This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

Palo Dual Action on Same Malicious Domain

We have found in the logs, Malicious DNS queries are being blocked but few of them are in Alert State. however the Domain is marked as a malicious in DNS signature at Threat Vault.Can you please elaborate why paloalto having dual action on same malicious domain.

Joshan_Lakhani_0-1610996825658.png

Replacing a zyxel home router - IGMP proxy for IPTV problems

Hi, I am trying to replace my ISP-provided Zyxel home router with a PA-200. I'm also subscribing to IPTV from the same ISP, with a Thomson DBI-8500E-TLN2 IPTV PVR.The zyxel - while branded, appears to run standard zyxel firmware - the config doesn't contain anything related to IPTV, but it has an "IGMP Proxy enabled" setting. Is there a way ...

hklygre by L1 Bithead
  • 6326 Views
  • 4 replies
  • 0 Likes

Locked out after adding Allowed IP Addresses to Management interface

I did not see any good information on how to fix this issue. I accidently entered the wrong subnet under Device > Interfaces > Interface > Allowed IP Addresses and was locked out of my primary firewall. I could still login to the backup as this was not a shared setting. I opened a support case and they did not offer a good solution to f...

Resolved! Layer 3 Subinterfaces VM-Series Firewalls VLAN 4095

When it comes to vm series firewalls, Layer 3 subinterfaces, trunks and port groups, are there any downsides/catches/cautions to setting the ESXI port group to use vlan 4095 (trunk), and then simply utilize layer 3 subinterfaces on the vmseries firewalls with 1 NIC? Article noted below, using just like a normal trunk if I understand correctly? ...

Sec101 by L4 Transporter
  • 5598 Views
  • 2 replies
  • 0 Likes

PA-220 lab licensing

Hi, I'm looking to purchase a PA-220 lab unit (lab license) for home. Basically, using it for labbing with my personal internet/internal traffic. Are there limitations with that device/license, such as bandwidth limits

ce1028 by L4 Transporter
  • 12382 Views
  • 3 replies
  • 0 Likes

Resolved! Global Protect DHCP Pool utilisation

Hiho, I´d like to know how to see how much ipv4 adresses of the pool are in use or free so I need to know when to enlarge the pool.That dhcp redirect doesn´t work I unfortunately recognized while searching the forum regarding dhcp and gp.We are using always the prefered version of the 9er release. I wasn´t able to find relevant information withi...

Read-Only Superuser by Security Zone

Hello, I hope everyone is staying healthy. I work at a company that provides ISP services to public schools, each school district is divided in to separate security zones on our Palo and I am trying to see if a read-only user can be created that is able to only look at security and NAT rules for their assigned zone. I've been fiddling around in...

Resolved! IPSec VPN restarts very often

Hallo,I have defined a IPSec VPN connection with following params:ike: 3des/sha1/dh5 Lifetime: 8 hoursipsec: ESP/3des/sha1/dh5 Lifetime: 30 minutes (life size not set, shows 0MB)ike gateway: main mode, DP enabledThe connection is established but in system log I see very often (every 5 sec.) tunnel is again and again down and up. We have packet l...

Resolved! Need help on configuring SNMP V3 to send trap messages to OpManager (Net Flow)

Hello Team, I have tried to configure SNMP V3 to send trap messges to opmanager in palo alto. - At the tiime we struct with engineID,here we are unable to find engineID for Palo Alto in Opmanager. - And also SNMP Walk itself its not working.- Its seems something i was missing in the configuration.- Can anyone help me here on what are things need...

Access Denied on doc links within Live Community

Maybe it's because I'm new here. BUT, every doc link I click on via a post in the Live Community gives me an 'Access Denied. You do not have sufficient privileges for this resource or its parent to perform this action. Click your browser's Back button to continue.'What am I missing? Please help.Below are several of the links I've tried and all g...

DCas by L0 Member
  • 4035 Views
  • 2 replies
  • 0 Likes

Traffic takes different routes depending on application

Hi community,I am facing a weird behavior that is driving me nuts.I have 2 sites linked by a Leased Line (zone L3-GW-InterDC) and an IPSec tunnel (zone L3-VPN) as a backup. 2 static routes are therefore configured, with different weight and path monitoring. I don't use PBF in this setupEverything works fine, except for this traffic between 2 hos...

FlowBank-IT_0-1610986904030.png

Resolved! Clientless VPN not displaying page content when using any browser

Hi, We have set up a clientless VPN trying to access a server with AIV Hub on it (this provides a customer portal). The VPN works fine and we can log in and see the application.The URL for the application is http tcp port 8080 so it has been written as http://x.x.x.x:8080/aivIf I click on the app a new browser tab opens but the page does not loa...

Detect ipsec vpn tunnel down with remote palo alto peer

PA5020/PAN-OS 7.1.10 I am trying to develop a NAGIOS check to get an alert , when a vpn tunnel between PA's at different locationsis down. So far I have been looking at the ifup-status of the corresponding tunnel interface at the local firewall. It turnsout that this is still up , even if the vpn tunnel is down. From the local firewall, this c...

Default interzone deny rule showing Allow traffic logs.

Default inter zone deny rule showing Allow traffic logs. There are expected deny logs but some requests are getting allowed by hitting default interzone deny rule.Very Strange behavior and we have already verified the Rule and its actions, it is configured to deny traffic from any to any. Please share if any thoughts on this....

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks