This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4258 Views
  • 0 replies
  • 0 Likes

VeriSign VIP Authentication Service

Does PAN OS 3.1.2 support VeriSign's VIP Authentication Service for the SSL VPN connection? We are looking at setting up two-factor authentication for our VPN clients.http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html

mharding by L4 Transporter
  • 3423 Views
  • 2 replies
  • 0 Likes

Communication Problem between Lan and DMZ

Hi, We have PAN 500 device with us..deployed in L3 mode.Lan and DMZ communication is happening only if i have NAT rule in place with the destination zone and interface mentioned (but no natting be done)between them.Do we really require a NAT rule in place for achieving this.I guess this doesn't require.We have tested with all OS and models.Anyon...

Missing data in TRAFFIC logs

HiPANOS ver: 3.0.5Device: PA-2020Exported traffic logs contains information about which protocol is used, however if the protocol is ICMP the type and code is not displayed. I a specific case im looking at right now both application and protocol is icmp which makes it hard to know if its a echo request or something else...

u2521 by Not applicable
  • 2778 Views
  • 1 replies
  • 0 Likes

Missing fields in URL log

HiPANOS ver: 3.0.5Device: PA-2020Did some exports of the sublogtype: URL and got the following columns/fields:Domain,Receive Time,Serial #,Type,Threat/Content Type,Config Version,Generate Time,Source address,Destination address,NAT Source IP,NAT Destination IP,Rule,Source User,Destination User,Application,Virtual System,Source Zone,Destination Z...

u2521 by Not applicable
  • 3055 Views
  • 1 replies
  • 0 Likes

Resolved! .com and .net sometimes blocked as spam?

Running 3.1.2 and have quite a few instances in our PAN log where for some reason a URL (not noticed a pattern other than the URL preceding the problem URL is typically really damned long and some sort of query/search) is blocked and all that shows on the block page or in the PAN logs is ".com/" or ".net/", the category is typically spam-urls.Wh...

Resolved! SSL Decryption Fails: sec_error_reused_issuer_and_serial

In the newest PA-OS 3.1.2 seems to be a problem with the Proxy-Certificate.If browsing with Firefox, you get "Errocode: sec_error_reused_issuer_and_serial" on all HTTPS-Sites, if you have implented the proxy certificate in the certificat store (and if not, you can surf without problems after click on "ignore security warning"). With Opera, SSL-C...

mhuels by L3 Networker
  • 6428 Views
  • 6 replies
  • 0 Likes

Access into the panorama database

Hi All,What access is there, if any, into the database within panorama, for a prospect that is using an automated response/ticketing system?We would want to be able to periodically query the database, for example to extract out infected workstations, and notify the appropriate people within the organisation.

KatanaNZ by L3 Networker
  • 3861 Views
  • 2 replies
  • 0 Likes

DNS Zone Tranfers not working through PA

Hello,I have a PA in front of a DNS server and since the date we installed the PA, the DNS zone Transfers to the remote site is not working.The remote DNS admin stated that there are timeouts and that the firewall should allow fragmented packets to pass through.Any idea on what could be the issue on PAN side?thanksVinesh

vinesh by L2 Linker
  • 3494 Views
  • 1 replies
  • 0 Likes

Custom Reports - Incorrect Dates

Hello,We are currently running 3.1.1 Panorama code. Are there any known issues with creating custom reports and the output shows dates in the future? For instance if we create a report and choose a custom date selection (last 2 weeks for example). The report will come back with data showing dates several days in the future (as well as the orgi...

MGoodnow by L4 Transporter
  • 4795 Views
  • 4 replies
  • 0 Likes

RADIUS (not Active Directory) and Allow List

Hi, I'm configuring a RADIUS different than Active Directory, I use Radius users for SSL-VPN and GUI and all works fine but always I've to add manually the Radius user to Allow List in Authentication Profile, is there any way to avoid this. If I've to add users in Palo ALto then I don't need Radius.Thank you in advanceSamuel

internet load balancing

Hi,Our customer has existing Sonic wall TZ210 , they confiugred Load balaning between internet links. 90% of traffics are going through the primary link & 10% ie, defined traffic from few computers are going through the secondary link.Now we want to configure the similar load balancing or load sharing stuffs in PA500 box.we tried it but we c...

Block msn-file-transfer security rule in VWire mode

Hi All,I configured my PA2020 to block msn-file-transfer from any any but it doesn't work. I checked Monitor traffic log already show "Deny" on msn-file-transfer. However, it is successful to transfer a file in msn in my test lab. Below is my rule set of firewall in simple1. any any msn-file-transfer deny2. any any any allowThanks a lot!Johnny

Resolved! 3.1.1 and captive portal

Hi,I upgraded my pan to 3.1.1 version and I never find these commands:"debug captive-portal"tail mp-log captive-portalAfter the upgrade the radius authentication doesn't functionany suggestions?thanks

Resolved! BrightCloud - are they having issues?

Seems lots of URLs are being flagged up that appear to be in totally the wrong categories.These are URLs that all have no link/commonality whatsoever and that worked perfectly yesterday but today are in categories such as spam-url and cult and occult when they clearly aren't.

  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks