This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

Resolved! Marking non voice traffic as EF in PA-220

I have a vpn tunnel & clients on the internal network need to initiate connections to a server on the other side (egress traffic). The max upload speed of the broadband circuit is 5 megs which is always at max utilization. Is there a way to mark traffic that is only best effort DSCP and change the value to EF 46 when crosses the Egress int...

Capture.PNG

Firewall integration with other sandbox.

Colleagues, good afternoon. There was a question about integrating a firewall with third-party sandboxes to send files for review, such as cuckoosandbox or checkpoint, is there such an opportunity and where can I find documentation or information about similar experiences?

ColaNet by L1 Bithead
  • 8499 Views
  • 8 replies
  • 0 Likes

Resolved! Jump in Suspicious HTTP Evasion Found and Suspicious TLS Evasion notifications

Recently I have noticed a jump in detections of Suspicious HTTP Evasion Found and Suspicious TLS Evasion Found going to genuine website such as eBay, Amazon, Apple etc. The firewall is setup as a DNS proxy that forwards on to PiHole and then out to a public DNS and as far as I can see I have nothing setup incorrectly. Does anyone here have any ...

Jrice01 by L1 Bithead
  • 17086 Views
  • 6 replies
  • 0 Likes

Resolved! Geography blocking to China, now need to make exception for a single IP address.

Under Policies we are using deny by region with the country objects listed. One being China. I have a request for some needed technicians to be able to receive traffic now from one specific IP address in China. How does one add a single IP exception in this case to allow the traffic? All my searches for exception keep coming back to Threat proje...

RobYoung by L0 Member
  • 7058 Views
  • 1 replies
  • 0 Likes

Resolved! Expedition Export

We are trying to migrate a Checkpoint firewall. We have Expedition set up and have imported Panorama as our base config. We were able to add the Checkpoint as well and merge the configurations. However, upon export, the process hangs. We have tailed the logs to find an unterminated entity reference and it gives a line number. Are there any ...

Resolved! User-ID Agent on MS Server 2019

Does anyone know if Server 2019 is officially supported, for running the User-ID agent yet? Also, any reason i shouldn't run version 9.0 if my firewalls are 8.0.16? Thanks

Issue with GP VPN

Hello, We have setup GP VPN and it works, VPN client can talk to network.However, if we take initial from internal work to VPN client, it is not working. For example, when VPN enabled, I got an IP: 192.168.246.9, and it can reach server: 192.168.16.31However, if I ping or rdp to 246.9 from 16.31, it doesn’t work. Is this expected?If not, how to ...

Why viruses/spywares passes PA device unblocked?

HelloUntil now I trusted that default configuration for most purposes is OK.Today I discovered that few viruses passes in smtp traffic to my email server. I'm curious why?when in web-broswing traffic the same type of aplication "virus" was denied.My security rule:it using profile "servers". This profile looks like:so it's using antyvirus profile...

_slv_ by L4 Transporter
  • 14262 Views
  • 12 replies
  • 0 Likes

IPv6 over backup interface

I have IPv6 over my backup ISP (dual PA 3020s). I am trying to route all IPv6 traffic over that interface but not having much luck passing any IPv6 through the PA. If I ping6 internal and external hosts from the PA itself it works. If I try to ping/traceroute from behind the PAN at the core or from outside the PAN it doesn't work. I have polici...

drewdown by L4 Transporter
  • 3544 Views
  • 2 replies
  • 0 Likes

Resolved! IPSEC tunnel is up but can not ping through

I have IPSEc ikev1 tunnel with vendor.Phase 1 and 2 are up and green. From PA from my Lan interface when I ping remote lan subnet ping does not work.I see no return traffic from vendor to PA. IS this normal behaviour to have Phase 1 and 2 up but routing does nor work both way?

MP18 by Cyber Elite
  • 12680 Views
  • 2 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks