This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4253 Views
  • 0 replies
  • 0 Likes

Resolved! DHCP, AD and VLANS

We've just purchased our Palo Alto and are getting ready to configure. I just had a quick question on using AD.Currently we have HP Procurves connected to a Radius server and Active Directory running DHCP. We'd like to simply and take the Radius server out of the picture and use the Palo Alto to set up our vlans so that they are role based. DHCP...

amariano by Not applicable
  • 4782 Views
  • 3 replies
  • 0 Likes

Resolved! DHCP max number of clients

Hello world,My company is considering deploying a PA box to do some basic routing, NAT'ing, and other functions. One of those is dhcp. We'd like to use the PAN to serve up dhcp addresses for a number of VLAN's. What's the max number of clients that can get addresses from a PANOS box?Thanks,Mark J

markjx by Not applicable
  • 3886 Views
  • 3 replies
  • 0 Likes

FAIL OVER SWITCHs

Hi guys , i want to explain my problem.I have a 2 switches in fail over with link aggregate with 3 vlan`s. (LAN , SAN , Management)I have one PA-500.So How can i configure my PAN interfaces , when 1 switch fail , the 2 switch get all flow and my firewall need to answer my requests. PAN 500 is my Default gateway on my LAN , SAN , ManagementIn thi...

Thiago by L3 Networker
  • 4937 Views
  • 9 replies
  • 0 Likes

Resolved! Inconsistencies in Panorama?

Whether I am viewing the Security rules in Panorama or from the 2050, I noticed that the Security rules are listed on both the firewall and in Panorama. However, this is not he same for the Policy Based Forwarding rules. The Policy Based Forwarding rules are only seen from the 2050 and not from Panorama. Why is this so?

Resolved! Commit Failed (4.0.4)

Hello,Commit on our PA4050 Cluster running in Active-Passive mode on PANOS 4.0.4 is not working since today.We get the following messages :OperationCommitStatusCompletedResultFailedDetails device: config commit phase 1 abortedManagement server failed to send phase 1 to client pppoedManagement server failed to send phase 1 abort to client pppoed...

Duplem by L2 Linker
  • 9703 Views
  • 8 replies
  • 1 Likes

SSL Decryption and Spoofing

If I enable SSL decryption and the PAN effectively works as a "man-in-the middle", the client recieves a cert error saying the certificate has not been generated by the destination server. No problem, as I can add the PAN cert as a trusted cert in my organisation.However, how does the PAN protect from recieving a spoofed cert from the destinatio...

Facebook-chat not blocking for specific account!!

hello !I 'have seen on the same PC with the same windows user a strange problem:when a user is connected on his facebook, I can see in the log facebook-chat DENY and the chat is blockedwhen the same user is connected with an another facebook account , I can see in the log facebook-chat DENY but his chat works fine!!!!!( the facebook work in ht...

alle by L3 Networker
  • 5449 Views
  • 6 replies
  • 0 Likes

Resolved! Palo-Alto and Cisco WAAS

Hello,We are migrating to a Palo-Alto 4020 cluster from our PIX firewall cluster. I have a question regarding Cisco WAAS and WCCP v2 traffic. The front end router redirects to a Cisco WAE via WCCP services 61 and 62. Both WCCP and the WAE mark the original packet using the TCP options field and also change the packet sequence numbers.My question...

Dual ISP, PBF and DMZ

Hello.I have a specific question about certain situation. There is a customer with 2 ISPs, let's call them ISP1 and ISP2. Customer has a single PA device to which both ISPs are connected. Each ISP provides a block of public IP addresses which are routed to the PA device. With PBF we'll make a rule, which sets ISP1 as primary ISP and ISP2 as seco...

santonic by L6 Presenter
  • 8799 Views
  • 11 replies
  • 0 Likes

Maximum number of UserID Agents for 4.1.x ?

Whats the maximum number of UserID agents that can be configured to talk to the firewall ?ie. Will the firewall complain if we have 200+ userID agents configured to talk to it?I know each agent can monitor a maximum of 100 domain controllers.. but how many agents can the firewall monitor?

ucteam by Not applicable
  • 6878 Views
  • 10 replies
  • 0 Likes

static routes

HiI have 4 interfaces;eth1/1 = sub1 -> 10.10.1.1/24eth1/2 = sub2 -> 10.10.2/1/24eth1/3 = mpls -> 10.10.3/1/24eth1/8 = wan -> x.y.z.wdefault router on all interfacesbut now I need to route all 0.0.0.0/0 traffic from sub1 over the MPLS (10.10.3.10) and 0.0.0.0/0 on sub2 over the wan (x.y.z.w)sub2 still needs access to sub1 and sub2 to ...

FlexyZ by L3 Networker
  • 4525 Views
  • 6 replies
  • 0 Likes

Application-based DoS capabilities?

I am seeing several atempts by the same IP address utilizing t.120 to connect via port 3389 to the various Windows Servers that I have with external IP addresses (and, yes, some are actual Terminal Servers). I would love to be able to configure a threshold of denying this type of activity via the application with an activity threshold similar t...

mmartin by L1 Bithead
  • 3882 Views
  • 3 replies
  • 0 Likes

Resolved! Session Clearing

I have a PA-500 Firewall. I am trying to test some policies, however, when I add and remove users from groups, the Palo Alto isn't picking this up fast enough. Does anyone know the command line to clear out a session from the Palo Alto so it will re-check which group a user is in?Thanks!

kaysun by L1 Bithead
  • 4113 Views
  • 3 replies
  • 0 Likes
  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks