This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Security Profiles on Deny Rules

What is the best practice for adding security profiles to deny rules? I like to add the URL profile to deny rules so I can see what URLs are being denied. Who else adds security profiles to the deny rules and what benefit do you get? Has anyone had an issue with dataplane resources being consumed by using security profiles in deny rules? -Tha...

Cisco ASA and Palo Alto 820 with multiple Proxy-ID

Trying to replace a site to site VPN Cisco ASA firewall with Palo Alto PA-850. Cisco ASA on this side has multiple ACLs configured which is equivalent to Proxy-IDs. It is configued with IKEv1, policy based, no IKEv2. I do not have access to the firewall on the other side. I have multiple Proxy-IDs configured on the PA and matched with the exi...

Resolved! session_end_reason eq decrypt-error - 8.0.9

Attempting to decrypt inbound ssl traffic to our federation server. I have been unsuccessful and getting decrpyt error. We have been decrpyting other public servers in the same manner with individual certs succesfully for the past couple years. I have confirmed the cert is correct and cyphers are PA supported. Anyone have advice of what I could ...

clewis1 by L3 Networker
  • 25124 Views
  • 14 replies
  • 0 Likes

Firewall Throughput

We have a PA3050 in a very simple setup.1 outside interface and 2 inside interfaces (aggregated). A few times a week our clients complain about performance. During this time the firewall is generating 1Gb throughput (flat-line). However, the throughput on the 3 interfaces combined together wont reach the 500Mbit. Can someone explain what this t...

PA3050-Throughput.PNG
Sjoerd by L2 Linker
  • 4703 Views
  • 2 replies
  • 0 Likes

user-id

Hi Community, I am running PA local user-id agent in PAN os 8.1.3i am facing an issue that my server monitoring is shows as 'not-connected', i am able to test the authentication and proper service account is configured. it was working fine for long time and hope ther was some windows patch in AD server recently.when i capture in AD server, i am ...

Resolved! Server with public IP behind the firewall without Natting

We need to have a 1 server behind the firewall with public ip address.We do not want private ip on the server. Firewall - outside zoneServer is behind the DMZ_Zone. Currently DMZ has sub interface with private ip address so when traffic comes from internet it will hit he firewall and hit should redirect that to DMZ zone where server has public...

MP18 by Cyber Elite
  • 9037 Views
  • 3 replies
  • 0 Likes

Resolved! Panorama 8.1 in VM question

Hi I was just checking out my VMWare vm setup for my Panorama VM. and it has 2 interfaces on it. how does that match up to the setup interfaces page so 1 is management and 1 is eth1 ? how can i tell and why have 2 ?

Resolved! GlobalProtect Client Profile Question

As the title my question in my mind is relatively straight forward.. when a globalprotect client sucesffuly makes a vpn connection... is there any local profile settings saved to a file on the pc / mac? If so, where are these logs saved / folder path? On Macos...On Windows...

carterg by L2 Linker
  • 4184 Views
  • 1 replies
  • 0 Likes

Can we export Security Policies and Service Objects to from Firewall to Panorama?

Hi All, I have configured some security policies and service objects on my lab environment which consists of VM-100 Firewall for ESXi running PAN OS 8.1.0. Can I export my settings to production environment which consists of 8 ESXi hosts, Panorama and VM-500 for NSX per host. Would I be able to export securuty policies from VM-100 for ESXi to Pa...

Universal policy Implicit Deny blocking Intrazone Traffic

Hi All, I configured the implicit deny (Universal Policy) policy at the bottom of security policies but after that, I could see that some of the Intrazone access got denied by the implicitly deny policy. How we can achieve the Implicit deny policy without affecting the intrazone connections ?? Thanks in Advance...

gpsriram by L0 Member
  • 3072 Views
  • 2 replies
  • 0 Likes

Do not see deny in traffic logs for traffic to internal server accessible via Public IP

We have server reachable via Public IP say on port 13001 and 13002 We have Security rule Source any Zone outside Destination 173.82.x.x IP of server Zone inside port 13001 Here i have not included the port 13002. I have correct NAT policy for this. When i see traffic logs i see Source any destination server public ip address port 13002 a...

MP18 by Cyber Elite
  • 3136 Views
  • 3 replies
  • 0 Likes

Migrating multiple HA pairs to Panorama

Hello, We need to migrate multiple firewall clusters to Panorama. I read the guides but there are still some questions about objects and IP addresses, certificates, etc... Once I have migrated one cluster, what about the other ones if they have some objects with the same IP addresses (local networks, DMZ, etc..). Will they be imported ? Do I nee...

Hurtolak by L0 Member
  • 2096 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks