This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Resolved! Default Wire Policy Question

We're putting in a 4020 in Wire mode and to start I dont want to block anything. I just want traffic to pass through so I can gather stats. I am assuming my policy will be something like this:TRUST UNTRUST Any Any Any AcceptUNTRUST TRUST Any Any Any AcceptLook right ?Thanks,Justin

jhickey by L3 Networker
  • 3571 Views
  • 1 replies
  • 0 Likes

Resolved! Disable logging for specific users

Is it possible through rules to disable logging for specific users? We have a child protection devision in our police dept that uses peer-to-peer and bittorrent -- which makes our threat level sky rocket. Is there a way to prevent that traffic for those specific users from showing in ACC?

Regexp case sensitivity

I'm trying to create case insensitive regexp for data filtering, however couldn't find any standard regexp way which would work.Also when I tried to workaround and created following data pattern [Vv][Ii][Dd][Ii][Nn][Ii][Aa][Mn] (which is perfectly valid regexp in my opinion) I received data-object-patter-validation error.Any suggestions how to ...

SimasK by Not applicable
  • 4345 Views
  • 2 replies
  • 0 Likes

Scheduling PANOS command using ssh?

I'd like to have a command run on our PAN at a scheduled interval.I know this can't be done "on-box" but I should be able to schedule a job to connect to the PAN and run the command.I've been experimenting with plink and whilst I can make it connect and give me an interactive shell, I simply cannot get it to connect and then run the command I wa...

allow icmp type 3

Hello,How to configure policy to deny all icmp types, but only allow icmp type 3. Is it possible at all?Thanks!

ahtiakel by L1 Bithead
  • 3548 Views
  • 2 replies
  • 0 Likes

SSL VPN Problem

Hi All,I'm having teething problems with our SSL VPN client. The client installs fine on Win7-64 and XP. I've followed the recommendations for Win7-64 and the installation all seems fine. Everything works fine when establishing the tunnel. My policies and LDAP auth are working as I would expect. However, after a random time (usually no longer ...

PA cannot recognize a filename that base64 encoded from SMTP

HelloI checked PANOS 3.1.x that could recognize double bytes character for Korean language.When using file-blocking profile, PA could recognize a filename using 2 bytes character, Korean language, from web-browsing, kind of web-based-mail application. but PA wrote encoded string, that used by BASE64, from SMTP application.I know that SMTP have u...

ttongfly by L3 Networker
  • 3388 Views
  • 1 replies
  • 0 Likes

URL Filtering - Changes in 3.1.7?

I have a PAN that has been running 3.1.6 quite happily.We have an internal Exchange/OWA server so we have rule in place to allow inbound access to it, and the rule uses a URL filtering profile that allows only the IIS virtual directories needed to access the OWA services.Yesterday I upgraded to 3.1.7 and noticed this morning that immediately aft...

Captive Portal & 3.1.7

Hi, we upgraded to 3.1.7 on Monday, afterwhich our iphones and android devices failed to get through, it appeared they didn't even close as there was no evidence on the logs. Today I rolled back to 3.1.6 and the captive portal worked again. Anyone else had this, anyone aware of a bug or a change in how CP works?thanksDarren

djbisbey by Not applicable
  • 2643 Views
  • 2 replies
  • 0 Likes

PA4050/Panorama Log Archive Strategy help

We have one of our new PA4050s running in TAP mode listening to our datacentre firewalls (the firewalls they will replace - these are ASFs running Checkpoint FW1). We are also running Panorama on test machine in our testlab. The PA4050s are logging locally obviously and we're auto archiving off every day the threat, URL & traffic logs to an ...

fmd by L3 Networker
  • 5789 Views
  • 6 replies
  • 0 Likes

About regular expression at data filter for Korea SSN

Hello.I was able to test function of data-filter for credit card number and social security number. so I created custom signature of data patterns for Korea social security number but I could not apply custom data pattern as a data filter.PA box said "Constraints(data-object-pattern-validator) failed for regex. pattern must be at least 7 bytes" ...

ttongfly by L3 Networker
  • 2487 Views
  • 1 replies
  • 0 Likes

Resolved! Is it possible to limit concurrent session per source IP?

Hello,I have a PAN-2050 installed in vitual wire reaching max concurrent session (262143) and discarding sessions in peak hours unable to create new sessions. I would like to know if it is possible to configure or create a rule to limit the max concurrent session per source IP. Or maybe per appication.I couldn´t find information abour that in A...

Port Scan/Host Sweep settings...

What is everyone using for their Port Scan/Host Sweep settings in the Zone Protection profile?Mine are at...TCP Port Scan5 secs800 eventsUDP Port Scan5 secs800 eventsHost Sweep2 secs200 events...I may have to fine tune it some more to lower the amount of "false readings".

jambulo by L4 Transporter
  • 5299 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks