This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4106 Views
  • 0 replies
  • 0 Likes

CLI Location command not showing the location of the IP address

Today I found that Application and Thread ID 8559-7361 is incorrectly categorizing US IP address as if they were from China and therefore blocking all the traffic to these destinations. The only way to fix the issue was to revert back to version 8558-7356 from 4/18/22. While doing the test below I could see exactly the problem: What is the reaso...

JorgeOrtega_1-1650490814484.png
JorgeOrtega_2-1650490867494.png

Resolved! SSL decryption policy - strange behaviour

Hello guys, Recently I had a situation where Cisco Webex traffic was decrypted by policy - let's call them "URL_policy"'URL_policy" was set to decrypt traffic based on the categorization of URL likes: drugs, extremism, gambling, adult, malware, nudity, etc - nothing business-related for sure.Just after this policy was my "webex_do_not_decrypt" p...

S_Owoc by L1 Bithead
  • 7061 Views
  • 5 replies
  • 0 Likes

Port Forwarding/NAT Issues

I just set up my PA-200 and I'm trying to get my Plex server (on my LAN) to be accessible via WAN. I don't think I fully understand how NAT and security policies intertwine so I'm rather confused I'm able to get LAN traffic outbound, but for one reason or another, I can't seem to get either my NAT or security policies correct to allow traffic in...

wallbert by L0 Member
  • 4757 Views
  • 3 replies
  • 0 Likes

Resolved! Block known AD users from Guest LAN

We have two types of network. The internal LAN and guest LAN. These are two separated networksOn the internal LAN we have use other policies then the guest LAN. Our employees connect to the guest LAN to avoid the policies on the internal LAN. So I created a block rule on the guest LAN if the user = AD User.On the internal LAN we have an active ...

ZEBIT by L3 Networker
  • 3396 Views
  • 4 replies
  • 0 Likes

Resolved! POP3S question

Hi,Does anyone know how Palo Alto Networks handles POP3S? I checked the applipedia, and there is no individual application for it. It is also not a part of the POP3 application as far as I can tell. Any help you can provide is greatly appreciated.Thanks,Emma

Resolved! Palo Alto upgrade - disk space

Hi with respect to upgrading Palo Alto to new base/versions which filesystem folders shown below are most important so that you don't encounter disk space issues ? Thanks in advance.

PA disk space 190422.png

Palo Alto 440 - Concurrent Global Protect user limit issue

Hi Team, I know PA 440 support up to 1000 user & its the Max tunnel user limit, but we were unable to connect more than 250 users and got this error as "maximum user limit reached" then found that the tunnel limit is [0-250] in Global protect Gateway tunnel settings. I'm using PA 440 (PAN-OS 10.1.4), kindly let me know in which PAN-OS versio...

PaloAltoMV_0-1647057362565.png
PaloAltoMV_1-1647057467563.png
PaloAltoMV_2-1647057650629.png

Issue with Global protect VPN

We have one user who unable to connect to Global protect VPN after windows update, - We have tried installing different versions of Global protect -Issue is not with ISP as another person using the same network is able to connect on different machine - With this user machine, even my test id does not work, so not an issue with authentication On ...

0 (17).png

Psiphon application

Hello All,I have configured to block streaming-media and online-storage-and-backup category by URL filtering profile. Issue:- Users will connect to the Psiphon application and can access the blocking website.I tried the below option:-- Apply SSL forward proxy decryption with decryption profile to check block session with unsupported cipher suite...

Jafar_Hussain_0-1620028382551.png
Jafar_Hussain_1-1620028553107.png
Jafar_Hussain_2-1620028579058.png

How to prevent local overrides...

Admins authenticating to Panorama are using AD credentials. The same admin accounts are created on each managed firewall as Superusers. The issue we are having is with Admins committing changes as local overrides (unknowingly/accidentally). I am trying to prevent the admins from being able to commit a local override. I created a user as Super-Ad...

dotorg by L0 Member
  • 3342 Views
  • 1 replies
  • 0 Likes

Multicast required for Intrazone policy?

My understanding is the intrazone default policy allowed anything in a layer 3 vlan to talk to anything in that same vlan on any protocol. So if I have layer 3 vlan of 10.31.25.0/24 and host a is 10.31.25.148 and host b is 10.31.25.210. In theory everything is allowed between the two of them. Does that include Multicast? Note Multicast is NOT en...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks