This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4473 Views
  • 0 replies
  • 0 Likes

Global Protect Client 5.0 for Windows and Mac

I'm looking at the release notes for the Global Protect client for Windows and Macs, now at 5.0.1 Am I missing something ?What is the reason for the 5.0 client?I don't see that there are any new features, or changes in behavior. Or is it simply that 4.1 is at the end of maint ? Greg

gefuchs by L1 Bithead
  • 2253 Views
  • 1 replies
  • 0 Likes

Limit download file size with specific response message

Hello Guys, I succeed limit the download file size with the following KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhHCAS However currently the user is alerted with the antvirus response page. Is there a way to provide him a specific response message and not apply the antivirus one? Thanks. Best regards

kasito by L1 Bithead
  • 4991 Views
  • 2 replies
  • 0 Likes

Resolved! Receive ping count 0

I've allowed ping traffic from an external source to the outside interface IP.When they try to ping the firewall, I see allow traffic on the correct rule, but it only shows a send count >0 and the receive count remains 0. Also they report they do not receive the responses.How is this explained?I would expect to see a receive count to be at le...

CHKlomp by L2 Linker
  • 5684 Views
  • 5 replies
  • 0 Likes

IKEv2 Mobility and Multi-homing Protocol (RFC4555) Support

Did a quick search on this but couldn't find anything on this topic. Do any of the PAN firewalls support IKEv2 Mobility and Multi-homing Protocol (MOBIKE), specifcally RFC4555? I noticed that Cisco ASR5500 platform has support for this, so I'm curious if the PANs support this RFC. If not, are there any plans to do so?

Resolved! Global Protect Gateway communication

Does anyone have insights into how often the client will talk to the gateway if used only for user-id and not utilizing a tunnel? I know you can set the portal refresh time, but how often does the client actually talk to the gateway after grabbing credentials of the current user when logged in? I ask, because we are testing some 3rd party VPN ...

Sec101 by L4 Transporter
  • 3355 Views
  • 1 replies
  • 0 Likes

Redistribution Profiles - Source Types

Hi. I need to redistrubute some routes (loopbacks, and statics) into BGP. Are their any advantages to having the source type as static vs connected under Virtual Router - Redistrubtion Profile - then go into Redistrubution Profile - Source Type. Thanks.

Resolved! Minemeld install errors on ubuntu server 16.04 LTS (amd64 bit)

Installed minemeld on Ubuntu 16.04 LTS (AMD64bit) following https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-16-04/ta-p/253336 Minemeld failed to start with exit code 203. Following command showing issues with the package. @lmori : please check below output. administrator@ubuntu:~$ sudo /u...

Eshrak by L1 Bithead
  • 10453 Views
  • 2 replies
  • 0 Likes

Resolved! Query on Brute Force Attack

Hello, Is it possible for the PaloAlto FireWall to stop brute force attacks for inbound SSL sessions without the inbound server certificate being installed on the PaloAlto? Is there any KB for this?

Resolved! Proxy IDs and routing

When having Site-to-Site VPN with Proxy IDs, do we still need to configure static route with next-hop the VPN tunnel interface or will traffic matching the proxy IDs be sent over the tunnel regardless of static routes?

BatD by L4 Transporter
  • 5347 Views
  • 2 replies
  • 0 Likes

EDL file problem

Hello - I have created an EDL in PANOS 8.0.0 using a feed from Minemeld 0.9.40, when I commit I receive the following message: EDL(vsys1/Skype-IPv4 ip) Downloaded file is not a text file. Does anyone know how to correct the error ? Thanks

paul_w by L2 Linker
  • 24256 Views
  • 19 replies
  • 0 Likes

Resolved! Test Global Protect before deployment

We are currently running Global Protect 3.1.6 on PAN-OS 7.1.14 (we're a little behind) and I am wondering if it possible to test a newer version of GP before deploying company-wide. I am new to the company and there is some concern that has lingered from upgrades that were performed in the past regarding conflicts with existing software running...

SSL Decryption - Without URL filtering license

Hello I plan to put in place a SSL decryption rule to decrypt ssl traffic (SSL forward proxy). But I don't want decrypt traffic for several categories of website such as financial (bank website). I haven't the URL filtering license. I create a first rule "Do not decrypt" where I specify "Financial-services" in the URL category but when I test an...

Skip Proxy path for specific URL

Hi Friends, I am using PA500 firewall and access internet using websense proxy server. There is some URL are frequently block in websense server even they are allowed in websense security server. My question is how can I confiugerd policy in firewall so some URLS are skip webproxy path and use direct internet path ?. Kindly help. Reagrds,Pradeep

URL Category in Security Policy only for http?

We unfortunately use a smtp server with fqdn. (cannot use fqdn object for certain reasons)And we implemented a security policy with the url category in the "Service/URL Category" section of the security policy.In the security policy, the application allowed is smtp and port allowed is 25.When we test, the connection does not match this rule at a...

  • 24380 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks