This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

Resolved! Problem with Panorama pushed updates

Hello all, i have problems with the security policy push.When i try to push them the commits fails with : . Validation Error:. rulebase -> security -> rules -> ms-ad -> destination 'offices-subnet' is not an allowed keyword. rulebase -> security -> rules -> ms-ad -> destination offices-subnet is an invalid ipv4/v6 address...

stef by L2 Linker
  • 13944 Views
  • 10 replies
  • 0 Likes

Resolved! Palo Alto SSL Decryption Question

Hi All, I'm looking to subject ssl traffic to my security profiles, but to do this, I believe I am understanding that for inbound traffic from the outside, you need to import the same certificate and key from each of your protected servers on the inside network into the Palo Alto. Is that true? If so, why? I don't really understand why the Palo ...

Dual Boot Detected

Hi All, Any idea why PA firewall does generate the below error? domain: 1receive_time: 2020/06/25 08:34:48serial:seqno: actionflags: 0x0type: SYSTEMsubtype: generalconfig_ver: 0time_generated: 2020/06/25 08:28:13dg_hier_level_1: 0dg_hier_level_2: 0dg_hier_level_3: 0dg_hier_level_4: 0vsys_name:device_name: vsys_id: 0vsys:eventid: generalobject...

Resolved! Logging to Panorama and Splunk

I am standing up Panorama and not sure where to send logs. I currently have my firewalls sending logs to Splunk via a syslog server, and I want to keep getting logs into Splunk. Is there a best practice or recommended config? Option 1. Send firewall logs to Panorama and then from Panorama to SplunkOption 2. Configure firewalls to send to both Pa...

Slow Google searches on 9.0

Recently we changed to 9.0 code. We are running decryption on our firewalls. I've seen some very slow google searches recently, and a few errors when searching all while using chrome. Eventually the page will load the search if I wait long enough. It's almost like chrome is failing the search at first, and then succeeding? Wondering if...

Sec101 by L4 Transporter
  • 16581 Views
  • 23 replies
  • 0 Likes

Resolved! Delay on initial connection with globalprotect session

I have a vm-100 on azure. I configured it to route all traffic from globalprotect client, no split tunnel. I noticed that when I browse a site, the initial connection takes about 5 to 10 second to show the first page but it's fine after the initial connection. Even the pan management page has the same issue. Any idea how do fix this?

Overlapping destination subnets over IPSEC

Hello,I have following scenario. I have a two IPSEC connections to Oracle Cloud. The destination IP range is the same on both networks.IPSEC A - dest IP range 10.1.6.0/24, security zone Oracle1IPSEC B - dest IP range 10.1.6.0/24, security zone Oracle 2LAN - 192.168.0.1/24 Static routing:10.1.6.0/24 to IPSECA10.1.7.0/24 to IPSECB I have created a...

General - PA 5220

Hi I have in logs this messageType - SYSTEMSubsystem - Generalopaque: Number of hints on disk has exceeded 5000 due to log forward failures. Someone may have had this error ? Mr.P

Resolved! VPN remote desktop connection deep inspection

Hello Bros, In our deployment we had to give access for few employees to ms-rdp to their work PCs to do remote work staff.recently we started to receive some complains regarding connections for all rdp's and other collaboration services through the VPN. while we were trying to investigate the ms-rdp rules logs, we found that we have...

Emails with PDF Attachments converted to winmail.dat

We currently have a PA220 running 9.1.5 and a strange situation occurred on Monday where emails with PDF attachments sent via outlook 2016 from a local client to office365 Online Exchange and the recipients were receiving the email as winmail.dat. Has anyone see this behaviour and Is there anyway to check if Wildfire was converting the attachmen...

File blocking not happening

Hi team, I have a file blocking profile for upload direction for all type of applications and file types.I am using Decryption as well, Only in Google Drive File blocking is happening in so weird manner.Pdf's and jpegs are getting blocking if only they are in less than 1MB, if they are more than 1MB files are getting uploaded.I see the traffic i...

Subinterfaces on Hyper-V

Hello,I tried to set up PA -100 VM on hyper-V but I have a problem with trunking. I have to have configure subinterfaces on the Palo VM site. I added tagged VLANs on the switch side but I can't configure this to work on the hyper-V side. Meybe someone have some example how to configure this from the Hyper-V side? Reagrds

Resolved! Static IP configuration

I have some question regarding static IP given by ISP and how to configure it on the firewall as the external interface IP. ISP has given me IP of X.X.X.120/27. Next hop gateway is X.X.X.97 How would you configure this on firewall, because the other IP addresses in the /27 range appear to be used by other businesses, not mine Seems like incorre...

ce1028 by L4 Transporter
  • 5437 Views
  • 3 replies
  • 0 Likes

Unable to disable HTTP & TLS evasion

Hi Team, I have enabled antispyware allow profile for HTTP & TLS evasion, but still we are getting alert log, any reason. How to fix this. Configured above setting, please help to solve this issue.

rbabu0_0-1608216677507.png
rbabu0 by L1 Bithead
  • 2277 Views
  • 1 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks