This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4221 Views
  • 0 replies
  • 0 Likes

Security Policy not blocking Facebook

Hello, I am connecting to the VDI as the teststud user and can browse to Facebook. The session is hosted on IPC-VDI-VSH1 as per the screenshot below. I have copied our existing security policy which blocks access to Facebook, Youtube etc. I can see that the traffic is hitting the correct policy, however, I am still able to access Facebook. I ...

Deny traffic.jpg
Security Policy.jpg

Resolved! Connecting to VPN Windows network profile changes to "Domain network" for the phys. network adapter

Just noticed that with Globalprotect 4.1.x the network profile changes to from "Public" or "Private" to "Domain network" for physical network adapter and not just for the VPN adapter while being connected to GlobalProtect service. Also when the VPN session is disconnected the physical adapter profile does not change but instead stays as "Domain ...

NLA-4.0.8.jpg
NLA-4.1.8.jpg
tigeli by L2 Linker
  • 7712 Views
  • 1 replies
  • 0 Likes

Resolved! Disable SSL decryption via CLI - how long

Happy New Year everyone Need to know if i run the below command Disable SSL Decryptionset system setting ssl-decrypt skip-ssl-decrypt yes Will this disable ssl decryption for 1 hour or 1 day need to know for how long?

MP18 by Cyber Elite
  • 3297 Views
  • 2 replies
  • 0 Likes

Cant deny users from using remote desktop on non standard tcp port

I am trying test app id & put a rule in (all the way on top) denying my work station from accessing RDP on machines in other zones. I have successfully blocked users from accessing RDP on standard port 3389 but can still access RDP on a machine that listens for RDP on a non standard port (tcp 51000). I did not specify the non standard port...

rdp.PNG

Minemeld diminishing numbers when passing from miner to processor.

Hello, We are trying to integrate Recorded Future IP risk list with our SIEM to do correlation after that. We have set up correctly the miner, which gives us around 50k indicators. We then proceed to pass it to the processor stdlib.aggregatorIPv4Generic, which just process 20k indicators. Finall we convert it to CEF format with the output cef.t...

Resolved! Mid-January Azure AD IP Update

Can anyone confirm these 2 new ranges will be added to the feeds at the appropriate time? Didn't see any discussion on this. https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Azure-AD-updating-IP-Addresses-in-Mid-January/ba-p/304828

Chad00 by L1 Bithead
  • 3848 Views
  • 1 replies
  • 0 Likes

DHCP - DNS Servers

Hi All, Awhile back I was having an issue using DHCP on our PAN Fws. In the DHCP options, if I set the primary DNS to an internal DNS server and the secondary to a public DNS server, our clients randomly had issues accessing internal resources. I would notice even though they had connectivity to the internal server, it was using the secondary t...

MikeC by L3 Networker
  • 5183 Views
  • 4 replies
  • 0 Likes

Resolved! NAT Issue

Hi Friends,I have 2 server hosted in lan zone and one public ip . i have configure the NAT for 1 server from outside from port 80 and its working fine. but i want access the other server from lan with public ip from port 80 but its not working showing application is undirected. please suggest.RegardsSatish

Satish by L4 Transporter
  • 7954 Views
  • 3 replies
  • 0 Likes

Allow policy for 2 hours per day

Hi It is possible to allow a rule for 2 hours within a possible time windowI would like to allow for exampe youtube for 2 hours per day for our employees . Could i solve this somehow via API ? Regards Markus

Mr.Robot by L0 Member
  • 2934 Views
  • 3 replies
  • 0 Likes

Palo Alto Agentless User-Ip mapping Not Working

Hi Folks, Need urgent help on an issue where " PAN Box Integrated with AD as an LDAP entity for USER-IP Mapping. So when User switches from LAN --> WiFi or WiFi --> LAN different IP Subnet, user-ip mapping don't change instantaneously" because of this user based policy doesn't enforce. Please help.

Resolved! Threat Prevention - IPS features

Hi, Can we enable IPS features on a particular sub-interface/zone in Palo alto so that it gets applied to all traffic that enters through that particular sub-interface? From the little reading which i did, i am seeing it as configuring it in security profiles and applying the profile under individual security policy. I particularly ask for a ...

MGRashmi by L2 Linker
  • 5401 Views
  • 4 replies
  • 0 Likes

Resolved! Scheduled export of csv system log for Global Protect logins

Have been looking around trying to find this and can't find it. I have a filter for system logs to filter all the successfull Global Protect logins for the last calendar week. I have been manually exporting this to a csv but wanted to schedule the process to email the csv out. Is there any way to do this?

Resolved! Aperture working/basic, how aperture policy works

I started with aperture and document mentioned "Aperture compares your user defined aperture policies to the data content and context to calculatre any policy violations" I understoodConext = data exposureContent = Data patterns inside the acutal file As palo alto stores only meta-data, how the policy is checked. Whether policies are sent to the...

Passive device dataplane interface and management interface

Hi Team, Can we ping management IP of the passive device from the any one of the dataplane interface on the passive device. Interfaces on the passive devices are up (showing green) --> passive link state is auto. We have tried pinging the internet interface and it is working fine but internet is not working. We are unable to ping the manageme...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks