This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

Terminal Service Agent Support

Hi,I am looking for the list of supported terminal services for the user agent.I have the following servers:a. 2000 Servers running Terminal Services b. 2000 Servers running Presentation Server 4.5 c. 2008 Servers running XenApp6I know that the Windows terminal services is fine, but what about the Citrix ones?Are these supported and if not, what...

Protocol Migration from Checkpoint

Hello,We have some protocols defined on Checkpoint, and we are not able to traduce to PAN 4.0.FTP_mapped is defined as Protocol 6, match SRV_REDIRECT (21,0.0.0.0,21), set r_mhandlerHTTP_mapped is defined as Protocol 6, match SRV_REDIRECT (80,0.0.0.0,80)backweb is defined as Protocol 17, match Backweb_matchCould somebody help me?Thanks.

jvmartin by Not applicable
  • 2946 Views
  • 1 replies
  • 0 Likes

Routing Issues with Layer 3 Deployment

Hello all,I'm having issues with internet access on different subnets. I have attached a diagram on my network. The Server VLAN has Internet access but the rest somehow are not managing, I'm seeing the traffic in the logs but nothing seems to be working.I have tried various settings but somehow I'm missing it. Does anyone have any thoughts?

devere by L2 Linker
  • 14383 Views
  • 7 replies
  • 0 Likes

APP-ID for IPSec over UDP

Hello Community,the standard IPSec APP-ID did not handle complete IPSec-NAT-Traversal (UDP 4500) ...I've noticed that reestablishement of NAT-T is not detected successfully.This causes problems with temporary droped IPSec-Sessions.Any idea ?Regards,Christian

cmock by L1 Bithead
  • 2531 Views
  • 1 replies
  • 0 Likes

[botnet] some url filter out.

Hello all.on the firmware 4.0.1, we have botnet monitoring function here,but on the report, I can see some of normal url(false positive) that trigger the botnet module.like .."211.234.239.48/upload/notice/polling40_v.ipml"can you please tell me how I can filter out(exempt it) this URLs?other than 'count' value for the event?thank you very much.

bhlee by Not applicable
  • 3234 Views
  • 1 replies
  • 0 Likes

How to Manage External Users via UIA/PAN

If the organization has Users who are contractors/sub-contractors (deskless workers); how can you manage these Users via the PAN if they are not members of the Domain?Would AD deskless worker objects need to be created AD-side for them to be prompted by Captive Portal, or is there a workaround to this practice?Thanks,Rob

Pan OS 4.0.1 and searching

I've noticed that after updating to 4.0.1 when searching for user Traffic everyone keeps showing up. I am clicking the apply filter. Its also happening on the Threat, URL and Data Filtering.Is anyone else seeing this problem?We already have a support ticket open for the Dynamic updates "Application and Threats" issues.

HTTP Brute Force Attempt

I was contacted by a major government entity about an HTTP Brute Force attack/attempt coming from my institution. Their IDS triggered on a researcher in my organization attempting to login to one of their training websites. The user forgot their password. I only found out due to this user being only one in the PAN going to this website, howev...

rule shadows

I'm trying to clean up our rules, specifically the shadows. I've run in to one rule that is shadowing 6 others:- Rule 'rule208' shadows rule 'rule211'- Rule 'rule208' shadows rule 'rule212'- Rule 'rule208' shadows rule 'rule292'- Rule 'rule208' shadows rule 'rule296'- Rule 'rule208' shadows rule 'rule297'- Rule 'rule208' shadows rule 'rule293'R...

bhelman by L2 Linker
  • 2767 Views
  • 1 replies
  • 0 Likes

Resolved! Routing IP address range through firewall

As somewhat of a newby to PAN, I need to ask how do I go about passing an internal public IP range outbound through the firewall and NOT natting it. This certain range of addresses will only connect to one other public IP address (different, external network) but the other address needs to be able to see these internal IP 's for what they are a...

global Protect

Hi All,I tried to configure Global protect on my PA500. According to docuementation available on site, I configured Global Protect Cert Auth but If I try to create a Global Protect server cert signed by GP Cert auth, I have an error (Failed to generate certificate and key)someone can help ?Rgds

VinceM by L5 Sessionator
  • 3657 Views
  • 2 replies
  • 0 Likes

Resolved! Reach Management Interface via SSL-VPN

Hi all,I have a little problem, I've installed a PA-500 and configured SSL-VPN, it works fine, I can reach the internal network correctly but I can't reach the management Interface.This is the scenario:VPN Clients:IP: 10.31.31.10-10.31.31.254Management Interface:IP: 10.7.10.251Gateway: 10.7.10.3The gateway already knows the routes to reach 10.31...

triitech by L1 Bithead
  • 4182 Views
  • 3 replies
  • 0 Likes

youtube won't work with web-advertisements being blocked

Does anyone know how to get around this? We have enable web-advertisements to be blocked within our URL filering. When going to www.youtube.com and some other sites, the site is there but will not play content.Any ideas how to get the best of both worlds? Block web-ads but be able to use youtube?Thanks!

kamish by L3 Networker
  • 13636 Views
  • 13 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks