This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Packet Flow Sequence and Application Override

Hello everyone,I have a question regarding the "AppID override" ,In this article "https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0" we can read the following:"Special Note about Content and Threat inspectionApplication Override to a custom application will force the firewall to bypass Content and Threat inspectio...

Resolved! TLS 1.3 is Coming - How to deal with it????

My security counter parts came to me letting me know that in Chrome version 70.X+ TLS 1.3 will be turned on by default. This appears to be causing problems in our current firewall deployment: A/P HA-par 5220s running 8.0.10 (soon to be 8.0.12). It looks like Google has released an article describing what's going on: https://www.chromium.org/Hom...

TLS_Error.png
TLS_1.3.PNG

Problems with ping due to SSL decryption

Hellowe have PA 220 modeland when we implement SSL decryption we can observe the ping delay in our trust interface.THE cpu load is 50 %when we turn off the SSL decryption everything is normal

Radmin_85 by L4 Transporter
  • 3172 Views
  • 2 replies
  • 0 Likes

Resolved! Policy Order - How to allow URL categories ahead of an IP Blocklist

We have IP Blocklists before the rules for Web Browsing. However, we need to allow some URLs that would otherwise be blocked in the IP Blocklist (subsites of Weebly, don't get me started). Right now I have a Policy above the blocklist that alertss http/https with Service/URL Category/URL Category set for the Custom URL Category for the exempti...

Resolved! Cannot access PAN Webgui

Hello, Recently we performed a decrypt change to allow website to bypass decryption.Now no user can access the PAN Webgui https.Tried in different browsers and from different machine but no change.Connection to FW via putty session is fine. We have rebooted the device.Kindly advise how to fix this issue.

Webpage.jpg

Issues with the MineMeld Microsoft EDL's

For the last couple of weeks we are running into an interesting issue with our Office365 EDL's. We pull the Office365 API based IP/URL list into Panorama using MineMeld. This process is working perfectly. We have compared the output within MineMeld against the EDL on our firewall and they are identical. For some reason I am seeing multiple c...

Need information on DHCP Relay

Hello. To start I had a DHCP server configured on one of the interfaces on our Palo 810 PanOS 8.1.2. The DHCP addresses being handed out were not being registered with our DNS server so I was tasked to make that happen. I figured I would just set up DHCP relay instead. Unfortunatly I cannot get DHCP relay to work because of some setting on the D...

IPsec tunnels, VPN features & licensing

I have a few PA 200's all with base license ready to install for a multisite company that needs a full mesh all over broadband internet. I am willing to manually configure each IPsec tunnel one by one if that is a free option that does not require additional licensing. Can someone give me advice on the best way to accomplish this setup and what ...

Resolved! XML Config from Panorama managed device, where are the policies?

Hi community, scenario: When provisioning a standalone firewall with panorama and performing a config-sync to a non-panorama-managed passive HA peer, there are not policies etc.After exporting the xml config from the active peer, I noticed, that the xml does not contain any policy rulesets and objects. Now I wonder:What happens if panorama is no...

Chacko42 by L4 Transporter
  • 2646 Views
  • 1 replies
  • 0 Likes

Resolved! Updating MineMeld from 0.9.50 to the latest stable version

Hi guys, I don't know if someone else have experienced that but I'm having some problems to update my standalone MM machine. I use CentOS 7.0 and started to use MM in 0.9.44 version. Following the procedures in https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Stable-MineMeld-version-and-new-Office-365-API/m-p/216203/highlight/true#M222...

Full mesh for multi site over broadband

I have a few PA 200's all with base license ready to install for a multisite company that needs a full mesh all over broadband internet. I am willing to manually configure each IPsec tunnel one by one if that is a good free option that does not require additional licensing. Can someone give me advice on the best way to accomplish this setup and ...

Resolved! Atlassian custom Miner and Feed

I am trying to create a miner/feed for Atlassian IP-Ranges which they publish in a JSON file. I have configured the below and it all looks good and I have Indicators, but when I go to the feed URL it returns a blank page. I created the prototype by using AWS EC2 list which also uses JSON

JDomNY by L1 Bithead
  • 17450 Views
  • 5 replies
  • 1 Likes

Resolved! PA traps certificate expired

Hi, We have ESM Console and server using SSL certificate. This certificate has expired so we lost communication between traps and agents, and we only connect to ESM from the own server.How can i renew the certificate SSL???? Its mandatory to install executable installation traps again? thanks

Disable HTTPS

All: I'm running MM Community edition, and for lab testing I need to disable the HTTPS redirect. I have followed the guide here, but still cannot get the HTTP-only running on the nginx: https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Disable-HTTPS/m-p/120623#M465 Has anyone tried this on newer versions of MM? Specifically, with the p...

KorkLM by L0 Member
  • 4329 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks