This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4124 Views
  • 0 replies
  • 0 Likes

How long time will need to prepar the PCNSA

Hi everyone I would like to prepare the certification PCNSA.My idea is to pay the tax exam as soon as posible will make force me to study the exam. I would like to know how many hours and time will need for I am going to the exam. Regards

Athan123 by L0 Member
  • 5590 Views
  • 2 replies
  • 0 Likes

Resolved! 2 ISP NAT question

Hello, we have 2 ISPs . .Static route with metric 10 for the 1st one and another static route with metric 20 for the second one .We have 2 nat rules for LAN. 1st one is via ISP1 and 2nd is via ISP2.So when we change the default route we need to reorder the NAT policies in order to have internet.Is there a option to change default routes without...

stef by L2 Linker
  • 2509 Views
  • 1 replies
  • 0 Likes

PA Destination NAT

I have a use-case that all subnets/VLANs should be able to access the server (192.168.4.4) via HTTP using the loopback IP address 192.168.6.2/32. The PA firewall is the gateway for all the VLANs. I would like to confirm if this is possible? The source will be VLAN 5 or VLAN 10 and destination is VLAN 20's loopback IP 192.168.6.2/32 using HTTP se...

Nikko by L1 Bithead
  • 3073 Views
  • 2 replies
  • 0 Likes

Resolved! Aplicação incompleta

Galera, boa tarde. Estou com um problema bastante confuso, tento acessar um determinado site "HTTP" é recebo a erro (Não é possível acessar esse site), realizamos um teste fora da nossa rede é o acesso é realizado normalmente. Analisando os LOGS verifiquei que recebemos a ação incomplete.O que estamos fazendo de errado ?

Lucaaslr_0-1620676620608.png
Lucaaslr by L0 Member
  • 2697 Views
  • 1 replies
  • 0 Likes

application

Guys, good afternoon. I have a very confusing problem, I try to access a certain "HTTP" site and I get an error (It is not possible to access that site), we perform a test outside our network and the access is done normally. Analyzing the LOGS, I found that we received the incomplete action.

Lucaaslr_0-1620677681082.png
Lucaaslr by L0 Member
  • 2937 Views
  • 3 replies
  • 0 Likes

User-ID only tags IPv4 or IPv6 address in dual stack

I've got the User-ID agent installed on three servers and I've recently began enabling IPv6 internally and I've noticed a problem. The traffic logs in Palo Alto only associate either the IPv4 address or IPv6 address of a machine with a username depending on what is the preference in Windows. How can I get the username to be associated to both ...

Lcroce by L1 Bithead
  • 5333 Views
  • 3 replies
  • 1 Likes

can MineMeld be installed on ubuntu 20.04?

I'm getting this error, how do i get around it? $ sudo apt install -o Dpkg::Options::="--force-overwrite" -y minemeldReading package lists... DoneBuilding dependency tree Reading state information... DoneSome packages could not be installed. This may mean that you haverequested an impossible situation or if you are using the unstabledistributi...

Thyrion by L2 Linker
  • 4787 Views
  • 2 replies
  • 0 Likes

NGINX configuration for SSL Inbound Inspection

Hello everybody, I'm trying to enable SSL Inbound Inspection to decrypt traffic to an internal webserver that runs on NGINX. I have already added the server certificate and key, and set up the corresponding decryption policy. The problem is that the firewall is not able to decrypt the traffic due to unsupported cipher, so I'm trying to force t...

grenzi by L3 Networker
  • 4399 Views
  • 2 replies
  • 0 Likes

Resolved! RHEL7 - /bin/sh ./configure Permission Denied

Hi all,I'm installing minemeld-ansible on Redhat 7.When i run this command:sudo ansible-playbook -K -i 127.0.0.1, local.ymli got this error:`PLAY [minemeld playbook] *************************************************************************************************************************************************************************************...

Resolved! PA-220 Size

dear all,in my environment, we have 100 computers and 8 servers, one internet connection, maximum 10 or 15 users need VPN and we planning To buy PA-220 .question: Does this device meets our needs?

YOOG887 by L1 Bithead
  • 6221 Views
  • 7 replies
  • 0 Likes

trust-untrust common apps block user

Without giving any low level infohow would a person go about a blocking a single user, via policy, get blocked from trust-untrust common apps w/o affecting other users?Create a policy above it? Or negate the user?

PA200-1 by L1 Bithead
  • 2096 Views
  • 1 replies
  • 0 Likes

Disable TCP 1323 Timestamp response through Palo Alto Firewall?

Hi,I'm wondering whether is there a way to set the PAN Firewall to detect and drop TCP 1323 Timestamp queries to servers?According to some web vulnerabilities scanning reports, it is reccomended to disable the TCP Timestamp as it discloses server uptime information, allowing attackers to guess the OS patch status.In the recent Windows server OS ...

TCP timestamp response During the vulnerability assessment

In my case, the team is performing a vulnerability assessment on PA820Vulnerability Title: TCP timestamp response.Description: The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerpri...

Resolved! Migrating config from PA -500 to pa 220

IHi,Planning for upgrading PA-500 to PA-220, Just wanted to be sure that if we download the current running config from PA-500 and import it to new PA-220 device, will that work? I am not sure if Importing configurations between non-matching hardware versions works in this case,according to thishttps://knowledgebase.paloaltonetworks.com/KCSArtic...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks