This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4441 Views
  • 0 replies
  • 0 Likes

New 5220 non-functional state

New HA 5220 active-active and non-functional status.HA-1 and HA-2 cable attachedSet up box boxes direct mode and then created templates via PanoramaPanorama doesn't display to parameters defined in direct config statusHow to ensure configs are dumped into template correctly

Default MTU of 1496B in interfaces of VM platforms?

Dear community! We have couple of VMs deployed in MS hyper-v and I realized that all interfaces have a MTU of 1496 bytes even though no value was configured. Checked this with "show interface XXXX" command Shouldn´t the interfaces have MTU of 1500 bytes if no value is assigned or for VMs the MTU is different? Kind Regards!

Carracido by L4 Transporter
  • 3133 Views
  • 1 replies
  • 0 Likes

Simple policy not working?

Outbound communication to the following IP addresses must be allowed:- 64.58.49.24- 64.58.49.25- 64.58.49.26- 64.58.49.28- 64.58.51.56- 64.58.51.57- 64.58.51.58 text router will attempt to communicate with the above IP addresses over the following protocols and ports:- UDP 500- UDP 4500- IP Protocol 50 for ESP- ICMP SourceRule I have set up is Z...

Resolved! Internet video UDP-range - STUN?

Our HR uses Interview from Indeed https://interviews.indeed.com/demo/video/I've tried to open firewall ports with application STUN, service ANY.But that did not work (error message because of missing "network connection").For testing I've opened all ports for my user, that worked. So I knew it's the firewall.I've ended up with trial and error.At...

ChrisCon by L2 Linker
  • 4554 Views
  • 2 replies
  • 0 Likes

PA will not update malware signature from sample malware files (http://wildfire.paloaltonetworks.com/publicapi/test/apk)

the customer want to test pa wilfire feature .my test step:1: from http://wildfire.paloaltonetworks.com/publicapi/test/apk, download the sample malware.the traffice throught the pa2: when we can find the wildire log from firewall and theck the log report ,know the malware files sha256------------------------------------------------log: 33, ...

Felixcao by L3 Networker
  • 3762 Views
  • 4 replies
  • 0 Likes

Security Policy Rule application and service configuration

Hi All, I have an issue where, Panorama had some security policy rules that had the below configuration on them: “Any” is listed in combination with specific ports under services in a given rule“application-default” is listed in combination with specific ports under services in a given ruleThe Panorama was then upgraded from 9.0.11 to 9.1.0 and ...

Ben-Price by L4 Transporter
  • 2607 Views
  • 2 replies
  • 0 Likes

MS Update application being recognized as ssl

Hi ExpertsI'm looking for an assistance where ms-update is being recognized as ssl and getting denied. We've allowed the web-browsing and ssl to allow the dependency applications as well on the same rule. Port is being identified as TCP/8531 but the application is marked as ssl. Firewalls are running 9.1.6Any suggestions please. Thanks in advance.

Palo Alto SSH Vulnerabilities

Hi Team, We are finding the below vulnerabilities being detected on Palo Alto Management SSH service : CVE-2007-2768CVE-2004-1653CVE-2007-2243CVE-2016-2183 Kindly help us in resolving the above said vulnerabilities. Devices are running with the OS 8.0.16. Regards,Sethupathi M

DropBox - Most of traffic showing up as just web-browsing app-id?

Anyone else seeing an issue where DropBox traffic is mostly being identified as web-browsing? I had an existing rule that was permitting dropbox-base and dropbox-downloading and it recently stopped working. I see all my traffic being decrypted fine. and this is via the web browser, not the dropbox client. Running 9.1.7 with latest app-id content...

jgardner150_0-1627504918524.png

Resolved! Slow o365 downloads

Just deployed HA 3020s in APAC and users are complaining that downloading office 2016 is painful, slow and eventually times out. Having a hard time figuring out why though, logs in PA don't show anything dropping or getting denied and data filtering is set to alert. This wasn't an issue prior when using ASAs and the only change was moving from ...

drewdown by L4 Transporter
  • 15623 Views
  • 9 replies
  • 0 Likes

OSPF passive interfaces question

What is best practice to advertise connected networks on a single VR where you have OSPF running and neighboring on an Internal Firewall interface to router, and want to advertise multiple segmented/firewalled networks directly attached the same firewall?Is it best to mark the segmented networks as Passive ospf interfaces, and allow OSPF to adv...

Sec101 by L4 Transporter
  • 5321 Views
  • 3 replies
  • 0 Likes

Resolved! QOS_PHYSICALMEMORY_UTILIZATION = 86.63 from Palo Alto Management ip

We are getting below email alert from the firewall management ip 192.168.x.15 QOS_PHYSICALMEMORY_UTILIZATION = 86.63 from source 192.168.x.15 targeting Slot-0 Management Memory has crossed the major static threshold of >85.0 What these alert about? Is there any risk on the firewall? I am not able to find any specific article related to the is...

PankajDhobe_0-1627375254996.png

SSL Decryption: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY

Hi paloalto community, we're currently still testing ssl decryption and discovered a new error, which I can't google to find a solution. If we're visiting the following site, we get an "ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY" error. Site: https://www.1erforum.de/ See attached our configuration and ssl information without decryption enabled. Fir...

2020-01-13 11_42_30-pa-1.png
2020-01-13 11_42_39-pa-1.png
2020-01-13 11_42_56-Anhängerkupplung M240i _ M140i.png
2020-01-13 11_46_30-www.1erforum.de.png
mrkskhn by L1 Bithead
  • 65213 Views
  • 36 replies
  • 0 Likes

Doubt about multiple SAs in IPSEC tunnel

Hi, We have a tunnel working but looking in the logs we see many installed SAs. So we think it should be a SA for line in proxy ID. So why all these logs about "installed SA"? Any idea?

vpnjs.JPG
BigPalo by L4 Transporter
  • 2521 Views
  • 1 replies
  • 0 Likes
  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks