This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4141 Views
  • 0 replies
  • 0 Likes

UserID Exclude Not Working

Hi,I have a problem where the 'User ID Exclude List' setting within the Zone setup on a Palo is not working.I have set my UserID agents to collect events from all IP addresses, then want to filter them on the PA itself as this seems the most logical sequence. I initially only added the objects to the 'Include' list that I wanted to collect ID's...

apackard by L4 Transporter
  • 2845 Views
  • 3 replies
  • 0 Likes

2050 running high dataplane CPU

Our PA-2050 is consistently running at 70-85% on the dataplane CPU despite running at 1/5 of the advertised maximum specs (40-40k sessions and 100-110mbps). I understand that the specs listed are best case scenario and don't expect to get close but I do expect better performance than what I am getting. It could be that our device is just wonky s...

Lopes by Not applicable
  • 4311 Views
  • 4 replies
  • 0 Likes

User-ID on incoming connections

So, we are currently using the user-id agent to monitor our CAS exchange servers. This is working great for identifiying our internal users hitting exchange from the inside. However I would like to begin identifying users that are accessing the CAS servers from the outside. I have tested this with a single IP address range added to the user-ID a...

Resolved! CLI equivalent of GUI task

Is there a way to determine the CLI equivalent of a command/task done within the management GUI?For example, with PAN 4.1.2, what is the CLI equivalent of the GUI when you import a pkcs12 format certficate?thanks, Jeff

Jeff_K by L2 Linker
  • 4066 Views
  • 4 replies
  • 0 Likes

IPSec Tunnel QoS

I have a PA-2050 running 4.0.7. I have an IPSec tunnel that runs between 2 sites (one is a Palo, the other is ??)I would like to guarantee some level of bandwidth available for this tunnel, to ensure that it gets a level of priority at least over basic web and streaming traffic.I'm confused about how to assign this priority.Here's what I've done...

Resolved! Using PBF To Split Services Between ISP's

I have a need to split the traffic going to and coming from my Exchange server based on service. Currently I have both SMTP and 443 traffic coming into and going out of the same ISP (we'll call it A). ISP A is also the default for all incoming and outgoing traffic. I want to split this to have SMTP traffic coming and going through ISP B and leav...

Is HTTPs traffic correctly rdirected in PANOS 4.0.8?

Hello,We have an issue with captive portal not correctly redirecting https traffic. The https traffic is sometimes allowed without redirection to the captive portal, and sometimes dropped, without any logs, the only way to see the issue is to make paket capture.The captive portal is configured in redirect mode.Any idea please?regard's.

asia by L3 Networker
  • 2666 Views
  • 1 replies
  • 0 Likes

filter ssh v1

HiI have a request to filter in the firewall ssh v1. Is there any way to identify and filter ssh v1? can the firewall identify ssh v2 some way?

Nested Palo Alto Object Groups

Hi,Does anyone know if there are any recommendations on the use of nested groupings within PA policies - specifically the PA objects?In terms of maintaining 'easy to read' policies I wanted to make use of nesting to keep the policies simple, which will mean using nesting up to around 3 tiers - see following random example:-Win2k8_Server_DC -- in...

apackard by L4 Transporter
  • 4077 Views
  • 2 replies
  • 0 Likes

Creating Reports on Panorama

Hi,Whene creating reports within Panorama, and whene choosing database for the report what is the diffrence between panorama database such as "panorama traffic log" and the other databases such as "traffic log".Regards.

asia by L3 Networker
  • 2908 Views
  • 2 replies
  • 0 Likes

Problems with Aggregate Ethernet in HA configuration

Hi all,i'm setting up two PA 5020 in Active/Passive HA and I'm having some problems with Aggregate interfaces. I'm using 4 ethernet interfaces per device:ae.1 - trust zone (two physical ethernet interfaces)ae.2 - untrust zone (two physical ethernet interfaces)The device is operating in L3 mode with static routes. If I use a single device, all wo...

Resolved! PA blocks sites that sites use for content delivery

We have a very strict policy for some computers that only get access to specific sites. However under this model sites such as Wellsfargo use a third party to host their content and data, which then gets blocked as well until we add it to the allow list. Any way to allow these linked sites to get through without being blocked?

TCP Ports

Any one know how to add the ports into this firewall. I have a dmz server that I need ot add ports on the firewall to reach it.ThanksFrank

Resolved! Virtual systems and Panorama

I'm looking at managing multiple virtual firewalls in the same physical firewall with Panorama and I am wondering if you can have two zones with the same zone name assigned to two virtual systems? I understand that all the devices in a Panorama device group must have the same zone names.

Jinx by L1 Bithead
  • 2346 Views
  • 1 replies
  • 0 Likes
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks