General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 223 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 902 Views
  • 0 replies
  • 0 Likes

QOS bypass traffic

is there any way to get more info about what kinds of traffic are being classified as "bypass" traffic?

i have not found anything in cli, traffic logs or acc.

wlloyd by L2 Linker
  • 2850 Views
  • 1 replies
  • 0 Likes

Resolved! User ID mapping when switching between wired and wireless

A lot of my users login into their computers using the wired connection. Then when they are off to meetings, they switch to wireless (without logging out and logging back in).  If I turn off client probing, this creates an issue where they switch to

...

MikeC by L3 Networker
  • 5593 Views
  • 4 replies
  • 0 Likes

Resolved! FQDN cache limitations

I wanted to reach out tot he community and see how people are handling FQDN cache limit issues. 

Example:

 

* Internal DNS caches up to 8 IPs for each FQDN

* PAN device will cache up to 10 (source: https://knowledgebase.paloaltonetworks.com/KCSArticleDet

...

hshawn by L4 Transporter
  • 6787 Views
  • 2 replies
  • 1 Likes

Multicast configuration for IPTV

Hi all,

I'm lost configuring my PA-500 for IPTV using multicast.

My provider has a new option for IPTV.

They stated that in order to test the configuration one should try to open:

https://www.fiber7.ch/documents/129/Big_Buck_Bunny_Stream.xspf

 

So fa

...

Resolved! Connecting PA820 to Cisco ASA HA

Hi All,

 

I want to connect PA820 to ASA HA setup. ASA1 and ASA2 need to connect to PA820. Can I use link aggregation on PA820 for this scenario? If one of the ASAs fails will this setup work to pass on the traffic using the other ASA.

 

Thank you.

sajidsil by L0 Member
  • 3331 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect VPN "Always On"

Hello,

 

We are currently migrating from Cisco AnyConnect to a GlobalProtect solution that is hosted on an Azure cloud VM and really like the "Always On" feature. The only set back we have noticed is there is no way to manipulate it to only connect whe

...

file blocking profile but allow some apps

Hi 

 

We have recently enabled file blocking on all our web access rule and it works a treat, but looking at the data filtering logs i can see the likes of Google Chrome being blocked.

 

I have played around creating a seperate rule, that is above the ma

...

CRDF18 by L2 Linker
  • 3430 Views
  • 4 replies
  • 0 Likes

LSVPN Satellite Reconnection Time

Does anyone know how to decrease the time between LSVPN Satellite connection attempts?

 

If one of our satellites drops off (e.g. reboot/power outage/etc), after it comes back up it will take up to an hour to connect to it's nominated Gateway. Also, if

...

EDL- Predefined Paloalto IP Lists do not update

Hi guys,

 

my PA is still with the initial set of roughly 500 IPs in the two predefined IP lists which do not update; it is said those lists are part of the AV signature updates which run well. I also have confirmed with the CLI that its is not a GUI p

...

pan219 by L2 Linker
  • 3040 Views
  • 2 replies
  • 0 Likes

Panorama templates for an Active/Passive setup?

I'm in the process of setting up our new firewalls.  I went ahead and set up management on each of them, got them updated, got them paired up into Active/Passive, and am now following the Palo Alto 8.1 guide to migrate an HA config over to Panorama. 

...

jsalmans by L4 Transporter
  • 3070 Views
  • 2 replies
  • 0 Likes

Resolved! 5250 HSCI port compatibility?

Greetings all,

 

I should be getting our new 5250 firewalls in any day now and I'm trying to get my cable shopping list together so we can start working on our install process.  I noticed the HSCI port for the A/S config uses a 40/100 port and, giving

...

jsalmans by L4 Transporter
  • 3247 Views
  • 1 replies
  • 0 Likes

Behaviour of VPN tunnels in HA pair during the failover

Hi

Can anyone please explain the behaviour of VPN tunnels during the failover on PAN.

Does the ISAKMP and IPSEC SA table gets passed on to the standby unit ?

Does the VPN tunnels will re-estalish the session again  on the new active unit after the failo

...

R_Sharma by L2 Linker
  • 9543 Views
  • 3 replies
  • 0 Likes

Resolved! different wildfire version

Hello,

 

We have a couple of PA3020 but only one of them have different wildfire version as currently installed once we saw failed wirdfire update messages. Is it normal behaivior to have a different wildfire verison instllaed even though it is the sam

...

  • 24018 Posts
  • 115 Subscriptions
Top Liked Authors
Labels