This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Resolved! FQDN with 80 characters not resolving in Address object

Hi All, I have a client running PAN OS 8.1.3 Panorama 9.1.3, that is trying to implement an Address object with an FQDN that is 80 characters long. When clicking the resolve button in the Address object GUI it does not resolve. When running the command 'request system fqdn show' or a ping to those domain's they do resolve in the CLI. All other F...

Ben-Price by L4 Transporter
  • 4231 Views
  • 2 replies
  • 0 Likes

Gmail, Me email not being allowed through on Mac Mail

Hi, I use gmail.com and me.com for email. when I used the web interface, no problem at all. But when I use my Mac (OS X 10.6.6) Mail client 4.4, however I for some reason or another the client cannot access these two email accounts it just times out. They are both configured for SSL using 993 so nothing unusual here. The PA is configured to allo...

djbisbey by Not applicable
  • 5075 Views
  • 3 replies
  • 0 Likes

Resolved! Exclude all Zoom traffic from GlobalProtect VPN

We have been trying to exclude all Zoom-related traffic from the GlobalProtect VPN tunnel. So far we have tried with: "*.zoom.us" exclusion configured directly on the GP gateway as a domain in:Network --> GlobalProtect --> Gateways --> GW NAME --> Agent --> CLient Settings --> Split tunnel --> Domain and Application But this...

MarcelST by L3 Networker
  • 71461 Views
  • 59 replies
  • 0 Likes

User-id agent secure connection using enterprise CA

We are using one user-id agent for four locations and want to use enterprise CA cert to resolve vulnerability detected on port 5007.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGFCA0 Have below queries :1. Can we generate CSR on firewall and signed the same on enterprise CA , how we can create root cert in this cas...

Deepak25 by L3 Networker
  • 3422 Views
  • 2 replies
  • 0 Likes

U-turn Nat between isolated networks

Hey Guys and Gals I am having an issue getting u-turn nat to work between two isolated networks on the same Palo. I am basically tiring to allow Interanal clients to access a webcam server in a IoT network. I think might issue might be that I need to add a Statement in my Virtual Route or a Policy Based Routing rule. Though the reality is that...

u-turn Nat.jpg
trees by L1 Bithead
  • 5939 Views
  • 3 replies
  • 1 Likes

Palo Alto multiple configuration for log forwarding

Hello, I am in the process of setting up a server for syslog relay to Azure Sentinel. Currently my Palo Alto systems forward their CEF logs to LogRythm. I am looking for a way to set up my Palo Alto to forward the same logs to the new syslog relay server. My question is does Palo Alto allow configuration for forwarding to multiple SiEMs at the s...

Ematek by L0 Member
  • 2172 Views
  • 1 replies
  • 0 Likes

Spotify and URL Filtering

Hello Spotify, besides being detected as a application, connects to certain URLs for information. What URLs are these? Id like to making a URL Filtering category so I can allow this traffic to pass. Thank you.

riahc3 by L1 Bithead
  • 3550 Views
  • 2 replies
  • 0 Likes

Anyone else have a ton of these?

URL filtering I keep seeing lots of clients for this URL: play.google.com/log?format=json&authuser=0 Anyone know what application can be causing this request from the client PC?

Block domains using EDL

Hi, We are doing test in order to block the domains using EDL but its not working. We are doing test with this domain: unrealengine.comThis is the config: The domain is added to the EDL domain list: The antispyware profile is created with the list: The security rule is also created: But we can still access to the web: any idea?

Minemeld1.JPG
Minemeld2.JPG
Minemeld3.JPG
Minemeld4.JPG
BigPalo by L4 Transporter
  • 4818 Views
  • 2 replies
  • 0 Likes

use of binaries in Global Protect

Hello I want to know if the binaries wa_3rd_party_host_32.exe and wa_3rd_party_host_64.exe are essential for use in Globlal Protect, and what service of Global Protect are use these.I see this articule:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNPRCA4&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FK...

BigPalo by L4 Transporter
  • 5929 Views
  • 1 replies
  • 0 Likes

Recommended ways to manage numerous firewall policies

For people who have many firewalls which have similar policy, what are good ways to manage these, say for example I want to add a particular rule from one zone to another, and the zones are identical across 80 firewalls. Am looking at using Device Group hierarchy but not sure of pitfalls or traps to avoid here.

Server management cannot be restarted

I cannot login to the web GUI, I receve error "Timed out while getting config lock. Please try again. ". I saw that it has to do with overloaded server managment plane so i tryed to restart it form CLI, ussing the comnad "debug software restart process management-server". The problem is that i get the same error in CLI "Server error : Timed out...

Resolved! Fortigate VIP Equivalent

Hello, I am working on a Fortigate to PA migration and I am trying to wrap my head around the equivalent of a Fortigate VIP (we used VIPs to go from public IPs to inside web servers) on a PA. Would I just create addresses for everything and then do the "virtual" piece with a NAT policy?Thanks for any input,MJF

Allow only Zoom for a subset of machines

I want to lock down Internet access for some machines to just allow them to use Zoom, but using the App-ID means I have to allow SSL and STUN too and I don't want that as that opens up a ton of other sites, Anyone have any suggestions? Maybe a URL filter allowing just the *zoom.us domain?

froche by L1 Bithead
  • 4908 Views
  • 2 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks