This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

IPSec Version

For audit purposes we neeed to know if paloalto is using IPSec version 3 or version 2?

Chana88 by L0 Member
  • 3597 Views
  • 3 replies
  • 0 Likes

Issue with correct FTP application detection

Hello Everyone! We have a pair of PA-5260 (Panos 9.1.4) between 2 security zones serving primarily the traffic to a file buffer.About 90% of the traffic is FTP with server side being a load balancer IP.With a small fraction of traffic we experience an issue where an absolutely standard acttive FTP data flow fails to be recognized by the PA as a...

New LIVE AMA event, LIVEcommunity Team Roundtable!

If you are curious to know more about how the LIVEcommunity works, have a chance to chat with community team members, or ask a non-technical question? Now’s your chance! The floor is open for all you burning questions now through June 24. The LIVEcommunity team will be answering all queries June 23–June 24. We can’t wait to connect with ...

ama-graphic.png
jdelio by L7 Applicator
  • 3162 Views
  • 1 replies
  • 4 Likes

Zone Protection CPS Calculations - Make ZERO sense

I have been collecting CPS (total, TCP, UDP, IP) via OIDs using PRTG for ~6 weeks. I have all the data I need (I think). However, the DoS Zone Protection best practice documentation leaves a LOT to be desired as it's not clear. If anyone has tried to setup zone protection (SYN, UDP, IP, etc.) flood protection, and understand HOW to actually ca...

link aggregation in a switched LAN environment.

Dear paloatonetwork live community I have the following question related the above topic what are the operation of link aggregation in a switched LAN environment. what are the Ether Channel technology will be used to create link aggregation. what are the Verification and troubleshoot commands to be used link aggregation switched LAN environment...

thought by L0 Member
  • 2121 Views
  • 1 replies
  • 0 Likes

Resolved! can I have multiple Def gateway IPs on single L3 interface?

I have a Layer3 interface on the firewall that is connected to a zone that hosts multiple subnets spread across the remote sites. I would like the firewall to block the intra-zone traffic in this. To do this, I will need to give the Firewall IP as the Def gateway. For e.g. Site A has 192.168.2.0/24 & site B has 192.168.4.0/24 , can I assign ...

Log Forwarding - are changes disruptive to PAN firewalls?

Hi Gang, We need to update our log forwarding to now include Syslog. Previously they were only uploading to Panorama. It was also previously shared but we will need to make it device group specific now as we have local syslog servers for local sites. I can't seem to see it on any documentation or simply overlooked it, apologies if so but... do c...

Ransomware Prevention / Detection / Response Resources

There are many articles, guides, and resources available across various Palo Alto Networks properties to guide users on how to best protect their organizations from ransomware. After spending some time to find many of them, I thought I would share with everyone. High level from what I could find there were a few high level recommendations from r...

KPawlak by L1 Bithead
  • 7236 Views
  • 2 replies
  • 2 Likes

Resolved! IPSec VPN with overlapping networks

To begin with I know the document Configuring IPSec VPN between overlapping networks.Due to my lack of experience still I am not able to understand how I should create the NAT rules.My objective is to configure the IPSec tunnel only on "my" side - one that will be accessed and should allow access to some servers in the 192.168.2.0/24 network. B...

SAML Captive Portal

Hi All,i'm trying to configure a SAML authentication for captive portal but when i'm trying to export metadata and selecting captivel portal i'm not able to export, it shows no option:if I try to type an address and click ok the file generated contains this:show -> sp-metadata -> authentication-portal unexpected hereshow -> sp-metadata ...

HygorPeixoto_0-1607522196574.png

Resolved! dhcp client class-id setting

Dear all,a potential FTTH provider requires a special option for the dhcp client in order to work.CISCO setting like:ip dhcp client class-id 100008,0001,Cisco,e02f.6d21.xxxx,15.3(1)T,FCZXXXXXXXXIs there any change to set the dhcp class-id for the dhcp client? I couldn't find anything in the manual.Regards,Andreas

Resolved! want to know options to disable GP connection

Temporary we want to disable test GP setup. Found below options :* Create deny rule for GP public ip.or* remove fqdn/ip of external gateway from GP Portal > AgentorDisable Tunnel mode , GP gateway > Agent > Tunnel Settings > Tunnel Mode Is there any other option to disallow GP connection ? what is the suitable ?

Deepak25 by L3 Networker
  • 3597 Views
  • 3 replies
  • 0 Likes

Resolved! Recommended Pan-OS version

I have a 5220 that I am using as core L3 segmentation router for my 500 user environment. Currently running 9.1.3 Pan-OS and What version of PAN-OS is recommended for this scenario. Is it generally advised to install the latest version posted on device-software check?

PaloAlto TAC support has gone missing

Opened a S2 (high) ticket at 11am ET this morning about panorama in High Availability in suspended mode after upgrading from 9.1.9 to 9.1.10. No response from TAC support after two hours. I called in and have been waiting for over an hour with no one from PAN support responding. This is outright bad. A lot of cases that I've opened with TAC s...

dtran by L4 Transporter
  • 6553 Views
  • 9 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks