This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

User-ID Agent odd outbound traffic patterns

All,We've noticed some strange traffic patterns coming from our Agent boxes and am curious why, and if others are seeing something similar... ?Looking in our Monitoring logs I see our two Agents sending data to:14.1.1.1914.2.1.1914.2.1.1Via SMB ports 135,137,139This appears to be something out of AustraliaWe're blocking this communication, and t...

steveo by L3 Networker
  • 4249 Views
  • 4 replies
  • 1 Likes

Negative experience from PA/PAN?

Of course there are no such thing as bugfree soft/hardware (perhaps with the exeption for that kernel which Gernot Heiser at Open Kernel Labs is involved in (http://www.etn.se/images/expert/Gernot_Heiser_OK_Labs.pdf) which is mathematical proven to be bugfree 😉 which then comes down to how the supportorganisation works to handle the customers a...

mikand by L6 Presenter
  • 6567 Views
  • 7 replies
  • 0 Likes

Skype requires 'unknown-tcp'

Why is 'unknown-tcp' an application dependency of Skype, is it possible to remove a dependency from a pre-defined application. Or do we have to setup an application overide?I don't really want to allow unknown-tcp 'apps' just to allow someone to use Skype. And if something is unknown how does the Firewall match on something which is unknown?...

JohnP by L1 Bithead
  • 7268 Views
  • 6 replies
  • 0 Likes

DHCP Relay not returning address from MS AD DHCP Server

We setup a DHCP relay to a MS 2008R2 DHCP server, server recieves the relay and passes a client address back to PA 2050 running 4.1.3, the address does not get passed through to client, logs show only thr DHCP request going out but nothing back, no blocks in logs, we know the address packet is being returned to the server side PALO NIC.we even o...

Possible solution to slow commit

Hi, regarding of the desperately slow commits in PA specially with a large number of rules and object. From our experiencie in other systems the rule shadow check is a very high CPU feature. It's sure that PA do a rule shadow and this it's in concordance with the fact that as much rules and objects you have more slow is the commit (more combina...

ssancho by L2 Linker
  • 16351 Views
  • 14 replies
  • 1 Likes

The people complain about slow commit

Whenever we make a PoC, Everybody complains about slow commit.As far as I know, the traffic is not effected during the commit.But people request faster commit First, How can we explain slow commit to people technically.Secondly, Is there any plan to improve commit process?Thanks.

Block file transfers in RDP connections?

Is the RDP application visibility granular in that we can figure the PAN to allow remote desktop connections but disable the mapping of local drives to prevent file transfer?

Nick1 by Not applicable
  • 5433 Views
  • 5 replies
  • 0 Likes

User ID dissappears

On the monitor window I can see that a large number of our users are showing their AD "user". However, when I filter by the IP, I am finding that a "user" will be associated with an IP and all of the sudden the "user" dissapears even though the traffic continues from that IP.After finding this issue, I increased the User id timout value to 36 h...

BobW by L4 Transporter
  • 2434 Views
  • 1 replies
  • 0 Likes

USE IDENTIFICATION WITH 100 PAN AGENT

Hello,I must use 100 PAN AGENT (limit of product) for a project. Someone have already test to use 100 pan-agent ( 25 by VSYS*5)?do you know if the Palo alto (PA5060) work fine with this number of pan-agent.regards,ALLE

alle by L3 Networker
  • 4190 Views
  • 5 replies
  • 0 Likes

PBR IN HARDWARE?

Hello!just a little question on PBR!PA4020 support PBR in HARDWARE? Which Limitation For PBR?thks,ALLE

alle by L3 Networker
  • 6307 Views
  • 10 replies
  • 0 Likes

Resolved! About non-syn-tcp option

Hello guys.As you know that PAN has got a option of session that non-syn-tcp.I have a question about non-syn-tcp.When reject non-SYN first packet was false (when non-syn-tcp was not dropeed) and non-syn-tcp session already establised throught PAN device If non-syn-tcp option were changed to true that makes drop session that established non-syn-t...

ttongfly by L3 Networker
  • 9656 Views
  • 2 replies
  • 1 Likes

Pros vs Cons with PAN?

I guess it would be a bit biased to ask for Pros vs Cons of PAN in the supportforum of PAN 🙂 but I recently stumbled upon an article (which I wish to share) regarding PAN which I think might be of interrest for most of us in this forum:http://www.cymbel.com/blog/a-response-to-stiennon-analysis-of-palo-alto-networks/Another link (or links) is fr...

mikand by L6 Presenter
  • 3132 Views
  • 1 replies
  • 0 Likes

Reports based on Specific Departments

Hi Guys,Is there any way on the Palo Alto Firewall and Panorama to generate a Custom Report based on Departments from an Active Directory.For example; me as a user Kal is a part of the Technical Department. Will it be possible to have a report on social networking activity for all the users under Technical Department rather than just Kal as a u...

User identification not working properly

Hi,we are facing the issue that the user identification is not working properly. I am running PAN OS 4.1.4 on a PA-200 device and User-ID-Agent 4.1.4-3 on a Windows 2008 R2 member server.The UI agent is connected to both the DCs (Windows 2003 servers) and our LAN address is entered in the list of configured networks.Everything shows "green" and ...

cschmi by Not applicable
  • 6365 Views
  • 7 replies
  • 0 Likes

Connecting a videoconference to PAN without using NAT

Hello All,I have this small question here that I hope can find answers or suggestions.Currently we have a videoconference unit that was connected to the internet via NATting in the PAN ? I am wondering if there is a way to make it non-nat by connecting it to one of the available free interface and make it appear as a internet facing unit. Any su...

mmxong by Not applicable
  • 2072 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks