This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4442 Views
  • 0 replies
  • 0 Likes

Resolved! A customer has a question about the pa-5220 they are using.

1. Customers want to use nat. How many ips can be assigned to snat and dnat respectively?https://www.paloaltonetworks.com/products/product-comparison?chosen=pa-5220,pa-3260According to the address above, pa-5220 can use up to 6000 nat rules, I wonder if this is correct.2. Customers want to use snat and dnat in the same band. At this time, I want...

No packet capture files are generated on pa-3060 that customers are using.

Hello.I have been contacted by a customer that there is a problem with packet capture.I know that executing a packet capture command triggers packet capture, and generating a pcap file containing captured packets is generated when the traffic you want to check is generated.However, looking at the attached screenshot, the customer executed the pa...

capture01.PNG

Resolved! PAN-OS GP SSL Cipher Selection

PAN-OS 8.1 seems to lack the capability to perform fine-grained configuration of cipher suite selection and prioritization for GlobalProtect VPN functions. I ran a fairly detailed SSL functionality assessment on a configured TLS v1.2-only GP gateway and found that RSA encryption-based ciphers are selected by default by all simulated clients. Thi...

Resolved! MS Autodiscover Flaw - Vulnerability

Hi All, A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers Domains that we need to block are listed here: https://github.com/guardicore/labs_campaigns/blob/84d8423335bf72ea078b5286db647580fb7f6a58/Autod...

Qui by L2 Linker
  • 5236 Views
  • 4 replies
  • 0 Likes

Resolved! Template Variable IPv6

Hi All,Does anyone know how to configure an IPv6 address as a template variable? As soon as I put a : in the CSV it throws a fit when importing it.Thanks,Kev

KevinJB by L1 Bithead
  • 3208 Views
  • 2 replies
  • 0 Likes

Resolved! Where to Write Security Policies with a Site-to-Site VPN

Hello,We have a pair of 3200s on our main site, and have added an 820 at a remote site to bring up an IPSec tunnel between the two.When I initially set the remote site up, I decided to have all the security policies controlling what access the remote site would have to the main site on the 820 side. I could see arguments for doing it on either e...

Does NAT64 works for inbound NAT

Currently we have configured inbound NAT for DMZ application which is on ipv4. Public ip used for it is ipv4.Due to some requirement client from outside network will be coming from ipv6 public ip to access the application. In this case our nat is not working. We have found NAT64 feature in below doc , but given example is for outbound NAT. http...

Deepak25 by L3 Networker
  • 5800 Views
  • 3 replies
  • 0 Likes

Is my firewall hacked already ?

I have a PA3020 with 7.0.5-h2 PAN-os version. I noticed that it have a lot of DNS traffic sent to strange IP address. when I running show system resources command. I found strange process nginx and two syslog-ng there. Is it normal, how to get rid of them ? 2797 nobody 20 0 53388 5712 3344 S 0.0 0.1 8:19.70 nginx6804 nobody 20 0 107m 12m 6472...

banny6 by L1 Bithead
  • 4841 Views
  • 5 replies
  • 0 Likes

Something aking to | sort | uniq -c | sort -nr

Like the title says, is there a way to run a filter for a period of time, pull out a list of IPs, sort them, remove the duplicates with a count, and sort them by most popular?This is a common omegle thing to do with syslog data, say you have a very permissive rule and you want to see what source IPs are being used by that rule. You could awk pri...

Jack45 by L1 Bithead
  • 2569 Views
  • 1 replies
  • 0 Likes

Allow redirect URL with decrytion on.

Hey guys one of my customer I not able to access the Redirecting URL's This Error display (err_http2_inadequate_transport_security)I checked the logs the traffic URL shows alert but the decryption is done.We are able to Access the URL without decryption. Created a specific decryption policy in which it enables the Strip ALPN. and we are able to...

  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks