This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

PA cannot recognize a filename that base64 encoded from SMTP

HelloI checked PANOS 3.1.x that could recognize double bytes character for Korean language.When using file-blocking profile, PA could recognize a filename using 2 bytes character, Korean language, from web-browsing, kind of web-based-mail application. but PA wrote encoded string, that used by BASE64, from SMTP application.I know that SMTP have u...

ttongfly by L3 Networker
  • 3423 Views
  • 1 replies
  • 0 Likes

URL Filtering - Changes in 3.1.7?

I have a PAN that has been running 3.1.6 quite happily.We have an internal Exchange/OWA server so we have rule in place to allow inbound access to it, and the rule uses a URL filtering profile that allows only the IIS virtual directories needed to access the OWA services.Yesterday I upgraded to 3.1.7 and noticed this morning that immediately aft...

Captive Portal & 3.1.7

Hi, we upgraded to 3.1.7 on Monday, afterwhich our iphones and android devices failed to get through, it appeared they didn't even close as there was no evidence on the logs. Today I rolled back to 3.1.6 and the captive portal worked again. Anyone else had this, anyone aware of a bug or a change in how CP works?thanksDarren

djbisbey by Not applicable
  • 2671 Views
  • 2 replies
  • 0 Likes

PA4050/Panorama Log Archive Strategy help

We have one of our new PA4050s running in TAP mode listening to our datacentre firewalls (the firewalls they will replace - these are ASFs running Checkpoint FW1). We are also running Panorama on test machine in our testlab. The PA4050s are logging locally obviously and we're auto archiving off every day the threat, URL & traffic logs to an ...

fmd by L3 Networker
  • 5859 Views
  • 6 replies
  • 0 Likes

About regular expression at data filter for Korea SSN

Hello.I was able to test function of data-filter for credit card number and social security number. so I created custom signature of data patterns for Korea social security number but I could not apply custom data pattern as a data filter.PA box said "Constraints(data-object-pattern-validator) failed for regex. pattern must be at least 7 bytes" ...

ttongfly by L3 Networker
  • 2517 Views
  • 1 replies
  • 0 Likes

Resolved! Is it possible to limit concurrent session per source IP?

Hello,I have a PAN-2050 installed in vitual wire reaching max concurrent session (262143) and discarding sessions in peak hours unable to create new sessions. I would like to know if it is possible to configure or create a rule to limit the max concurrent session per source IP. Or maybe per appication.I couldn´t find information abour that in A...

Port Scan/Host Sweep settings...

What is everyone using for their Port Scan/Host Sweep settings in the Zone Protection profile?Mine are at...TCP Port Scan5 secs800 eventsUDP Port Scan5 secs800 eventsHost Sweep2 secs200 events...I may have to fine tune it some more to lower the amount of "false readings".

jambulo by L4 Transporter
  • 5353 Views
  • 1 replies
  • 0 Likes

Users With Two LDAP Accounts

Hi All,Our domain administrators have two Active Directory user acounts; a standard 'username' for normal day-to-day tasks, and a 'username_a' for administrative work. Occasionally, PA will pick up the '_a' account when checking group access instead of the standard account. Thes two accounts are permissioned differemtly with restricted access ...

sclarke by L0 Member
  • 2215 Views
  • 1 replies
  • 0 Likes

How to configure Captive Portal NTLM auth?

I have a customer who has AD and is using the UserAgent sucessfully.However, many users are not always logged in, or are using corporate hardware, so aren't logged in.I want to configure Captive Portal for non-logged in users that uses NTLM to authenticate users from the AD.I've found a few KnowledgePoint articles that come close (using RADIUS),...

User-ID Detection fails after install a second Terminal Server Agent

After installing 10 terminal server agents and 1 PAN-agent on a PA-2050 the appliance cannot connect to any agent.admin@mi2-pan2> show user pan-agent statisticsName IP Address Port Vsys State Users Grps IPs Activity Cnts Link Speed------------------------------------------------------------------...

mhuels by L3 Networker
  • 4482 Views
  • 5 replies
  • 0 Likes

Resolved! Multiple categories in Brightcloud

I've come across a few websites, when I run the URL in Brightcloud, can contain anywhere from 2 to 5 categories.When a URL has multiple categories in Brightcloud, which one does Palo Alto Networks choose?Here is a good example.www.coffeed.com (coffee Forum)Under PAN it shows up asSex EducationUnder brightcloud it shows up asSex Education ...

Deploying SSL decryption with Public CA

I am trying to figure out how to deploy SSL decryption. I have it working in a test environment using an in house CA and by importing the cert. into my browser. As we have Firefox users and can't export the Trusted Root CA with a GPO, I am looking for an alternative. As a CA beginner, I am struggling with some of the concepts.If a buy a cert for...

IPSec Tunnel to Windows Server

I have learned, PAN will only build route based and not policy based IPSec tunnels.We need encrypted communication between several Windows Server 2008 systems in the outback and a lot of them in the central office. Till now, we build a site-to-site VPN between the windows server (with the included "extended firewall") and a central Checkpoint sy...

mhuels by L3 Networker
  • 7784 Views
  • 8 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks