This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4464 Views
  • 0 replies
  • 0 Likes

More than one Syslog server - performance

Hi all,does anyone know how the configuration of more than one Syslog server in Syslog profile (to send Traffic and Threat logs) impact the performance of a PAN 2020 device?I need to send traffic and threat logs to a SIEM and a Syslog server at the same time.I saw I can configure up to 4 syslog server in the Log Profile and then add the Forwardi...

reports based on users groups ( Panorama )

Hi,can anyone confirm this is not supported yet with Panorama ?:I would like to create reports based on user groups with Panorama. I know you can achieve this with a single unit , but i don't think this will work with Panorama. We are even not able to select user/groups within security policies with the Panorama context.Best Regards,Bart

OCDBE by L2 Linker
  • 2714 Views
  • 1 replies
  • 0 Likes

Split Tunnel

I have noticed that when I connect to the SSL VPN the Split tunnelling restriction I have in place doesn't seem to be working any longer. I recently upgraded from 3.1.6 to 3.1.8. I also upgraded my laptop client to NetConnect 1.3. When the VPN is connected and I go to www.whatismyip.com, I don't see my FW external interface address anymore but...

Resolved! block geo location

in the palo alto I have geo location data, when will I be able to write rules baised on this geolocation data?deny any traffic source or dest to canada for example

kkeeton by L2 Linker
  • 5522 Views
  • 5 replies
  • 0 Likes

Resolved! How many Terminal Server Agents supports the PAN?

Hi everybody,I saw in the "TS_agent_install" PDF following sentence "The PAN device currently supports up to 50 TS agents." (page 5)Now my problem, one of our customers is near by this limit!So, can anyone tell me if there is an upgrade in the next release!Kind regardsChristian

indevis by L2 Linker
  • 4151 Views
  • 3 replies
  • 0 Likes

Logging of blocked HTTP traffic

All,We have a proxy environment where LAN users requesting Internet sites have to go through the proxy. Our proxy is on the LAN side of the PaloAlto so that traffic goes from User->Proxy->PaloAlto->Internet. There is a rule on the PaloAlto that blocks any HTTP(S) traffic that hits the firewall if it doesnt come from the Proxy IP address...

Exchange 2010 CAS in the DMZ

Aside from being not supported by Microsoft, has anyone placed an Exchange 2010 CAS server in a DMZ? It looks like the reasoning behind it was because you'd have to punch so many holes in the firewall, it wasn't worth it. But since the PAN has a little more flexibility, I wouldn't think it would be a problem.

mharding by L4 Transporter
  • 4101 Views
  • 3 replies
  • 0 Likes

Result - Stuck in PENDING

Hi,I have an antivirus download schedule and install job, but it seems PA FW isstuck in the Download action. Sine 2 days I have the same result as below.Enqueued ID Type Status Result Completed--------------------------------------------------------------------------22:00:10 2 Downld ACT PEND ...

ta185020 by Not applicable
  • 4305 Views
  • 2 replies
  • 0 Likes

Safari Security Errors

I have suddenly started getting security certificate errors while using Safari. I am not using a Captive Portal and have no certificates on the PAN, however the certificate errors always point back to a self-signed certificate by the PAN. I am attaching a screen cap as an example, however please note that the ip #'s it lists vary and they are ...

Resolved! Problem Creating Rule for IKE Traffic

I think it's my phase II re-key traffic being dropped. I tried to set up a rule source untrust with a specific IP, dest untrust with my Firewall's IP, application IPSEC, service application default, Action Allow.It never gets hit and my udp/500 traffic gets dropped by my clean-up rule.I am brand new to Palo Alto and probably don't fully understa...

rmagowan by Not applicable
  • 3592 Views
  • 2 replies
  • 0 Likes

Conficker DNS Request Question

So we have some conficker infections here where I work. The problem is that the PA sits at the edge, so all I see are Conficker DNS Requests that get proxied through our internal DNS Server to the Internet. I guess there is no way that PA can see what IP the original request came from ?Any creative thoughts on how to do this ? What I've been doi...

jhickey by L3 Networker
  • 2786 Views
  • 2 replies
  • 0 Likes

ipv6 interface

Hi, I can't assign an IPv6 address to a L3 interface of a PA-500 in 3.1. But I can add IPv6 addresses to the objects DB, and there is a 'IPv6 firewalling' flag in the general device configuration. Has anyone played with IPv6 on a PA? Is there any limitation?Thanks

Resolved! Security Rule order

Lets say I have rules set up like this...First rule uses a URL Filtering Profile on just port 80/443, and another rule below it that uses the Antivirus and Spyware profile also on just port 80/443. If the first rule allows traffic through, will that traffic be checked by the next rule down(Antivirus/Spyware profile)?? Or is it, once the rule al...

jambulo by L4 Transporter
  • 6444 Views
  • 7 replies
  • 0 Likes

Resolved! User Agent timeout and expiration timer

Hello,I have configured Age-out timeout to 720min and configured "<enable-full-expire>1</enable-full-expire>" on config.xml.There is the way to check the timer for a particular users to check how last for expiration ?If I restart the PAN-Agent services, does the timer for users will be set to 720min or they will continue as no restar...

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks