This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4230 Views
  • 0 replies
  • 0 Likes

Overlap-Zone difference Vsys

HI Expert , I would like to know that it can be possible about overlap zone name but difference Vsys such as I would to defind name Zone "Trust" on vsys1 and would to zone name "Trust" on vsys2 as well Please suggest to me Thank you

Resolved! Alert When Accessing Application

Good morning! I'm trying to figure out if it's possible to throw an "alert" log entry when a specific application is accessed. I know it can be done with categories, but I'd like to do the same with specific applications. I can always filter my Traffic Monitor for that application, but sometimes it's much more convenient to set the "alert" statu...

GCSS-RT by L2 Linker
  • 4200 Views
  • 4 replies
  • 0 Likes

Resolved! cloud based proxy via IPSEC vpn and the way DPD is implemented on palo alto

Hello.so I've got a curious little problem and wanted to get some opinions before possibly creating a feature request at PA. we have a customer using a palo alto as his main firewall.and a certain cloud based proxy as their proxy.connecting to this proxy is done via IPSEC vpn tunnel.our customer noted that sometimes they lose connectivity to the...

Do you need Windows Server 2019 support for User-ID?

If you think you will need Windows Server 2019 support for User-ID, ask your PA rep to vote for feature request ID# 11012! We just upgraded all of our domain controllers organization-wide to Server 2019 only to find out that User-ID does not work with Server 2019 DCs. Now we must replace all of the DCs yet again with Server 2016 DCs in order to ...

GabeC by L1 Bithead
  • 11124 Views
  • 10 replies
  • 1 Likes

Best Practice: Allowing a known application together with a custom service.

Let's say we have 2 zones seperated by our PA firewall, Zone A and Zone B. Traffic between Zone A and Zone B is only allowed for some applications/services from dedicated devices in Zone A to dedicated devices in Zone B. We have a custom Service which uses TCP port 7777 named CustomService1. Device 1 in Zone A needs to access Device 2 in Zone B ...

Import LDAP Groups

All, I am trying to import my LDAP groups, but don't want all of them. I have too many groups to put them in the Include list. I also have a large number of local.admin and Folder Access security groups. SInce I can't filter by OU, how can I filter using negate and wildcards for the security groups I don't want? I am trying to use something l...

Zone protection - Show hops between source & dst.

Hello, I want to see the hops between the source and destination when I do tracert from my PC to an IP.The tracert is shown as completed. I followed the following kb but didn't work: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfsCAC I disable Zone protection from the Zone initiating the conection(Trust) a few mi...

2019-05-16 16_31_47-C__Windows_system32_cmd.exe.png
upatino by L1 Bithead
  • 3081 Views
  • 1 replies
  • 0 Likes

Traffic is not getting Natted DIPP

We have Single Outbound PAT configured for internet traffic for all internal users.So all users traffic use the same Outbound PAt while going to internet but one traffic is not getting natted with this NAT policy There is no PBF configured, its simple NAT (Outbound PAT DIPP), Security Policy (From trust to untrust).PAN-OS 8.1.6 h2Request to fine...

Automatic email alerts: Sinkhole and security policies

Hi Community, This query is for PAN-OS v8.1.X I am trying to generate an email alert when the firewall sees an (action eq sinkhole) event or when the security policy created to sinkhole an infected host is used. Email Profile(s) have already configured and so has Sinkhole. What is the best way to configure both, the email alert for the (action e...

ash83 by L2 Linker
  • 4396 Views
  • 1 replies
  • 0 Likes

Custom URL category enforcement in URL column

I'm seeing some different behavior from our firewall on 8.0 code. I've got a few rules setup wtih both security URL profiles, and the URL category column. I've got a few custom URL categories made that match certain traffic. What I'm finding is that the second I include a category in the URL column, even if my URL profile has the custom categ...

Sec101 by L4 Transporter
  • 4634 Views
  • 5 replies
  • 0 Likes

Resolved! Server Monitoring Not Connected

Hello, Microsoft AD under Server Monitoring is showing as 'not connected.'We would like to use the PAN-OS Integrated User-ID AgentOutput from debug commands show UserID Debug Log is enabled but nothing is logging. Anyone encountered similar issue?

Resolved! Multiple malicious scans from the same source address - can I block IP automatically

Occasionally, I notice that the firewall has been blocking tens or even hundreds of attempts from a single source address for multiple threats. In a case like this, it seems obvious, for someone looking at the logs, that that source IP should have been temporarily blocked and possibly banned, but that does not happen automatically. We do have...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks