This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

Disable NAT from Untrusted to Trusted device

Hello! I am trying to port forward port 25 traffic without a NAT to an email security appliance behind the firewall. The problem is when SMTP traffic is forwarded through the Palo Alto the client-IP address of all e-mail going to the email security appliance is the private IP of the Palo Alto. I need to disable NAT for this traffic so that the I...

daemon and processes.

Hi team, I would like to know why Daemons and processes ids are getting suspended or not working.I can see that which daemon stopped working by this cmd, > show system software statusand for example: routed is stopped and i have restarted the routed process.But here i want to know what caused that daemon to not work ? Is there a way to check ...

Global Protect Gateway certificates when using SAML

We recently switched to using SAML (ADFS) authentication for connecting to our Global Protect Gateways. These GP Gateways have a SSL/TLS Service Profile with a certificate signed by a CA created within the PaloAlto firewall that serves as the portal. This all still seems to still be the recommended setup at https://docs.paloaltonetworks.com/glo...

packet loss

Hi,when I am downloading file from internet , I can see lot of packet loss and congestion in wireshark capture analysis .I want to make sure PA is the culprit How can I verify this . I have disabld QOS on PAThanks

simsim by L4 Transporter
  • 2652 Views
  • 2 replies
  • 0 Likes

Resolved! Default EDLs and manual exceptions

I'm working through a best practices assessment and one of the recommendations is to create security policies to deny traffic inbound or outbound to the two default external dynamic lists: 'Palo Alto Networks - Known malicious IP addresses' and 'Palo Alto Networks - High risk IP addresses'. My concern, though, is that we have multiple sites con...

Convert from Cisco to Palo

I downloaded the expedition to ubuntu. I am have everything running. When asked to Upload a Panos or Panorama configuration XML file. Export it from your device. What template can I use for this. I have a cisco ASA .txt file I would like to convert. thank you

jimf69 by L1 Bithead
  • 3750 Views
  • 3 replies
  • 0 Likes

Questions about FIPS-CC Mode

Greetings all, We've got a department on our network using a piece of higher-security software. The software audit came back and indicated FIPS 140-2 encryption is required when the traffic is going across any network other than ours. I've started looking into what that would take on our firewall so that our GlobalProtect endpoints and IPSec co...

jsalmans by L4 Transporter
  • 7321 Views
  • 5 replies
  • 0 Likes

File Type "Unknown Binaries"

We just need to know the wildfire file type which is allowed to dynamic analysis.As I know the following URL described allowed file type for sandboxing but what happened with unknown Binaries ( unknown Extention ) when it classified as an unknown file. https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/wildfire-overview/wildfire-file-...

Allow traffic to specified hosts/networks when Enforce GlobalProtect enable

Hi, I want to use the feature Enforce GlobalProtect for Network Access. Outside the company, users must use Global Protect to network access, but when users are on the company site, they should be able to access the local company network. For that I use the parameter "Allow traffic to specified hosts/networks when Enforce GlobalProtect Connecti...

fd9999 by L1 Bithead
  • 3826 Views
  • 4 replies
  • 0 Likes

Resolved! Is it normal behavior Swap : 0k total, 0k used, 0k free, 3751268k cached ?

Hello. Since last week in my monitoring there is an alert of 0% available in swap memory in my 5220 firewall. When I check it by cli the firewall with the command show system resources it shows me the following: KiB Swap: 0 total, 0 free, 0 used. 27097872 avail Mem Swap 0 0 UNKNOWN I would like to know if this is normal behavior, I have already ...

Global Protect Multiple URLS for Internal and External users

Hello team , I have a GP cluster Gateway and Portal . Currently we are using a single URL : vpn.abc.com for both Internal and External users . Now we want to use another URL for External : Partner.abc.com so do we need to create a new Portal and Gateway ? Remember we will still be using the same Public IP address which is for Internal u...

global protect client certificate

Hello Team,We have a global protect portal and gateways running . GP is currently integrated with AD. The certificate on GP is a wildcard signed by an external CA. Currently no certificate check is being made and authentication is purely on basis of AD creds Now the requirement is in addition to credentials a certificate check on client machine ...

Resolved! Whatsapp voice calls are not working thru firewall

Hello Community,I would like to see if anyone had any success with making Whatsapp calls and/or video to work using an internal wifi network.When I try to make a call with my cell phone, I will see "ringing..." and hear the phone ringing. The receiving side will pick up, but my side will still just see "ringing." After about 10 seconds, the ca...

Globalprotect in A-A

Hi, I have some question.If I have configure Active-Active HA and two GP portals with PA-3260.e.g. fw1's portal : 111.111.111.111fw2's portal : 222.222.222.222(limitation of SSL VPN concurrent user from PA3260: 2048 ssl-tunnels)When fw1,2 are in operation, can fw support about 2,000 user per one portal? Or do they share the number of tunnels?Sp...

gksnl11 by L0 Member
  • 2129 Views
  • 1 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks