This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4250 Views
  • 0 replies
  • 0 Likes

Resolved! policy based forwarding to proxy

We use ntlm (CP) to authenticate our users against the PA.We want any http traffic forwarded to a proxy. The proxy would have http access to the internet through the PA. I was thinking of using a policy based forwarding rule to forward service-http to the proxy. Similar to how e.g. a Cisco router can intercept http traffic and forward it to a pr...

dieter_b by L4 Transporter
  • 8249 Views
  • 4 replies
  • 0 Likes

Skype only zone configuration...

Hi!I am trying to setup a zone with Skype only configuration with the following "Application Group":skypeskype-probeweb-browsingThe end result is that Skype voice works fine; however, Add Contacts feature in Skype doesn't work.I am testing with the 5.8.0.158 version of Skype under Windows 7.Thx!- john

gebis_it by Not applicable
  • 3885 Views
  • 4 replies
  • 0 Likes

File Uploads to Wildfire

I have seen another thread on this issue in the KnowledgePoint database; however, there was no resolution or answer to the question. I have setup the Wildfire configuration on all of my PA500's per the documentation provided. When matching the file blocking rule I can see it in the Monitor interface for the file with a "forward" action, but it...

Steven by L1 Bithead
  • 4640 Views
  • 4 replies
  • 0 Likes

Anybody successfully used 4.1.3 for direct AD group enumeration?

Just logged a support ticket recently regarding the direct group enumeration in PA 4.1.3 on a PA-5K .It seemed that the firewall was only returning the first 1000 AD objects.. which is a default limit defined by the "MaxPageSize" variable in Active Directory.LDAP clients making queries that exceed 1000 results will usually utilise the paging con...

ucteam by Not applicable
  • 2340 Views
  • 1 replies
  • 0 Likes

Resolved! show config running xpath syntax

Hello,I try to figure out the correct sytax for the xpath option of the show config running CLI-command (running PAN-OS 3.0.6).? says:+ xpath xpath of the node to retrievebut every way I tried to describe the node I want gives me a "Invalid syntax".

PAkeeper by L0 Member
  • 11863 Views
  • 5 replies
  • 0 Likes

Bittorent session identification

On PA-500 with PAN-OS 4.0.7, I have seen a session on dashboard-top application-last hour, but in corresponding ACC and in Monitor Traffic Log I don't find a record session. There is any reason ? Thanks

lauro7 by L0 Member
  • 4252 Views
  • 5 replies
  • 0 Likes

After migration from Checkpoint, any tips?

All,We recently migrated from Checkpoint to PANOS (via the conversion tool) and so far things are looking pretty good. The next step of our project is to convert port based rules to app type rules and I wanted to get some feedback, tips, etc from others that have done the same thing..We have about 550 security rules and would love to be able to ...

steveo by L3 Networker
  • 5675 Views
  • 4 replies
  • 0 Likes

Service Objects and multiple ports

I have the need to create a rule with three applications, ncp, ms-update and ssl. Two of those applications use their standard ports - ncp (524) and ms-update (80 & 443). The ssl application uses port 13000 - not the standard 443.If I create a single service object using ports 542,80,443,13000 and use this service object in the rule, can a...

UID Agent Not Recognizing Docked Laptops

Last week we depolyed a PA500 for the first time and are seeing an issue with certain computers. The issue is affecting some users who have laptops and are using them on a docking station. When they are docked the computer essentially has two NICs connected (wired and wireless). The issue arrises when the Agent server only recognizes one of t...

polgarm by Not applicable
  • 3917 Views
  • 2 replies
  • 0 Likes

Resolved! Cannot import certificates

HelloI know the instruction how to convert the SubCA certificate from an MS CAthe pem files are OKbut I can't import them into the PA, with 4.1.4Te PA starts Uploadding but nothing happensThe WebGUI keep showing the upload process for over 5 minThe same as well with Panorama on 4.1.4I tested as well the pfx format, didn't work eitherI didn't hav...

Increased Data Plane CPU Utilization in 4.1.4?

We recently upgraded our PA-4020s from 4.0.9 to 4.1.4 a few weeks ago. However, since the upgrade, we have noticed a 20-25% increase in our data plane CPU. We usually averaged around 40% during business hours, but lately it has increased to 60-65%. We have not made any major changes to the configuration. Palo Alto support has informed us tha...

sham by Not applicable
  • 2890 Views
  • 3 replies
  • 0 Likes

CLI command for LDAP status in 4.1.4

Hi,I am trying to setup a server profile for LDAP in PAN OS 4.1.4Unfortunatelly I only see some groups of users but not the individual users themself.Running the command "show users ldap-server" is not available in 4.1.4.Attached is a screenshot of the current configuration. Is that okay so far?What is the way to identify where the problem is?Th...

cschmi by Not applicable
  • 15312 Views
  • 16 replies
  • 0 Likes

Resolved! Is there a way to copy partial configs?

If I had a cisco, I could copy/paste partial configs between devices, is there away to do this with the PA?I have some tunnels that need to get built across several firewalls, but I dont want to go to each one.

erantanen by Not applicable
  • 3338 Views
  • 2 replies
  • 0 Likes

Resolved! DHCP, AD and VLANS

We've just purchased our Palo Alto and are getting ready to configure. I just had a quick question on using AD.Currently we have HP Procurves connected to a Radius server and Active Directory running DHCP. We'd like to simply and take the Radius server out of the picture and use the Palo Alto to set up our vlans so that they are role based. DHCP...

amariano by Not applicable
  • 4776 Views
  • 3 replies
  • 0 Likes

Resolved! DHCP max number of clients

Hello world,My company is considering deploying a PA box to do some basic routing, NAT'ing, and other functions. One of those is dhcp. We'd like to use the PAN to serve up dhcp addresses for a number of VLAN's. What's the max number of clients that can get addresses from a PANOS box?Thanks,Mark J

markjx by Not applicable
  • 3880 Views
  • 3 replies
  • 0 Likes
  • 24360 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks