This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4108 Views
  • 0 replies
  • 0 Likes

wildcard fqdn for destination in security policy. FQDN for  abc*.def.com

Team , I have a question about something that I guess is not possible to configure but will like to confirm if possible . My client want to allow Internal NW 10.0.0.0/8 to FQDN abc1.def.com port HTTPS , this is normal and I have a few of this rules already implemented. Now the question is , is possible to create a FQDN for abc*.def.com?, a wil...

Resolved! Captive Portal w/2FA in Azure

Hi All -Hopefully I make this clear. What I'm looking to do is set up Captive Portal with a push notification in Azure AD. I can't seem to find any documentation around this, can someone give me the general steps or point me to existing documentation? Thanks in advance.

Specific Action change on Individual Signature

Hi Experts,We've configured a Vulnerability profile with the Action of Default. For the Windows Print night mare vulnerability (Version ID: 8424, signature ID:91333) and the CVE ID: CVE-2021-1675 I see the default action is marked as 'Alert' which will allow the traffic.I am trying to change the action of an specific Vulnerability signature from...

URL filtering

I have one query it is necessary to add a URL Category to add in URL Filtering Profile or I can add a separate URL category in the Security policy without adding any URL filtering Profile.for example, I Create a URL Category name test which having some testing site then after I create a Policy to LAN (INSIDE) to WAN (OUTSIDE) add some users and ...

Web Activity Monitoring for BYOD School

Hello All... We are looking for a solution for a medium sized private school (k -12) to track users web activity. We'd want to be able to go back a week or so..nothing crazy. But would love to be able to get a report on a site\url and see what user visited that site and when. And of course, vice versa-- seek out a particular user and see what ...

Bind 2 separate IPSEC tunnels to separate ISPs

I am trying to setup a separate IPSEC tunnel to a new ISP while keeping the rest on the old ISP. I am doing this as a test. My issue is lack of connection. The message I get from the logs is that it try's the connection then I get another saying its deleting possible stale. Is there something I am missing? Both the IKE and Crypto are setup...

VPN Ipsec SitetoSite DynDNS

Good afternoon everyone, a question, is it possible to set up a Site-to-Site VPN between two sites with Dynamica IP, but that have each their FQDN with DynDns services.Example:Site 1: FQDN: mysite1.dynalias.net ( DynDNS )Site 2: FQDN: mysite2.dynalias.net ( DynDNS )Please can you help me and confirm exactly if this configuration is supported. Bo...

Metgatz by L4 Transporter
  • 4759 Views
  • 3 replies
  • 0 Likes

Resolved! VPN TWO Interconnected Sites Public IP DHCP ( DynDNS )

Good afternoon, I have some doubts regarding a configuration: Scenario: I have two sites that I have to configure with Site-to-Site VPN. Both sites have dynamic public IPs. In both of them DynDNS services are configured and operating. The sites with dynamic public IP, if in both sites I have Dynamic Public IP ( DHCP - DynDNS )In the "Local IP Ad...

None_Ip_Dhcp.JPG
Metgatz by L4 Transporter
  • 4478 Views
  • 3 replies
  • 0 Likes

Resolved! System logs stalling same time every day

On our PA3050 the system logs stall each day at 04:01 and then starts again at 20:00I have verified this happens in both GUI and CLINo scheduled jobs correlate with the timing of the logs stopping then startingI have checked show system logdb-quota and everything looks fineI have checked show system disk-space and we're fine on disk spaceI have ...

PatScott by L1 Bithead
  • 4710 Views
  • 3 replies
  • 0 Likes

The source port was natted to multiple source ports while the packets leaving the FW

Hello everyone The NAT type we are using is "Dynamic IP and Port", the Palo Alto Networks firewall translates the source IP address or range to a single IP address. for this conversion, when the packets arriving the FW, we can see the source port is all the same But while the packets leaving the FW, the source port was natted to multiple ports T...

DongQu_1-1625733192489.png
DongQu_0-1625733419236.png
DongQu by L2 Linker
  • 6507 Views
  • 5 replies
  • 0 Likes

log forwarding to CDL is generating high traffic volume

Dear community! We are sending logs to cortex data lake and we noticed high traffic volume for the sessions concerning log forwarding, with peaks up to 200GB of data sent. Do you know if this volume of traffic can be normal?Also, is there any documentation on how logs are being sent to CDL or how would you troubleshoot this issue? Thank you in ...

Carracido by L4 Transporter
  • 4543 Views
  • 5 replies
  • 0 Likes

VPN Site-to-Site FQDN peer ( Dyndns )

VPN Site-to-Site FQDN peer ( Dyndns ) Good afternoon, I am trying to set up a site to Site VPN using as PEER FQDN myvpnsite2.dynalias.net ( DynDNS ).Should I also use the Local and Peer identification parameters and settings or it is not necessary?Although the IP is dynamic ( IN BOTH SITES ), I am referencing the peer with a DYNDNS FQDN. Please...

FQDN_Dyndns.JPG
Metgatz by L4 Transporter
  • 4639 Views
  • 2 replies
  • 0 Likes

SIP Traffic - End Reason Resources Unavailable

We seem to have a lot of SIP traffic that is reporting a Session End Reason of "resources-unavailable". This traffic is hitting rules that don't even match. Please refer to attached screen capture. What could be the reason? Thanks for your assistance,

VPN Site-to-Site and Global Protect - DynDNS IP WAN DHCP

Hello, good afternoon everyone, I hope you are very well.I have a couple of questions, I hope you can clarify and help me. 1.- Is it feasible to create a Site-to-Site tunnel between two sites with DYNAMIC IP ? Example using DYNDNS, in both sites, is it feasible to set up a tunnel between these two sites, both with Dynamical IP ? 2.- Is it possib...

Metgatz by L4 Transporter
  • 3366 Views
  • 4 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks