General Topics

Tunnel Interface IP Address Requirement

Hi everyone!

I am a new learner for Palo Alto 

 I want my Remote Network to reach my HQ Network via GP.

I am kind of confused whether when I am going to use IP Address to my tunnel interfaces, either on IPSEC site to site or Globalprotect depl

FW specific rules from the Panorama shared policy

Hi All,

Using Panorama (10.1.x) with a number of managed FWs
we have a shared pre policy, parent pre policy and child policies with pre rules configured within.

goal - in event of a security incident on a branch location we want to have a pre-defined

Replacing the FW serial number in Panorama with a new one

Hi,

What is a reliable way to replace the FW serial number in Panorama?

We had a problem uploading a new license because the FW serial number did not match. Palo Alto TAC solved the problem, but the serial numbers changed, which caused the FW to

root partition available space reducing

I have a VM-500 ,PANOS-10.2.8-h3.root available space is decreasing and is now only 3%.

I usually run below commands which sometimes can get me 1 or 2%. I have aggressive cleaning at 90% enabled. Why is creeping to 97% even with aggressive cleaning e

App-ID 'hotmail' false positive?

Hello,

after our recent newsletter distribution, we now see lots of blocked App-ID 'hotmail' in traffic directed to our web servers. Those are requests to HTML resources (images) just referred to from Hotmail website, most likely Hotmail users reading

AOL Mail

Hello,

Has anyone been experiencing any issues with using AOL Mail through a PAN device since last week? I'm assuming AOL changed the behavior of their webmail site and now sections of the portal are not available - such as the inbox.  Errors also pop

SYSLOG Issue after upgrade

Hi Team,

I just upgraded my PaloAlto to 11.1.3. after upgrade we faced issue that syslog receied delay log. 

"debug log-receiver statistics"

Logging statistics
------------------------------ -----------
Log incoming rate: 448/sec
Log written rate:

What encryption is my SSL connection using?

We're on 9.0.9 and want to turn on the feature allowing users to connect to GlobalProtect using SSL if there is a need.

Is there anywhere in the Monitor tab you can look to find what encryption is used for a particular users connection?

I read this w

What's the difference between custom URL filtering in security policy and in URL filtering Security Profile?

Hello, Guys, I have one question.

First below is the packet flow from "Packet Flow.pdf" document. According to this document ...

In the red square, before PA make session table, it checks packet's ip and port (like the legacy L4 firewall), and then aft

FQDN security policy

Our internal servers connects to a server on internet . There are existing FQDN based security policies. The destination FQDN resolves into multiple ip addresses . I am seeing few allows and denies for that particular destination URL on paloalto traf

DHCP Lease Issue

• Device details:
• • Model - PA 3020
  • Software version - PAN OS – 8.1.3

• Problem Description:
• • Please be informed that we are frequently encounter DHCP lease full (100%), and it cause interruption for our users at region side.
  • Customer side have two vlan for

"Device > Server Profiles > HTTP" gives error: Connection to: https://b76093c3662d5b4f.hook.limacharlie.io:443 failed: Couldn't resolve host name

Hi Palo Alto guys,

I want to send traffic using HTTPS to LimaCharlie. 

I want to start by saying that I managed to get it working using CURL with the following command:

7.1 Dataplane CPU Utilization

I'm curious how many people out there have had high dataplane CPU utilization ever since updating to 7.1?  We updated to 7.1 so that we could decrypt additional ciphers and ever since updating we've had abnormally high dataplane CPU utilization which