This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4473 Views
  • 0 replies
  • 0 Likes

Fresh from scratch firewall config

So i can't find much on what rule of thumb to follow. If you know what applications you want to be allowed, should you start with the level4 version of the rule using just a port and then migrate to app based rule? Once app id identifies it properly migrate using best practices? Do you start off with the app id version of the firewall rule right...

Anydesk config

Hello,I have tried to allow some specific users to use anydesk, but it did not work.in security policy, under application allowed anydesk, service allowed anyin nat, service allowed - tcp 80, 443, 6568, 7070 (destination tcp)but it did not worked. plz guide me on this. thank you.

dwalll by L0 Member
  • 3084 Views
  • 1 replies
  • 0 Likes

User-ID Help

In recent weeks we've had a problem reported where one minute a site will be accessible for instance Youtube and then it won't be and then it will and it goes on, after looking in the logs when the connection to Youtube fails is when the log show no USER-ID when it works it shows a local USER-ID. We use an AD group for access to general interne...

JonHill by L1 Bithead
  • 3654 Views
  • 4 replies
  • 0 Likes

Resolved! How Palo Alto enabled with DNS Sinkhole will see original Client IP Address; when internal DNS server working in Recurisive mode?

Hi All, I need help in solution to know how actually Palo Alto enabled with DNS Sinkhole will see original client IP Address making DNS request to a domain in DNS sinkhole list. More Information is:My client computer with IP address (10.10.10.10) configured with Internal DNS server with IP Address (10.10.10.20). Internal DNS server working in th...

7000 series log forwarding card not forwarding traffic logs to collector

Hey everybody,I'm setting up a 7050 with a log forwarding card to a dedicated log collector. On the log collector, I have it set to device log collection and collector group communication on ethernet1/5. I have log settings configured as well as a log forwarding profile. With traffic running through the firewall, I'm seeing hits against rules...

dan731028 by L3 Networker
  • 5660 Views
  • 4 replies
  • 1 Likes

Resolved! Azure ip-range list EDL size

Hi, I ran into a problem today when expanding a customer's environment. I'd previously set up an EDL pointing to a Minemeld-generated list of all Azure ip-ranges, no problem thus far. I've done this for other customers before without any issue but noticed now that when I used the recommended prototype azure.cloudIPsWithServiceTags it generated a...

QoS Profile Configuration

I'm doing my first PAN QoS configuration- it's for a SIP trunk to a carrier from our VoIP network. I've read through the procedures and wanted to do a sanity check for my approach: 1) I've configured my security rules for SIP to have QoS "Follow Client to Server Flow" to maintain the DSCP markings from carrier to VoIP internal network and vise-v...

Panorama require description on policies

Greetings: I am exploring enabling "Require description on policies" in Panorama. From the documentation it is not clear to me if by enabling this feature will only apply to new or edited policies or ALL existing policies will require a comment. Does anyone have any experience with this feature that they could share? Thank you in advance for ...

SNMP - OID RAM/HD Usage

Hello!!I am using OP Manager to check my Palo Alto 3020 through snmp, but i don´t have the OID to check RAM/HD % usage, i downloaded all MIB from Palo Alto Page and uploaded to OP Manager. I haven´t seen the OID to check that resources. Do you have the OID/MIB?I used the "show system resources" and "show system disk-space" via cli and it worked....

Resolved! Global Protect previous user ??

I personally have logged on and logged off every day, but the previous user report only shows my login as 5 times in last about 2 months.So what is this command actually telling us. I could not find any information on this command show global-protect-gateway previous-user

raji_toor by L4 Transporter
  • 2723 Views
  • 1 replies
  • 0 Likes

Resolved! Migration Issue from PA-3020 (No-HA) to PA-3220 with HA-Active/Active

Hi Brothers, Existing PA-3020 (PAN-OS 7.1.7) and New PA-3220 with HA-Active/Active (PAN-OS 9.1.x) How to Migration the Configuration to new device?1. Just backup the 3020 config and restore the config from PA-3220?2. Any Migration Tools convert?** the Existing Device NOT Accept Firmware Upgrade, Due to the Next Phase the PA-500 not support PAN-O...

Resolved! Wildfire

I was wondering ifsomeone could help with clarifying how the WildFire– Proof Point integration works.A client of ours has Palo Alto NGFW in more geographically distant locations, and they also have Proof Point integrated with Wild Fire.[1] How and with whom does Proof Point communicate and where is his position in the network?[2] In regard to th...

Hammer88 by L1 Bithead
  • 8639 Views
  • 6 replies
  • 0 Likes

AV Profile - Alert action

Hello guys, I have a question about the alert action in the AV profile. - When I configure alert in AV action (threat already known), is traffic allowed or blocked?- When I configure alert on WildFire action, is traffic allowed? or does it depend on the detection I do on the file? I'm a bit confused, as I have traffic being allowed, when Wildfi...

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks