General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics


Join Us for a Tech Deep Dive Miniseries!


Stop Zero-Day Threats in Zero Time with Nebula PAN-OS 10.2.


Join us live for an in-depth look at the latest advancements in cybersecurity, best practices, tips and tricks, demos and
more to protect your business and defend against threats in real


jforsythe by Community Team Member
  • 3 replies

Accounting in PaloALto over TACACS

I have the TACACS+ configured in PaloALto with Cisco ISE, Is it possible to do the accounting for Palo Alto and i can see the changes in Cisco ISE.


CISCO ISE version 2.4

PAN OS : - 8.0

Dual ISP with VPN

I'm working on configuring a branch office firewall with two ISPs and Site-to-Site VPN to our data center.  The data center side has only 1 ISP connection


I'm reviewing this article again, as I've used it in the past.


MikeC by L3 Networker
  • 3 replies

DoS policy notify



We have configured a DoS policy in order to limit the connections to several internal services.

So when we launch a test in order to check that the connections are being limit we dont see any logs or event reporting it.

But looking in policy statis


BigPalo by L4 Transporter
  • 13 replies

Comcast internet VPN disconnects

My company has not transitioned to GPCS yet and currently still uses Cisco AnyConnect. We have 10K+ remote users and 5weeks ago about 100+ users started getting random disconnects and they are all Comcast users with XB3 type modem. I wanted to ask th


SSL Decrypt Opt Out Page applied selectively

Hi all,


Currently we use the SSL Decrypt Opt Out response page for the SSL Forward Proxy which works great warning staff of inspection.


However I would apply SSL-Inbound-Inspection to our public web servers for Threat Prevention. Unfortunately it app


BGP Advertising prefix to same AS it was learned from.

I'm working on a VRF-centric DC model that utilizes a PA as the firewall platform between VRFs. One of the snags I'm hitting is that if a route is learned from R1 on an AS (say 65001), and is advertised via eBGP to the PA (AS 65002), the PA won't eve


Tyler_C by L1 Bithead
  • 14 replies

BGP config same AS different locations



We found some BGP routes with same AS we are using at our PA3020.

PA3020 AS 65400



BGP route (from Cisco Router)

 *                           0 65394 65390 8035 21302 65400 65316 64540 4755 4755 i


Usually with Cis


user-id agent



So I have 

850 - single pa 

5220 - 2 in a Active active setup



For Windows i have

3 x MS AD - my AD trilogy 

2 x Exchange boxes - they curently are AD's as well

2 more AD - old boxes with FS and PS 

2 FS ... not AD's



I have userid setup for all


block all video streaming with palo alto PA-850??

Hello all,


I want to block all video treaming with palo alto. do do following this:

    1, go to Objects--> URL fitering--> add new URL fitering with name block_video.

    2, in categories, I check in streaming-media and choose block.

    3, I create th


Chivas by L2 Linker
  • 7 replies

Global Protect Client Bundles not installing. VM100

I am trying to install a client bundle for GP on out test VM-100


The VM has no internet connection so I downloaed the bundle from PA




On "device > Global Protect Client " I upload the file, which works but nothign is displayed.


If i go to


Resolved! ICMP reply from the firewall instead of endpoint destination

Hello everybody,

What could cause ping to respond from a different IP?
When tested from source, the response message of the ping command is successful and it's coming from the PaloAlto firewall, not from the destination IP.
Where and how can I verify on


000000 by L1 Bithead
  • 2 replies

New Feature request or ?



I would like to have apolicy that just logs and does nothing else - ie the packet keeps getting evaluated.


some times I want to know there is packet there but not process it with that line.


Can this be done already ?

Top Solution Authors
Top Liked Authors