This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4115 Views
  • 0 replies
  • 0 Likes

Trouble after upgrading to 4.1

I was currently running 4.0.5 on panorama and HA active passive 2050 cluster.The upgrade ran rather smoothly.has something changed for service declaration in 4.1?I define my addresses and custom services on the panorama which I sync to the HA cluster members after committing on the panorama.My policies are defined on the first cluster member whi...

Virtual balancing and PBF

Hi all,My client need to do Load Balancing in his wan interfaces, I did the next config, in PBF I put four policies, one for the two Internet segments asigned to the first and more faster output (TRUST to (1.0.0.1-126.255.255.254) & (128.0.0.1-192.255.255.254)) the first and second public segment. Other PBF (TRUST to (193.0.0.1-224.255.255.2...

p_marquez by Not applicable
  • 2268 Views
  • 1 replies
  • 0 Likes

Resolved! URL Content filtering Question - Netflix

Ok, don't shoot the messenger but I was asked to see if I could unblock the queue management area for Netflix but still block the streaming media part of it... We're using the URL filtering capabilities of the PA 2050 device and I have a policy defined that's based on an Active Directory user group to filter traffic. I'm not sure how I would g...

Emailing of CSV reports?

Currently my reports can only output in the default behavior offered - PDF's are sent automatically - however, some groups within the company that specifically manage risk want to add automation to the mitigation process - and doing that would be much easier if the reports could be emailed out in CSV format.Is it possible to email reports out of...

jsilvia by Not applicable
  • 4014 Views
  • 1 replies
  • 0 Likes

DHCP server -> conflict IP

HiI have a DHCP server enabled on one of my interfaces, but clients have problem getting IPs back - after reboot of windows machines it normally works, but this normally not an issue with other DHCP servers.Here is one message ->An error occurred while renewing interface Local Area Connection : The DHCP client has obtained an IP address that ...

FlexyZ by L3 Networker
  • 6397 Views
  • 4 replies
  • 0 Likes

Overlapping networks - NAT

Hi!I have another problem - this time with overlapping networks. Here is a picture:I'm the administrator of PA1. How can user from PC1 connect with PC2 ? I tried with destination and source nat on PA1 but i had to add routing to the destination translated address on PA1 ? How can I do that without adding this routing ? Is it possible ?RegardsP.

Resolved! App-ID block the whole category

Hi guys,i have several distinct classes of users, and whole categories of apps need to be blocked for several of these classes. Is there a way to block a whole application category, similar to the way we can block whole categories using the URL filter.I wish to block all games and proxy sites, there are 91 apps that are categorized as games or p...

bkandola by L0 Member
  • 2650 Views
  • 1 replies
  • 0 Likes

How to report traffic logs for a specific rule ?

Hello,I have defined several specific policies to allow traffic through my PA device.I have also created a rule that allow any traffic (at the end) to not impact current traffic.My idea is to be able to identify all traffic that flows through my device through this "allow any" rule and then create specific rules for legitimate traffic.I have a l...

ldormond by L3 Networker
  • 4147 Views
  • 5 replies
  • 0 Likes

Will SSL VPN work for Apple IPAD (or ios 5 devices)

Hello,I was told today by PANTAC that SSL VPN work for IPAD (or ios 5 devices) for PANOS 4.1 but I have not been able to find any documentation supporting this to present interanlly. Can someone confirm this and also provide any supporting documentation surrounding this?Thanks

Eone by Not applicable
  • 2929 Views
  • 1 replies
  • 0 Likes

NetConnect to Global Protect migration issue

Hello to everyone,I migrate my PAN 500 from 4.0.7 to 4.1.0, with previously configured SSL-VPN which was operational. After migrating to new FW, SSL-VPN migrated to Global Protect portal with all configured settings and with new GP client to end nodes, but new GP client can't connect to gateway. I troubleshoot a while and from client side (proto...

Tician by L3 Networker
  • 6234 Views
  • 7 replies
  • 0 Likes

Resolved! captive portal and blackberry enterprise server

BES server is a proxy for all users on phones, (they all come from the BES IP address on the LAN) what is the proper way to install captive portal or user identification so that we protect and identify users on the phone client end-points?

kkeeton by L2 Linker
  • 3195 Views
  • 2 replies
  • 0 Likes

terminal server agent and security policies

hi , i installed the terminal server agent on the ts machine and i also configured ldap on palo alto,and create a no-restriciton rule on top of the list.when i try to access to internet technically i must not be blocked,but when i blocked i also dn't see a user name on the browser,just saw the ip address of the terminal server.any suggest will b...

Application-default for dynamic protocol

Hello,How does the PA device work when we define a rule that allow an application that use dynamic ports and we specifiy the application-default service ?As an example, I have a rule that allow application "rmi-iiop" (Java remote method invocation (RMI) interface over the Internet Inter-Orb Protocol (IIOP)), which is a predifined application.Whe...

ldormond by L3 Networker
  • 3322 Views
  • 1 replies
  • 0 Likes

Upgraded to 4.1 Global Protect SSL VPN

Recently upgraded to 4.1 where SSL VPN is now incorporated with the Global Protect client. Is it possible to not use the Global Protect client and connect via SSL using the Java NetConnect client?

fbrown by Not applicable
  • 2249 Views
  • 1 replies
  • 0 Likes
  • 24335 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks