This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Qos question

Hi,I have traffic shaping enabled on FG and at the same time PA also.traffic flow is as below client goes through FG then PA then go to internet or wan traffic shaping policy running on fortigate , and qos policy is there on PA also Let's say if i set bandwidth for client A ON fortigate 10 Mbps and 20 Mbps on PA , Speedtest Showing 10 Mbp...

PA-DEL-1.png
simsim by L4 Transporter
  • 9070 Views
  • 13 replies
  • 0 Likes

Session created by Syn Cookie

Hello, what process and what is going on if a session (SIP) is created by "Syn Cookie" ?Is this a valid Session, does this indicate a Problem ? We configured an App-Override Policy to mitigate Problems between Phone-System and SIP ALG.We see now all Sessions are created based on Syn Cookies. René

rekuhn by L2 Linker
  • 2334 Views
  • 1 replies
  • 0 Likes

IPSec site-to-site tunnel not allowing all traffic both ways

I followed the guides to set up an IPSec site to site VPN tunnel between our main office and satellite office using static routing, but I can't access our servers through the tunnel. From the main office, I can access everything on the satellite office's subnet, but from the satellite office, the only thing I'm able to access through the tunnel ...

GlobalProtect Xauth for iPhone and Android

We have setup GlobalProtect Portal and Gateway working perfectly with SAML auth on MacBook Pro and Windows laptop. The only issue is, GlobalProtect Mobile app is not available in our app stores. So I'm looking for setting up IPSEC Xauth on PAN so that mobile could connect to IPSEC as well. How to set it up? I've tried to use the current Gate...

ZhenGuo by L1 Bithead
  • 4386 Views
  • 1 replies
  • 0 Likes

Resolved! Implementing SSL Forward Proxy

I have a problem!!, I'm implementing SSL Forward Proxy, all the guides say I have to install the certificate in all the clients, isn't there an alternative to this? I have a lot of visitors and I shouldn't have to install a certificate.I used to have pfSense and this made it transparent. PanOS 9.1

Need Help deleting files on PAN /dev/sda8 and /dev/root

Hi All,Need help on how to free up spaces on the below partitions on my PAN device, support cannot seem to figure this out. Please help.. Filesystem Size Used Avail Use% Mounted on/dev/root 4.0G 3.4G 407M 90% /none 4.0G 56K 4.0G 1% /dev/dev/sda5 24G 16G 7.3G 68% /opt/pancfg/dev/sda6 4.0G 1.3G 2.6G 34% /opt/panrepotmpfs 4.0G 110M 3.8G 3% /dev/shm...

sokonta by L2 Linker
  • 6925 Views
  • 1 replies
  • 0 Likes

install PanHandler on Windows 10 system.

Published install instructions for PanHandler are for MAC and Linux systems. I run Windows. Here is how I installed PanHandler on my Windows 10 system. Install Docker for Windows from the Docker Hub -- https://docs.docker.com/docker-for-windows/install/ I’m at Docker Engine v19.3.5 Once Docker is installed and after your system has reboote...

Resolved! Questions about deploying serverfarm FW

Hello,Currently, every server is behind trust zone, so I can't control traffic from trust user or server to server by FW. I have two options 1 attach server farm switch to edge firewall 2 deploy new FW in front of server farm switch Which is more common way and is there any better reason to chose 2nd option than 1st?

yhlee1 by L2 Linker
  • 3236 Views
  • 1 replies
  • 0 Likes

Disable Cipher Suite

As of the pen test via SSL LAB i was observed that less secure ciphers like DES, RC4 were supported by global protect portal ,so that i have disable the all the weak cipher suite and it's successfully done but the when i disable CBC-256 Suite when i commit it got this error Please Suggest protocol-settings { min-version tls1-2; max-versio...

Joshan_Lakhani_0-1596646238785.png

How to inspect email contents within outlook.office365.com?

I have decryption turned ON for outlook.office365.com url but firewall cannot really inspect the contents that are inside the email. Is it because Microsoft encrypts the email and Palo doesn't know how to decrypt it? has anyone tried decrypting outlook email traffic and successfully log the data files inside them?

Strange behaviour of HA pair active passive

Today i've noticed a strange behaviour of HA pair of Pa820 (panos 8.1.6) in Active passive configuration.In the dashboard page i've noticed the running config not in sync with peer.So i checked the differences with the diff button and i discovered that master node want to replace its own ha settings on the slave node.And also the management ip!O...

Clip.jpg
Clip_3.jpg
Clip_4.jpg
Padmin7 by L0 Member
  • 3507 Views
  • 2 replies
  • 0 Likes

PAN-OS 8.1 Partial IPs Captive Portal redirect not working

Hi Everyone I have some problem for Captive Portal redirect.PAN-OS - 8.1SSL decryption - enableAuthentication - Active DirectoryIPs - 1000+-Platform - 3250 Series the problem is partial IPs cannot get captive portal page to authentication, but partial IPs success work at captive portal, we think maybe the loopback ip already been used at other ...

TysonLiu by L2 Linker
  • 3228 Views
  • 2 replies
  • 0 Likes

Dashboard we don't want to see global protect client version

global-protect-client software need to remove from "currently activated" in short we dont need to see any activated global-protect-client software in NGFW.Tried to delete but unable to see delete software image i.e cross sign which has currently activated in NGFW, if i will download other version with activate then previous one is showing cross ...

image.png
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks