This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

Incomplete Packets after Service Applied

Hi There; For some sessions like availability monitors and other systems that make connections over a port that has the "service http or service-https" applied in a policy, these will fail unless you allow any service to the host or create an application override for the specific destination. This is beacuse most of these availability monitors ...

amansour by L4 Transporter
  • 3007 Views
  • 1 replies
  • 0 Likes

HSRP L2 Split Brain

Hi All; Thought I'd post this for anyone who has the PA going through a cisco HSRP L2 at the perimeter. Traffic is intermittent between the two firewalls if you leave the passvie device interface to "Auto" instead of "shutdown" in the passive state. You'll notice if you unplug or turn off the interface on the passive device that the packets are...

amansour by L4 Transporter
  • 4258 Views
  • 1 replies
  • 1 Likes

Can PA recognize user-id from AD using TAP-mode?

Hi All.I tested that PA with AD using TAP-mode.AD-agent, CLI at PA device could recognize users from Active-Directory. but Traffic logs, Threat logs, URL logs could not recognized user-id and session-browser showed user filed was unknown.I think that PA could not recognize user-id from AD using TAP-mode. is it right?Please answer about above.Tha...

ttongfly by L3 Networker
  • 4563 Views
  • 3 replies
  • 0 Likes

SSL decryption and Carbonite

SSL decryption seems to interfere with Carbonite. When the policy is enabled, the Carbonite client reports "waiting for connecton to carbonite pro backup server...". I assume I could add a rule to not touch anything in category "online-personal-storage", but I'd rather not just guess until I get it right.Has anyone had the same experience?Than...

Skype-Probe sessions increase dramtically when blocking skype

Hi All,Seem to be having a bit of a problem with skype-probe.I have a PA-500 in Vwire mode behind a PIX FW, the customer wishes to block Skype traffic.Observations:1. On the ACC the ammount of skype-probe traffic far exceedes any other traffic in terms of sessions2. The ammount of bytes of skype-probe traffic is roughly in relation to th...

Resolved! Create custom report for uploaded excel files

Hello,I would like to create a custom report that will list all the uploaded excel files from our internal network.From the 'Manage Custom Report' I am using the 'Data Filtering Log' Database to create the report but I cannot add a filtering expression for the file name e.g.(filename contains 'xls'). Is there a way to produce such a report?Kind ...

Resolved! Device-level configuration and "pre-staging" in Panorama?

Is there a way to pre-stage device level configurations within Panorama? I would like to build a virtual systems, virtual routers, security policy, etc. on a "dummy" object in Panorama, and then push these changes to a real firewall when I bring it online. Is this possible? This is something I am accustomed to doing in Check Point and other ve...

mgentile by L2 Linker
  • 2765 Views
  • 1 replies
  • 0 Likes

Error trying to unlock an admin

Under Authentication Profiles on Panorama 3.1.8 I noticed one of my admins is apparently locked. When I try to unlock by clicking on the link I get the error:vsys unexpected here locked-users unexpected here authentication unexpected here show unexpected here I can't even tell which admin is locked. The auth profile is for RADIUS-based RSA token...

KGC by L3 Networker
  • 2939 Views
  • 1 replies
  • 0 Likes

HTTPS browsing

I made a quite shocking discovery about PA and how it inspects SSL encrypted traffic. Please correct me if I'm wrong.1. To allow simple HTTPS web browsing traffic it isn't enough to allow "web-browsing" application in the policy, you must to allow "SSL" application as well, otherwise only HTTP browsing will work, but not HTTPS.2. All non-HTTP tr...

SimasK by Not applicable
  • 10068 Views
  • 9 replies
  • 0 Likes

Resolved! TCP Timeouts

If you work with firewalls long enough you will undoubtably run into this issue. I have a webserver in the DMZ that needs to talk to the database server on the inside. The connections need to be nailed up. In otherwords, I dont want the firewalls to close any connections that it feels may be idle as this causes errors in the aplpication.So, I cl...

jickfoo by Not applicable
  • 15027 Views
  • 8 replies
  • 0 Likes

Manually Remove PanAgent/NetConnect

Hello All,Seem I was bitten by the Java security update and a Win7 64bit OS during the installation of SSL-VPN NetConnect and PanAgent service. My computer will now no longer successfully connect to the PanAgent service and NetConnect hangs on establishing a connection. If I use Add Remove Programs to remove the application the PanAgent and PanI...

admin override an URL and set a cookie

Hello world,when using the "admin override" function, I thought that PA is seting a session cookie for the browser.Unfortunatly, it looks like, the PA is just storing the source IP.When using a proxy, all connections of the overriden page are from the same IP. Thus one guy having the right override password can enable access for *all* users of t...

botnet question

Hello team.on the firmware 4.0.1, we have botnet monitoring function.my question is to utilize the botnet feature, do I need to buy the URL filtering license and update it to up-to-date?thank youBH Lee

bhlee by Not applicable
  • 3056 Views
  • 2 replies
  • 0 Likes
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks