This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4125 Views
  • 0 replies
  • 0 Likes

How to inspect email contents within outlook.office365.com?

I have decryption turned ON for outlook.office365.com url but firewall cannot really inspect the contents that are inside the email. Is it because Microsoft encrypts the email and Palo doesn't know how to decrypt it? has anyone tried decrypting outlook email traffic and successfully log the data files inside them?

Strange behaviour of HA pair active passive

Today i've noticed a strange behaviour of HA pair of Pa820 (panos 8.1.6) in Active passive configuration.In the dashboard page i've noticed the running config not in sync with peer.So i checked the differences with the diff button and i discovered that master node want to replace its own ha settings on the slave node.And also the management ip!O...

Clip.jpg
Clip_3.jpg
Clip_4.jpg
Padmin7 by L0 Member
  • 3511 Views
  • 2 replies
  • 0 Likes

PAN-OS 8.1 Partial IPs Captive Portal redirect not working

Hi Everyone I have some problem for Captive Portal redirect.PAN-OS - 8.1SSL decryption - enableAuthentication - Active DirectoryIPs - 1000+-Platform - 3250 Series the problem is partial IPs cannot get captive portal page to authentication, but partial IPs success work at captive portal, we think maybe the loopback ip already been used at other ...

TysonLiu by L2 Linker
  • 3232 Views
  • 2 replies
  • 0 Likes

Dashboard we don't want to see global protect client version

global-protect-client software need to remove from "currently activated" in short we dont need to see any activated global-protect-client software in NGFW.Tried to delete but unable to see delete software image i.e cross sign which has currently activated in NGFW, if i will download other version with activate then previous one is showing cross ...

image.png

Clientless VPN and bypassing the Guacamole admin login page

Hi, In the middle of POC testing accessing internal servers via RDP, using Clientless VPN and Guacamole. The Clientless VPN and Guacamole side are already set up and working fine. This is how I would like to see the POC working:1. External users connect to the Clientless VPN gateway.2. Enter their 2-Factor-Authentication details (I will be using...

rchung54 by L2 Linker
  • 3977 Views
  • 2 replies
  • 0 Likes

Resolved! DOS profile for critical servers

Hi Guys, I want to create the DOS profile for critical servers. I read that I can use classified type so connection count toward only one IP address.My question is can I add multiple servers IPs in same DOS Rule or I need to create multiple DOS rules. Also, I might need to tune threshold base on servers so is it better to create new DOS rule?If ...

shafi021 by L2 Linker
  • 4321 Views
  • 3 replies
  • 0 Likes

External BGP Static Route Advertisement, with Path Monitoring an inside net

I have an existing LAN with two data centers. The firewalls at each are not in a cluster, and have different internal/external connections and tunnels, so changing to active/active it not possible. They each have separate DMZ's right now.We need to build a new redundant DMZ.I've implemented static routes with next hop of none for my Public IP's ...

Have you heard of the Cyber Elite?

In case you missed it, the LIVEcommunity team has just introduced the LIVEcommunity Cyber Elite program. What is the Cyber Elite program you ask? This is a program that we have helped create to recognize the Expert members of the LIVEcommunity. We in the LIVEcommunity know that a community is only as good and strong as our members (and boy d...

pan_live-community_cyber-elite_v3.png
jdelio by L7 Applicator
  • 6646 Views
  • 3 replies
  • 11 Likes

HL7 Traffic / Unknown-TCP traffic gets denied.

We are standing up some new PA firewalls and have been testing with some HL7 servers. Testing has been going well until recently where "unknown-tcp" traffic gets denied. It seems that it only happens when the transfer of a specific file/message is being transferred. I spoke with our the HL7 Interface/Server guy and he shared this bit with me....

rkoenig by L3 Networker
  • 14440 Views
  • 11 replies
  • 0 Likes

Resolved! Public to Public RFC 1918 blocks

Hi, I am looking to block the RFC 1918 blocks coming from internet to our LAN zone. So, Policy will be Source zone: Public , IP: RFC1918 blocks, Destination zone: LAN, IP : any .Can you guys please confirm that creating this policy will fulfill my requirement? @OwenFuller can you please give your input? Thank you

shafi021 by L2 Linker
  • 7707 Views
  • 2 replies
  • 0 Likes

Primary and Secondary SSL VPN global protect

One question that comes in my mind, can we use fallback URL or IP in Global Protect client? Like in Cisco AnyConnect, if the primary VPN Server or internet source is down then client connect with the secondary internet source automatically.

aneeqzia by L0 Member
  • 4026 Views
  • 3 replies
  • 0 Likes

Resolved! x-forwarded-for header in traffic log on AWS VM

Hello, My FW is behind ALB, so I want to see original Src IP. I enabled "use x-forwarded-for header in user-id" setting and user-id on the zone.But there is no info on source user column in traffic log. I can see the information in url filtering logs using, but I want to see that in traffic log too.It seems to be possible when I look into manual...

yhlee1 by L2 Linker
  • 7067 Views
  • 5 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks