This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

URL Categories vs URL Filtering

Multiple questions - Recently we've found that traffic not within a URL category specified in a rule is being allowed. The rule appears to be allowing the traffic as the session starts and ends with the action of allowed determined. Would using the same category within a URL filter differ than only having a category configured? It's my understan...

CBeaver by L0 Member
  • 11595 Views
  • 2 replies
  • 0 Likes

Resolved! Decryption issue

We have outbound decryption working but there are few sites that popup that donot work from time to time and have to add the to exceptions. I am trying to investigate a recently highlighted website and to learn how to troubleshoot this better. If I run this openssl command connection on the client is successful and wireshark output looks like th...

image.png
image.png
image.png
image.png
raji_toor by L4 Transporter
  • 6683 Views
  • 3 replies
  • 0 Likes

Resolved! QOS per device

Is there a way to limit /throttle qos per device? Outside of making a QOS rule per subnet or ip host? I know on some platforms there is a way you can limit every client to a max of 500kb/s per device. Is there any easy way to do this with the firewalls? I do see the below link, but that is more related to the entire subnet vs. per host lim...

Sec101 by L4 Transporter
  • 2375 Views
  • 1 replies
  • 0 Likes

Resolved! Migrate from PA-500 to PA-220

Hi All, We are planning to migrate from PA-500 to PA-220, and there are some concerns to verify. Here are our current versions. My concerns are, 1) How we can match the OS/Content versions with the new PA-220?2) What will be the migration procedure from PA-500 to PA-220?

KosalaBandara_0-1618979777307.png

Resolved! IPSec Tunnel with NAT configuration

Hello Experts, I am new to PA and trying to understand how below can be achieved. I am trying to set up IPSec tunnel between checkpoint and PA.Diag: I want to establish a IPSec tunnel between CP and PA. On PA side i have 172.16.0.0/24(inside zone) private IP range which i want to NAT to 10.172.0.0/24 and send it to CP side as intresting traffic....

nitesharbale_1-1630603596644.png
nitesharbale_2-1630603828134.png
nitesharbale_3-1630603878868.png
nitesharbale_4-1630603953461.png

App-ID for known services being blocked and not categorised as "ssl".

Hello,We have a Palo Alto running v9.0.9-h1 with an outbound to Internet rule which as follows: From: Internal NetworksTo: Internet ExternalApplication: ssl What we are trying to achieve is for the firewall to ensure that only SSL/TLS traffic is allowed outbound. The issue is that that the firewall categorises well-known services such as Salesfo...

Sean65 by L1 Bithead
  • 5930 Views
  • 5 replies
  • 0 Likes

Resolved! IPSEC vpn between cisco 2900 and PAN

Hi everyone, I'm trying to setup a route based IPSEC tunnel between my PAN 3020 and Cisco 2900 router. I'm getting a parameter mismatch on on the ipsec lifesize parameter and don't know how to fix it. The Cisco peer appears to be wanting a lifesize setting of 4608000KB but the PAN won't let you set it that high. I've tried setting it with the ...

epeeler by L2 Linker
  • 5610 Views
  • 3 replies
  • 0 Likes

Resolved! Warnings DNS Security

Hello team, I have cluster active-pasive PA-820 version 10.1.0 When I make a commit I recibe this alert " Warning: No Valid DNS Security License" Someone helps me? Regards

Alpalo_0-1631270781892.png
Alpalo by L4 Transporter
  • 4159 Views
  • 3 replies
  • 0 Likes

Resolved! Active directory OU as selection for users security policy

Hello allI am new in Palo Alto devices and PanOS, so here is my questions.Is there a way to select an active directory OU as a source user in a security policy?(Or something else to manage it)Working with Forcepoint they apply policies to a whole OU (and also users and groups) Thanks in advanced

High CPU on the management plane

I am running 9.1.10 on the PA-850. Last night, I replaced the User-Agent Server and pointed the PA-850 to the new UA server. After that, the CPU on the management goes up to 100% and stayed there until I had to reboot the PA-850. I attempted to restart the management server process but that didn't fix it either. After reboot, the CPU on the ...

dtran by L4 Transporter
  • 11740 Views
  • 3 replies
  • 0 Likes

Jio Meet application is not accessible

Hi Team, Today i came up with an issue that i am not able to access JIO Meet application. While i was checking the applipedia website the JIO app was not there.I came up with a solution to create a custom application. Yet not sure which ports are used. Is it possible to share the details so that i can create a custom application with it. ThanksV...

UID setup questions

All, setting up windows based uid agent, looks FW connected to it is fine, but which shows connecting to the DC server.From debug info, 09/08/21 22:05:08:082[Debug 355]: Event: type="server status" name="x.x.x.x" status="Connecting"09/08/21 22:05:08:082[Debug 123]: OpenEventLog failed for DC sin01dc(x.x.x.x) - The RPC server is unavailable. Why ...

AllanGao by L1 Bithead
  • 2324 Views
  • 1 replies
  • 0 Likes

Microsoft Radius Authentication with PA

Hi, I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options. Please advice as I am not sure if I am exporting ...

umar00o by L2 Linker
  • 7226 Views
  • 6 replies
  • 0 Likes

Radius Authentication Failure: Timeout

Issue: Authentication failure when using AD Account Log: Authentication Timeout to server Setup:PanOS Version: 10.1.1Panorama is not used NPS Installed on Windows Server 2016Radius Server Profile CreatedAuthentication Profile Created Admin Role CreatedLinked in SetupNPS Client and Policy Created( 25461 - uses created admin role, uses PAP) Teste...

X-Auth IPSEC tunnel for Mobile doesn't work

Hello there:Recently I enabled IPSEC and X-Auth for the GlobalProtect Gateway, hoping to let my mobile users could use remote IPSEC access VPN. But it didn't work as my iPhone kept showing "user authentication failed'. I am pretty sure the configs on both PAN and Mobile are correct. How I should troubleshoot this?I use Radius and 2FA for GlobalP...

FelixXia by L0 Member
  • 4146 Views
  • 3 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks