This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4474 Views
  • 0 replies
  • 0 Likes

Minemeld - Intune

Hi Can anyone advise if we can use the O365 feeds to incorporate Intune access? Looking at the O365 external lists that the firewall is retrieving from Minemeld, they doesn't seem to cover all the URLs / IPs required for Intune managed device access (as defined in the Microsoft doc). Kind regards Terry

sequence numbers in log forwarging is becoming out of sync

Dear community! From time to time one of our firewalls stops forwarding logs to Panorama. We stop/start the log forwarding process as suggested in this link:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0 We are the reasons that could cause the Panorama to lose track of the sequence number of the logs being forw...

Carracido by L4 Transporter
  • 3331 Views
  • 2 replies
  • 0 Likes

Workflow LDAP Server profile

Hi Expert , I would like to know when we have multiple-AD-Server on the same domain or multi-forest I would like to know on LDAP-profile when config all server such as limit of 4 server list it will connect all server available list concurrent or following sequence object on LDAP-profile Please suggest me Thank

Resolved! Save named config

I am fairly new to Palo Alto so please forgive me for asking dumb question. With respect to backing up config before upgrade, if I save it as 'mybackup.xml' and something goes wrong with upgrade and I import it back in to restore, does the Palo Alto replace the running-config.xml file with my 'mybackup.xml' automatically ? Also what is the diff...

application any not actually "any"

I have a simple virtual wire installation here, just testing policies. I have a policy that is:source: insidedestination: outsideapplication: anyservice: application default I attempted to connect to gmail through Outlook with IMAP and was being blocked. Logs showed application of "insufficient-data" and "incomplete" with session end reason "t...

2021-06-29 11_24_11-fw1.png
GMTPaul by L1 Bithead
  • 5704 Views
  • 7 replies
  • 0 Likes

Bandwidth limiting - QoS - multiple networks

Good afternoon, please support, I need to configure and limit the bandwidth of the Internet output of a pair of networks coming from a LAN Trust interface. -Interface 1/1 is the outgoing WAN interface to the Internet.-The segments 10.79.25.0/24 and 10.79.26.0/24 come from the Trust interface, LAN 1/13.-Internet access must be limited by securing...

Metgatz by L4 Transporter
  • 4356 Views
  • 3 replies
  • 0 Likes

DH - VPN

Hi , How can I allow multiple Diffie-Hellman (DH) group in IKE & IPSec profile while creating a VPN

hanuman by L0 Member
  • 3143 Views
  • 4 replies
  • 0 Likes

"export to CSV" - limit

What is the maximum limit on the number of lines to return? can it be increased?want to know what they do during siesta? see for yourself on the spanish porno tube https://pornogratisaqu.com/

ducuxawi by L0 Member
  • 2047 Views
  • 1 replies
  • 0 Likes

Resolved! Can I use CA Root Certificate for Debrypting SSL Traffic?

Hello, I want o start setting using Decryption Policy, to Decrypt & Intercept SSL (443) traffic from users when connecting to Internet. I am wondering, can I use one of the well known Certificate Trusted, e.g., Global Sign by installing it on the Palo Alto without installing the certificate manually on the users' computers?! Thank you ...

mshamsan by L1 Bithead
  • 7131 Views
  • 4 replies
  • 0 Likes

Resolved! Ineffective IP spoofing protection

I have IP spoofing protection enabled on PaloAlto but it is not effective due to the following reason: My external Interface IP is 1.2.3.1/24 . The spoofed attacks are coming from a fictitious source IP for e.g. 1.2.3.25 destined to 1.2.3.50(web server). As per Palo's IP spoofing definition, this is not blocked because 1.2.3.25 is routable over ...

The user Id tab under not able to detect AD Group but Group Incluse List shows the Group

I am unable to find the User group under user column in the Firewall Policy Tab and i see that the User Id agents are connected to the Firewall but when i do the same Search under the Group Inclusion List i see the Group in that Tab. I was wondering what is happening in the User Id tab in the Policy tab as the AD group not showing up

Knowledge sharing: High Data Plane CPU because of DDOS or overutilization (access to Palo Alto Auto Assistant may help)

I have seen for example on a small firewall when the customer enables SSL decryption that the counters for work groups "ecdhe_key_gen", "flow_host " etc. jump. This may show that the firewall can't handle the ssl decryption or that there is an SSL DDOS attack: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmV2CAK ht...

behavior in multi-vsys with shared gateway and DNAT policies

Dear community, We have a firewall with multi-vsys and the following scenario: 1 shared gateway and 1 public IP on external zone 1 virtual system and 1 private IP on internal zone We configured DNAT to allow access to private IP from Internet following this article:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHxCAK...

Carracido by L4 Transporter
  • 3384 Views
  • 3 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks