This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4469 Views
  • 0 replies
  • 0 Likes

SSL Inbound // decrypt-unsuppot-pram

What can i do here..Is it something we have to fix on server side or firewall. Not Working, Block sessions with unsupported cipher suites, Selected.Protocols allowed min SSL3.0 to MAX Working, with Block sessions with unsupported cipher suites, Un-selected. NMAP scan of server

raji_toor_1-1593023342068.png
raji_toor_0-1593023022338.png
raji_toor by L4 Transporter
  • 3141 Views
  • 3 replies
  • 0 Likes

Session Keep Alive packet size

Good Afternoon Community! I believe there is a minimum packet size for an application keep-alive packet for Palo Alto to register a session match. I am just having a hard time finding that documentation. Does anyone know and could share or am I mistaken?

Path Monitoring for Auto Fail over between 2 ISP but it is not working

I recently configured Path Monitoring for Auto Fail-over between 2 ISP but it is not working. Primary route is not removing from the routing table even when destination IP is unreachableISP-1: x.x.x.xISP-2: x.x.x.x I have configured both interface on single zone so that single policy applies then I configure Path monitoring. I am using single Vi...

Multiple MFA vendors at the same time

Good morning,We are currently using Symantec VIP for MFA with our PA. Management would like to move to Okta and would like to know if both can be used at the same time? Thanks,Steve

Block Dynamic Domain from Security Rulebase

Already the specified Malicious URL getting a block from URL Filtering and detected in Threat Prevention with action.it’s a dynamic FQDN/IP that has to block from the security rule base too, but the does not want to add each IP to block as he received every time.looking for a solution where the dynamic IP can be blocked from the firewall itself ...

Resolved! File Blocking profile

Currently we can only see the logs for the files being blocked.Can we set up the logs to allow us to see the successful transfer of a file? Does Alert/Continue Action of File Blocking Profile log entry in the Monitor > Logs > Traffic?

Passing original IP information for source NAT translated traffic

I don't know the feasibility of this on the PAN. I've seen this done by means of custom scripts on load balancers. But, I thought it might be better to ask here since there are always more than one person with the same issue. The current situation:I have a PAN firewall between the Internet and my HA-Proxy server.The source traffic arrives at the...

DelvinC by L2 Linker
  • 3888 Views
  • 1 replies
  • 0 Likes

Resolved! how to configure HA in PA VM-500 deployed in ESXi

How we can configure HA2 for PA-VM Active passive deployment in ESXi. Can we use ip-address from mgmt network to use it for HA2 on both firewall.eg. 1.1.1.1 - Active firewall mgmt ip 1.1.1.2 - Passive firewall mgmt ip 1.1.1.3 - HA2 ip addres for Active firewall 1.1.1.4 - HA2 ip address for Passive firewallor do we require to take...

Deepak_K by L3 Networker
  • 3253 Views
  • 1 replies
  • 0 Likes

Address monitor and remove from address group

Hi Community, Customer is performing session distribution using destination NAT. They have three server nodes so they put them together in one address group and called that group in destination NAT session distribution. it is working fine. But they want to remove one of those address if there is some problem with that server(like server is not r...

Bricking a firewall?

Ok, I am not surprised in life that an upgrade can go wrong. Happens on many different technologies. But I recently had my over $60k PA5220 firewall brick going from 17.x to 18.x. And that was after getting advice from PA support before doing the upgrade to try and avoid a problem. It amazes me that there is no reliable factory reset funct...

tyler by L1 Bithead
  • 2620 Views
  • 1 replies
  • 0 Likes

Not able to comunicate with paloalto eth 1/2 interface

Hi Guys I have come here with lot of hope , I am doing my masters project and for that purpose my topology .My goal here is to show how paloalto can block the threats with its inbuilt IDS IPS ,url filtering , block traffic etc but right now I am facing a issue setting up a network I configured ping managenment on the firewall also I configured t...

Aggregation of ethernet on PA-4050 with Cisco switch

Hi,I am trying to get an aggregation link up between a Cisco and PA-4050 switch (v3.1.2). I have two link in the group and have configured L3 sub interfaces to seperate VLANs. I am able to send traffic across these links but they are clearly not functioning as aggregated interfaces as i loose packets when failing one of the two links (more like ...

Palo Alto Zone Primer

Hi All! I've recently been creating video guides on Palo Alto Topics. This time I've started on zones.This includes why we use zones, how they help, and some advanced features that PA have (zone protection profile and packet buffer profile). If you're interested, or know someone who's learning, here's the video:https://youtu.be/dBKC6Q0dpdk Enjoy!

Luke_R by L2 Linker
  • 3408 Views
  • 1 replies
  • 1 Likes

PAN-OS 8.0.5 sending continuous delete and create for IPSec SA

PA is sending continuous delete create every 3 seconds. It can be seen from the PA logs that SPI 0xAFD67238/0xC436E70E created at time 2020-06-13 05:50:55.230 and PA became responder for established child SA. For some strange reason PA again triggers child sa creation at 2020-06-13 05:50:55.968 for SPI 0x965504AB/0xCA05A690 and delete older SPI...

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks