This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4459 Views
  • 0 replies
  • 0 Likes

Palo-Alto FW 9.0.4 Hardening Steps

Hello Guys, Joined the community recently...!! Hope all you are good in health and doing great..!! Here...I am looking for a recommended and basic hardening steps (not a complete book) along with commands line for GUI steps/process for Palo-Alto firewall (with 9.0.4 version). Simply the hardening steps which must be there and available for all ...

Jimmy20 by L2 Linker
  • 7454 Views
  • 1 replies
  • 0 Likes

Block Page not always displayed

Hi, I have the problem that for some URLs I get a block Page and for other URLs I get the "Error secure connection failed" Message.Both responses have the same session end reason: decrypt-cert-validation.As this happens regarding SSL connections I use a decryption Profile with checked: Block sessions with expired certificatesBlock sessions with ...

97% speed decrease on SMB traffic (PANOS 8.1)

We're currently having some issues with ms-ds-smb (both v2 and v3) traffic on our PA-3020's (active/passive pair), where we are seeing a 97% speed decrease measured against direct traffic. In order to determine the source of the issue, I have tried to disable server response inspection and all the security profiles, but I'm still getting speeds ...

arvesynd by L3 Networker
  • 26049 Views
  • 7 replies
  • 1 Likes

VLAN entry

Hi I have a network with IP addresses in the range of 192.168.100 and 192.168.130 on two singular network cards on the same machine on the local network. Port 4 on the firewall is plugged into another device with the .130 range IP. Port 1 on the firewall is plugged into the local network. I can’t contact the other device from the machine. Any ...

Update to 8.0.6 appears to have broken IPSec tunnel connections

Since our PA updated we've had a problem with one IPSec Tunnel not routing correctly. It appears to relate to just one Proxy ID but I've checked all and they're exactly the same as the PFSense box we're connecting to. Everything was fine until the update to 8.0.6. I've followed this KB... https://live.paloaltonetworks.com/t5/Management-Articles/...

Resolved! HA Status Options UnKnown or Down

I have a pair of Palo-220's that I've pushed my templates to from Panorama and now the HA options on both devices are in an UnKnown or Down state. These templates have been pushed out to multiple other pairs I have setup alos but this pair is only one to have the issue. I have a case open and have been on hold with Support now for over an hour s...

thambright_0-1590770397016.png

can we import duplicate Ccommon name certificate of diffrent vendon?

We already using sectigo cert for gp gateway *.example.com. We have purchased same wildcard certificate from reddit.Sectigo certficate is going to expire before that we want to test GP gateway on new certificate signed by reddit.We will configure GP on our secondary ISP and will create DNS host entry in our machine to test the same. Can we impor...

Deepak_K by L3 Networker
  • 2335 Views
  • 1 replies
  • 0 Likes

Resolved! How to handle outlook repeatedly retrying blocked file downloads

In File Blocking Security Profile, I am blocking encrypted pdfs. Looking at the Data Filtering Logs, every few seconds office365-enterprise-access application is trying to download encrypted pdf and it gets denied. There also is not file name listed, so it's not clear how I can attribute this to a message and delete it. How are other people ha...

Resolved! Issues with https://urlfiltering.paloaltonetworks.com/

Hello Everyone, I am trying to recategorize a website using https://urlfiltering.paloaltonetworks.com/ I selected the correct category in my opinion, gave a quick explanation in the comment and then got the following error message after some processing time: "Your submit has some problems. Please try again!" I tried a couple of different website...

Query on DH group for IPSEC VPN

We are having issue in building an IPSEC tunnel on a Palo firewall. Using ver 9.1.2. Getting below error 'IKE phase-1 negotiation is failed. Couldn't find configuration for IKE phase-1 request for peer IP... The peer IP type is Dynamic with no proxy ID in use. We are using IKEv1, DPD is disabled, NAT-t is enabled, Phase1 & 2 are matching at ...

NSX-T east-west traffic integration sizing question.

Hi,I have a question about using palo alto for east west traffic inspection in an NSX-T environment. There are 2 deployment models in a service cluster and per host model. https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-nsx/set-up-the-vm-series-firewall-on-nsx-t-east-west/supported-deployment...

GOMEZZZ by L2 Linker
  • 3055 Views
  • 1 replies
  • 0 Likes

Palo Alto hardware without license limits

Yes, I already know without license i don't get the following but i want know about like VPN, firewall rules and etc.. limits1. Security profiles (Anti-Virus, Anti-Spyware, URL Filtering, Wildfire) will not work2. Clientless GlobalProtect, HIP will not work3. All the updates will not work (software and dynamic) I know the virtual firewall limits...

Custom BlackList

I have a custom blacklist and when i try to import text files with URL it failanybody know what problem is can be?

Global Protect - Split Tunnel not Disabled

I am having an issue with both windows and Mac clients.I have enabled the no direct access to local subnets option but I am still able to browse to my local router and I am getting reports of users being able to access local printers.currently the access include and exclude networks are blank.The GP solution is on a VM in AWS on FW version 9.0.7...

SebastB1 by L0 Member
  • 3863 Views
  • 3 replies
  • 0 Likes

Resolved! GRE support on PAN?

HiIs it possible to terminate GRE tunnels on PAN device?I'm planning to have multiple IPSec tunnels from all branch offices connecting to PA-2020 firewall, in each of these I would like to have GRE tunnel and then OSPF running, so in short: GRE over IPsec + OSPF. Is it possible? Apparently OSPF over IPSec is supported 'out of the box' on PAN OS,...

  • 24378 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks