This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4141 Views
  • 0 replies
  • 0 Likes

Resolved! Web filtering only license/Idle time outs.

I have 2 PA-500 inline for web filtering only. We are having an idle timeout problem with none url traffic and have determined the issue is with the PA's. I have seen posts on this issue that relate to firewall functionality that I am not using. Does anyone know where/how to address this issue on the PA's? Thanks

rthimble by Not applicable
  • 2863 Views
  • 3 replies
  • 0 Likes

SSL VPN Security

All,I have the SSL VPN setup and working. All my remote users have access to the internal resources they need. The time has now come to add a vendor to access their specific internal server. So, I will create an user on the PA in the Local DB and configure the VPN to allow them to connect. My question is, once they connect and authenticate, ...

tohoken by Not applicable
  • 2011 Views
  • 1 replies
  • 0 Likes

URL Logs to Panorama

Is it possible to forward URL fliter logs to Panorama?Panorama version 4.0.5PAN firewall version 4.0.5We are seeing the URL categories in the ACC but no logs.

jcostello by L4 Transporter
  • 2636 Views
  • 2 replies
  • 0 Likes

QOS Interfaces

Hi,I was wondering if anyone can tell me if there is a limit to the number of 'Clear Text Traffic - to QOS Profile' mappings you can create under the advanced options within a new QOS Interface? PANOS 4.0.2.I want to setup a couple of QOS profiles, then tie these both to an egress interface depending on Source Subnet. I have about 400 subnets th...

brownn by L0 Member
  • 6293 Views
  • 6 replies
  • 0 Likes

HA - Link Monitoring

Hi,I´m testing the HA configuration of our firewalls and experience unexpected behavior.If both HA members experience link down errors, we want the appliance with the most active links to be active.In the "PAN-OS HA - Understanding PAN-OS HA states, timers and loops" document I found this:"If both the active and passive devices experience multip...

asieber by Not applicable
  • 4867 Views
  • 4 replies
  • 0 Likes

Applipedia - search by port number?

Does anyone know if it's possible to search for an application by port number instead of name, to see if you can find a match?I have some connections using an application that shows a known - and recognised - PORT number when I run a packet capture, vis-a-vis12:49:53.009216 IP (tos 0x0, ttl 128, id 47750, offset 0, flags [none], proto: UDP (17),...

dagibbs by L4 Transporter
  • 3950 Views
  • 3 replies
  • 0 Likes

FTP over HTTP

Hello,I need to block FTP communication - however, I do not want to block downloads that come through a browser - which can utilizes FTP over HTTP. Would this configuration theoretically work? Curious if anyone has made that work - before I get into testing mode.Rule1 - any/any - FTP Application - HTTP Service/Port80 - ALLOWRule2 - any/any - FT...

MGoodnow by L4 Transporter
  • 9051 Views
  • 8 replies
  • 0 Likes

Reporting for management..

I'm having some troubles coming up with a clean report that will tell my employer the highest number of concurrent users on the PAN each day... Anybody write one? Trying to filter out the nonsense seems to be the problem. I just need to see "at X PM xx users were connected and surfing".

kazjak by Not applicable
  • 2135 Views
  • 1 replies
  • 0 Likes

Resolved! Firewall Roll back interface lights go away

Hi All; I have a pretty big problem with a PA500.1) Commit times are 4-5 minutes. Though other PA500s we have commit in roughly 30 seconds to a minute. Could this be a hardware problem? It's only running demo traffic.2) When trying to roll back from version 4.0.5 to 3.1.10 it has an autocomit job that fails, restarts and fails in an infinite lo...

amansour by L4 Transporter
  • 3075 Views
  • 2 replies
  • 0 Likes

Captive Portal as a AUP accept page for internet access?

Hi All,Could I use the Captive Portal, as a way of displaying an Acceptable Use Policy ( AUP ) that users must accept, before gaininginternet access?To make this as seemless as possible, is it also possible to not have to require the entering of username/password combination, as the user would have already been authenticated by User-ID?

KatanaNZ by L3 Networker
  • 3400 Views
  • 2 replies
  • 0 Likes

Resolved! Extract SSL VPN MSI in 4.0

I see there's a document for extracting the SSL VPN MSI installer for 3.1 and earlier code: https://live.paloaltonetworks.com/docs/DOC-1398Is the procedure the same for 4.0?

pflanagan by Not applicable
  • 2587 Views
  • 1 replies
  • 0 Likes

Resolved! Signature Review/Modification

I tried searching through the discussions but didn't see anything regarding this. Is it possible to see what the actual threats are matching on? Essentially what their signature is so I can make a more accurate analysis of the validity. For example, Scripts/Win32.Rsrc.o is classified as a Medium severity virus threat. The description is simply "...

No user names in the PA appliance

Still no user names in the PA appliance. from PAN-Agent debug:[skipped]2011 09 21 16:55:16, AddEntryUnknownTableSafe 192.168.207.1002011 09 21 16:55:16, User Enumeration, IP: 192.168.207.100, Username: MERVIN$, Domain: companyname2011 09 21 16:55:16, User Enumeration, IP: 192.168.207.100, Username: __vmware_user__, Domain: MERVIN2011 09 21 16:55...

goldandy by L2 Linker
  • 2585 Views
  • 2 replies
  • 0 Likes

Resolved! Generating reports with user display name ..

Hi ,currently am using the pan-agent for integrating with active-directory and the integration is fine, the issue is it only displays the username NOT the display name where it could affect the reports .for example username : sales_1 --> display name : John ... in the reports it will show sales_1 not john, so is there a way to override this i...

Multiple External Interfaces

Hello,I have a pan 4020 that will be replacing multiple firewalls. The internet side of the firewall has a /25 network. I have a corporate network that has an external interface of x.x.x.2/25 in the Internet zone and a guest wireless network that has an external address of x.x.x.3/25 in the Internet zone. The corporate network has an internal ...

  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks