is impossible to match them all.The regex I'm attempting therefore is: User-Agent...

SSL decryption and Http redirection

Hi,I am testing SSL decryption and it seems to work fine except when Http redirection is involved. E.g. when you try to connect to Https://gmail.com , google redirects you to https://www.google.com and it gives me a certificate error because of the hostname in the cert does (www.google.com in this case)not match with the hostname that you are c...

SLOW INTERNET

Hi GUys ,I`m deploying a PAN.Everything is OK , COnfiguration , URL Alerts , AV , AS everything on ALERT MODE.But my problem , after COnfigure a L3 INterface to receive IP via dhcp client from my ISP router , my connection with internet becomes very slow!I think the problem is on the PAN because when i rollback to my PF SENSE everything works go...

Thiago by L3 Networker
  • 5960 Views
  • 4 replies
  • 0 Likes

Antivirus Update Frequency

Is this specified anywhere?I can't seem to find where the antivirus update schedule is stated explictly.Or is it just part of the weekly content updates?

KGC by L3 Networker
  • 10337 Views
  • 7 replies
  • 0 Likes

HA Active/Active

Hi,Can anyone tell me if HA Active/Active on a PA-500 requires three links in total? As there are limited ports on the PA-500 this may cause an issue.Also, if this the case - is there any option on having an IPSEC VPN terminating on the passive firewall in an Active/Passive HA configuration (i suspect the answer to this is no).Andrew

singersit by Not applicable
  • 4606 Views
  • 4 replies
  • 0 Likes

Blocking traffic from another country

Hello,We have an Extranet server which sits on our DMZ... http and https are allowed through the firewall so that outside users can access the web app on that server. My server admin asked me if I can block all inbound traffic from China and Taiwan as he gets a ton of hack attempts coming from those countries. Our web app doesn't serve anybody...

dwoolley by L1 Bithead
  • 6444 Views
  • 5 replies
  • 0 Likes

Interesting RSS feeds or blogs?

I am curious as to what blogs, RSS feeeds and/or forums others follow regarding security/corporate level firewalls/etc.Side note: Unless I am missing something, the RSS feeds in PA support don't work.Thanks,Bob

BobW by L4 Transporter
  • 3736 Views
  • 1 replies
  • 2 Likes

Resolved! Cannot sync two machines in HA mode

Hi,Heres my case: Machine A and B was working in HA mode.Meanwhile their antivirus and threat licenses expired and we didnt renewed them. Both machines has valid and up-to-date URL filtering license.Machine B went dead after some power problems and no longer worked anymore.We replaced it with machine C. Registered Machine C on paloalto and insta...

Exchange Load Balancing

Hello,Basically the scenario is that we have one exchange server behind the firewall, external users are accessing this server usning a host name mapped by a service provider to two different Public IP's using DNS round robin,Is it possible to configure two NATing rules for the same single host (the server). This way what ever IP the host name i...

rsaber by L1 Bithead
  • 3750 Views
  • 3 replies
  • 0 Likes
  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks