This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4108 Views
  • 0 replies
  • 0 Likes

Is the PA-3020 adequate for SSL Decryption (and other features)?

My company has 2 PA-3020 firewalls in Active/Passive configuration. They were purchased way before I started working here, so I had no input on the model that was selected. We have about 500 users in our network, and about 800 devices. In our environment, these firewalls sit at the perimeter edge, and there are no internal firewalls (for network...

Fr4nk4 by L2 Linker
  • 7408 Views
  • 5 replies
  • 0 Likes

Resolved! Custom Prototype for 'basic' weblist mining

Hi, I'm trying to create a new custom prototype to ingest a list of URL's that is hosted on a simple webserver. badman.one/1/2/3 badman.two/ badman.three/2/3/4/5.exe The list is published as above, and it works perfectly when I use as an EDL source, but I cannot ingest into MineMeld (as I want to mux it with my other lists to reduce overlap ...

apackard by L4 Transporter
  • 4300 Views
  • 2 replies
  • 0 Likes

Resolved! Site to Site tunnel

Hello I have a question about the configuration of the ipsec tunnel, in the article when the tunnel interface is created "Optional) If you want to assign an IPv4 address to the tunnel interface, select the IPv4 tab, and Add the IP address and network mask, for example 10.31.32.1/32." That "Optional" address, what should it be? from my network...

Resolved! WildFire phishing emails allowed instead of blocked?

Hello Everyone, I note that when I view the Monitor -> Wildfire Submissions activity on my Palo Alto PA-3020 8.1.6, all the detections with a verdict of "phishing" with a Severity of "high" are allowed. However, the other verdict I can see, which is "malicious" with a severity of "Informational" is successfully blocked. Is this the behaviour...

Resolved! troubleshooting SSL decryption

We've been using SSL decryption for a while now.Where for the most websites, this is not an issue, once in a while a user complains that certain https website doesn't load at all. Browser just keeps loading indefinitely.We can't find a reason in the logs, traffic is allowed, not blocked, decrypted flag is checked in the log detail.For now our wo...

dieter_b by L4 Transporter
  • 14465 Views
  • 7 replies
  • 0 Likes

Minemeld - New Install - Advice

Hi Mindmeld Community I wonder if you could kindly offer some 1st steps advice ? Can anyone offer any tips and quick hits I can setup to show Managment it working, Id like to show them that the threat intel we can pull down is actually being used to make changes. Many Thanks

DewarD by L0 Member
  • 3722 Views
  • 1 replies
  • 0 Likes

Resolved! PAN-OS 9.0 -go live?

Hiho, has anyone 9.0 already on production units?I´d like to have your feedback regarding the release.Wait for first hotfixes / minor patches or go productive? Greetings

FQDN refresh failed

We have 4 PaloAlto clusters and a FQDN refresh works on 3 of the clusters but not the 4th. All objects are shared on the 4 clusters. I have tried: Scheduled refresh of FQDN failsManual refresh of FQDN failsChanged the FQDN refresh time.I can ping the DNS server from the Management Interface.If i ping a DNS it resolves.If I create a FQDN object i...

Resolved! The Rule is allowed but hit policy-deny?

Hi,Recentely the firewall upgraded from 6.1.5 to 8.1.6 but after upgrading there is something strange, there is a allowed rule but in monitor tab it hit deny, i tried to move it to top but still the same issue ( Session End Reason: policy-deny ). Any help will be highly appricated Thanks

DPWorld by L1 Bithead
  • 14039 Views
  • 4 replies
  • 0 Likes

Resolved! ssl decrypt exempt and C2C

we need to do do ssl decrypt exempt for number of domains.this we are doing as per vendor requirement so that application can run without ssl decrypt 1>Need to know if traffic is not decrypted and end user pc gets infectedcan c2c in url filtering profile can block this traffic?we have action of c2c as block right now. 2>if for example the...

MP18 by Cyber Elite
  • 5549 Views
  • 5 replies
  • 0 Likes

Default superuser CLI access via TACACS authentication

Have auth profile setup to use a TACACS server. VSA is passing "superuser" as the admin profile, but it is not giving me access to the CLI as superuser, only GUI. I know I could create another admin profile and grant access that way, but it locks out Admins and Admin Roles from the GUI. Is there anyway to use external auth and get superuser o...

cdwing by L1 Bithead
  • 4486 Views
  • 3 replies
  • 0 Likes

Resolved! PAN-OS Version Numbering

I saw a strange PAN-OS version on the support site software updates and wanted to know what this version is. What does the "h2" designation mean? 8.1.6-h2

New to Palo Alto from Juniper SSG

I was wondering if someone could enlighten me on how to replicate the Mapped IP functionality from Juniper SSG to Palo Alto.We have a number of services on our current Juniper SSG. The way we firewall these services is using MIP's on the Untrust Zone then the traffic passing from Untrust to Trust using standard juniper policies. I was playing ...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks