This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Resolved! Dual Firewall pair-True DMZ design

Hello All, I am looking for any helpful suggestions,recommendations,critics etc for my new firewall design implementation project.currently, we have a pair of 5020s facing the internet and having DMZs,Internet and Internal networks on them. My management would like me to implement a "True DMZ" with new 5220s for greater ssl decryption capabiliti...

Resolved! Two question HA

Good Morning I have two questions regarding the HA Fault conditions When I configure Link Monitoring and Path Monitoring in the Active Firewall Should I also configure these conditions in the same way in the passive Firewall? The "Heartbeats Backup" option must be enabled even if we do not have a backup link configured? Thank you! Regards!

Resolved! O365 URL rewrite

I'm using minemeld to pull the O365 urls into my PAN. I get a list that has entries like*.domain.comsub.domain1.com I need to import those entries and rewrite them so they look like*.domain.com/domain.com/*.sub.domain1.com/sub.domain1.com/ Any pointers would be appreciated.

ckemp by L2 Linker
  • 17347 Views
  • 25 replies
  • 0 Likes

Resolved! Dropbox Client not working

I have a policy rule to allow dropbox. I am performing SSL Decryption. The users are using the dropbox client (not web). I came across this article that mentions this will not work when decrpytion is on https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGaCAK Anyone have recommendations on how to exclude the dropbox cl...

MikeC by L3 Networker
  • 3966 Views
  • 1 replies
  • 0 Likes

Resolved! URL Filter Test A Site page is broken

For about the last week https://urlfiltering.paloaltonetworks.com/ has been broken in way that makes it impossible to submit reclassification requests. I have several sites that I'd like to reclassify, but I have been unable to do so.When will this be resolved? One of the issues is that a JavaScript is being loaded over plain http, so at least t...

arvesynd by L3 Networker
  • 5658 Views
  • 3 replies
  • 0 Likes

PCAP with only source IP Filter and Global counters

Hi Everyone, For certian cloud apps we do not know specific destination IP as users have given is list of urls and multiple subnets.My question is if we do PCAP with only source IP as filter and then do the PCAP and check the global counters for error ordrops will we see right matched traffic as dropped in global counters? or To see right drops ...

MP18 by Cyber Elite
  • 2093 Views
  • 1 replies
  • 0 Likes

expired or resetted password issue with GlobalProtect Agent 4.1.6

An expired password change or a resetted password cannot be changed when using the Global Protect credential provider and PAN agent 4.1.6I re-installed PAN agent 4.1.2 and tested this to verify if it was PAN agent related because this issue was a new feature introduced in PAN agent 4.1.PAN agent 4.1.2 doens't have this issue https://www.paloalto...

GP login expired 2.jpg
GP login expired 1.jpg
DaxVC by L2 Linker
  • 6373 Views
  • 5 replies
  • 0 Likes

Resolved! App-ID Issues with Dropbox traffic

Hello, We've got QoS setup on a PA-220 that classes any traffic marked with the dropbox App-ID. This class is then restricted to 2mbps. However we find that not all traffic generated by the Dropbox Sync client is marked as dropbox. Sometimes it's just ssl, sometimes its unknown-udp. Essentially we just want to restrict any Dropbox traffic to 2mb...

Unable to get multiple global protect working.

PA3020 ,8.0.12.I have working GP with a public ip.I am trying to setup 2nd GP with 2nd public ip.This 2nd ip is used as destination nat for rdp as well.When I configure the loopback interface with 2nd ip and use it in portal and gateway ,rdp gets broken.

How will threat functionality work with asymmetric routing

Posted this on threat discussions but havent had any responses. Please help me understand what will happen in this case. I would like to understand what will happen to Threat Protection and AntiVirus(TPAV) in the following case. Both firewalls have "allow" non-syn-tcp turned on. Each firewall is only seeing half of the session and has no idea a...

question.PNG
SuryaR by L3 Networker
  • 2530 Views
  • 1 replies
  • 0 Likes

Seeson end reason aged out

HI friends, We have created interzone rule looks like below <entry name="Rule1> <profile-setting> <profiles> <url-filtering> <member>default</member> </url-filtering> <virus> <member>default</member> </virus> <spyware> <member>Sinkhole</member> </spyware&g...

Rule base management best practices

Hi Everyone, I'm new to the Palo Alto firewall system. My experience is with Checkpoint firewalls. I've been asked by management to look into the best practices for rule base management. Currently we go through the rule and look at every rule and try to determine if it's still valed. We then disable the rule for 30 days and then delete the rule ...

Log retention in firewalls and panorama

Hi, I have the following question related to log management: why PAN-70X0 can't send event logs to Panorama ?are the event logs stored in compressed format ? If so, what is the compression ratio ? Regards Mario

Resolved! Panorama failover and connection to Firewall

We have M100 in active and PAssive mode.Did failover where active was suspended and passive M100 became active Check the firewall it still shows connected to Suspended PAnorama and it is active one from FW point of view?is this by design?

MP18 by Cyber Elite
  • 4149 Views
  • 6 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks