This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

virus siganture fine control

Hello all.I’d like to fine control about virus signature. Is it possible??if virus AAA comes into network through HTTP, i'd like to trigger with alert.(HTTP is a block as default. and i set a default rule.)but virus BBB also comes into network through HTTP, i'd like to block.Please let me know the best practice of reach my goal, if it is imposs...

willstech by L3 Networker
  • 2886 Views
  • 3 replies
  • 0 Likes

PAN OS 4.0.x speed issue on PA-500, PA-2020

Hi All,Recently, i tested the PAN OS 4.0.3 on PA-500, PA-2020.. It seems like the commit speed, loading speed, open tab speed ,configuration & etc is very slow. But when use back PAN 3.1.x , the speed is back to normal speed.Again I test the PAN 4.0.3 firmware on PA-4000 series and PA-5000 series, the speed for job mention above is very fast...

samsk by Not applicable
  • 3398 Views
  • 3 replies
  • 0 Likes

Mac Mail, GMail and vulnerability CVE-2004-2501

On a PA 2020 running 4.03, the threat log is filled with clients triggering alerts for MailEnable IMAP Server Long Tag anomaly (CVE-2004-2501), rated "high".They are all in fact Mac Mail clients trying to talk IMAP to GMail servers on port 993. On the face of it they must all be false positives. SSL decryption is being used. Could anyone give an...

Why IPS throughput is 1/2 than firewall throughput?

I'm looking for explanation about why some appliances has IPS throughput that is a half than firewall throughput (for instance 4050), and why 4020 has 2 Gb of throuhput in both fields. As I understand this is not that Palo Alto with IPS feature activate has half throughput than another without threat prevention but I have not the exact explanati...

ssancho by L2 Linker
  • 6841 Views
  • 3 replies
  • 0 Likes

Monitor interfaces/subinterfaces with SNMP

Is there a timeline when this feature request will be available? This can very be helpful for many of us with tools like cacti or other similar RRD tools to monitor bandwidth usage across a particular interface.

threat prevention throughput with aggregate interfaces

Currently we have a 1 gig pipe to the internet, we will be upgrading our internet pipe to 10 gig capability in the next month. We will be aggregating several interfaces to accommodate the additional bandwidth requirements. Basically going from a 1 gig interface to port-channelling to a 2-gig interface. If we turn on Threat Prevention on this ...

dessaudj by Not applicable
  • 2653 Views
  • 1 replies
  • 0 Likes

Panorama Utilization Spikes

Hello,Is there a scheduled process that runs every 15 minutes on Pano? CPU and memory spike at same timeframe every 15 minutes. The CPU spike is quick - while the memory spike jumps - and then takes some time to release the memory usage. Running 4.0.3. Did not notice this during the 3.x code - and only just noticed the other day (been on 4.x ...

MGoodnow by L4 Transporter
  • 4774 Views
  • 2 replies
  • 0 Likes

How to shutdown a PA-4020

We need to shutdown a PA-4020 on 3.1.5 for relocation. "request restart system" no longer works. Does anyone know the new command line command? Thanks

Effectivenes of DOS protection

Hi, will appreciate the comments of the PAN community about the efectivenes of the DOS protection features of Palo Alto. Are there DOS attacks that can't be mitigated by Palo Alto ?ThksMario

Resolved! Packet flow question

Hi everybody,Device: PA-500Software: 3.1.7we have a problem with our vpn tunnels. The tunnels are up and running,but when I try to connect or ping a system over the tunnel we are getting timeouts.To figure out what happens, I did a packet flow all and a packet capture and here I get an entry which I can not explain."L2 broadcast cannot be forwar...

indevis by L2 Linker
  • 6383 Views
  • 6 replies
  • 0 Likes

Resolved! VPN Password Length

Hello All,I noticed that there is a password length limitation when using the VPN page. Can this be increased to something like 40 characters to support longer OTP characters?Thanks,Will

ausit by Not applicable
  • 3129 Views
  • 1 replies
  • 0 Likes

Resolved! NetConnect Certificates

I'm looking for a bit of info on how the NetConnect client uses certificates.I have a VPN endpoint configured on my PAN firewall which is configured to use a GoDaddy Wildcard SSL certificate. When I connect to the web portal the installed certificate is valid and recognised by the browser.When a user authenticates and the NetConnect client start...

ethiSEC by L2 Linker
  • 2835 Views
  • 1 replies
  • 0 Likes

Firewall fails with "APT-HTTP/1.3" in useragent string, like ubuntu do during update

user@unix:~/kannweg> wget -d -U"nonsense APT-HTTP/1.3" www.dackel.defails allways with2011-06-16 13:44:16 FEHLER 503: Service Unavailable.user@unix:~/kannweg> wget -d -U"nonsense APT-HTTP1.3" www.dackel.deworks.There is no log entry of this in any firewall log.Seems to be an intolerance of the Palo Alto firewall to "APT-HTTP/1.3".

mhuels by L3 Networker
  • 2293 Views
  • 1 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks