This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

BGP - TCP/179

Hello Folks, I have a simple BGP question. I'm going to be creating a BGP peer between a Palo Alto firewall and a Cisco router. Do I need to create a security policy allowing TCP/179 between my Palo Alto firewall and the router. They are directly connected. I cant find any examples of that.... so hopeing some can advise.thank you.

Jedi_D by L2 Linker
  • 3583 Views
  • 1 replies
  • 0 Likes

Resolved! NAT - with URL for NAT policy

Hello Folks, I need some advice .... I want to create a NAT rule to allow traffic to NOT be NATTED if it is going to a particular website. e.g. if going to www.paloaltonetworks.com then dont NAT. Is it possible to use URL objects for in a NAT policy?? Please could someone suggest how this can be done, or send me some useful links for doing this...

Jedi_D by L2 Linker
  • 7214 Views
  • 6 replies
  • 0 Likes

Resolved! Proxy ID for IPSEC traffic going to Internet

We have IPSEC tunnel working fine with vendor device. Vendor Lan subnet is 192.168.80.xOur lan subnet is 10.10.x.x Proxy ID on PA is Local Remote 10.10.x.x 192.168.80.x Also Vendor has another Lan subnet 192.168.81.x that need to talk to internet IP say 23.x.x.xThis traffic need...

MP18 by Cyber Elite
  • 8999 Views
  • 8 replies
  • 0 Likes

Dual ISP with RIP

Dear Friends ! i am running RIP in entire Network with Dual ISPthe problem is that when 1 network part want to communicates with other part PBR just forward thier packets to Internethow can i solved this issue to prefere routing table first and forward the packet to internet then

Resolved! application any and service application default in policy

I have a Internet policy that permits application "any" with service "application-default". I just discovered that we can no longer use Ookla Speedtest since turning on the "application-default" service. Has anyone else experienced this and could you share how you resolved it? Thanks.

Trying to setup a virtual lab using VMWare Workstation

I am taking some Palo Alto Firewall training from CBTNuggets, in prepartion for the ACE Exam, I don't have enough spare equipment to setup a live lab, so I am trying to setup a virtual lab like they show in the CBTNuggets training. One of the steps they sugget using VMWare Workstation, which I have downloaded. There is a step tp use a PA-VM-ES...

TCGuy by L0 Member
  • 6297 Views
  • 4 replies
  • 0 Likes

URL Redirect

Hi, is it possible to redirect f.e. www.bing.com to www.google.com via Palo Alto. If yes, how can i do that? Thx

Resolved! Marking non voice traffic as EF in PA-220

I have a vpn tunnel & clients on the internal network need to initiate connections to a server on the other side (egress traffic). The max upload speed of the broadband circuit is 5 megs which is always at max utilization. Is there a way to mark traffic that is only best effort DSCP and change the value to EF 46 when crosses the Egress int...

Capture.PNG

Firewall integration with other sandbox.

Colleagues, good afternoon. There was a question about integrating a firewall with third-party sandboxes to send files for review, such as cuckoosandbox or checkpoint, is there such an opportunity and where can I find documentation or information about similar experiences?

ColaNet by L1 Bithead
  • 8386 Views
  • 8 replies
  • 0 Likes

Resolved! Jump in Suspicious HTTP Evasion Found and Suspicious TLS Evasion notifications

Recently I have noticed a jump in detections of Suspicious HTTP Evasion Found and Suspicious TLS Evasion Found going to genuine website such as eBay, Amazon, Apple etc. The firewall is setup as a DNS proxy that forwards on to PiHole and then out to a public DNS and as far as I can see I have nothing setup incorrectly. Does anyone here have any ...

Jrice01 by L1 Bithead
  • 17008 Views
  • 6 replies
  • 0 Likes

Resolved! Geography blocking to China, now need to make exception for a single IP address.

Under Policies we are using deny by region with the country objects listed. One being China. I have a request for some needed technicians to be able to receive traffic now from one specific IP address in China. How does one add a single IP exception in this case to allow the traffic? All my searches for exception keep coming back to Threat proje...

RobYoung by L0 Member
  • 6946 Views
  • 1 replies
  • 0 Likes

Resolved! Expedition Export

We are trying to migrate a Checkpoint firewall. We have Expedition set up and have imported Panorama as our base config. We were able to add the Checkpoint as well and merge the configurations. However, upon export, the process hangs. We have tailed the logs to find an unterminated entity reference and it gives a line number. Are there any ...

Resolved! User-ID Agent on MS Server 2019

Does anyone know if Server 2019 is officially supported, for running the User-ID agent yet? Also, any reason i shouldn't run version 9.0 if my firewalls are 8.0.16? Thanks

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks