General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 14541 Views
  • 1 replies
  • 4 Likes

Resolved! Method Upgrade PanOS and impact upgrade

Dear All

 

 

I want to know, method upgrade and impact if we are wrong away.

 

In guide PA :

 

Determine the upgrade path.

You cannot skip installation of any major releases in the path to your target PAN-OS version. Therefore, if you intend to upgrade to a

...

java exe Download being blocked

Hi

 

Turned on protection on one of my links and now it seems like  jdk-8u131-windows-x64.exe  is being blocked 

 

I can see this on monitor / data filtering 

 

category = computer and internet  info 

name Mictosoft PE

ID 52060 

 

I'm lost how I put in an exce

...

WIldFire status: Disabled due to configuration

Hi PA community,

 

We have two 5060 appliances in active-passive HA mode.

We also have WF-500 as private cloud and "Cloudwildfire.paloaltonetworks.com" as public cloud.

 

We have a problem in one of the appliances (Whether she is active or passive):

test w...

Erez by L1 Bithead
  • 3375 Views
  • 9 replies
  • 0 Likes

Best way to add application

Hi

 

I want to give my users access to bitbucket via ssh.

 

This is provided on port 7999.

 

So 2 ways I think i can do this.

 

create a service TCP-7999 Bitbucket

add policy with application ssh and service TCP-7999

 

or

 

I can create a custom applicaiton on po

...

Ideas for new and/or updated KB articles

With the ever-growing plethora of features in Palo Alto Networks firewalls and Panorama, keeping up with the knowledge is vital. In the world of Network Security, there is very little room for the 'unaware' and 'unprepared'. At LIVE community, we are

...

ansharma by L4 Transporter
  • 3936 Views
  • 8 replies
  • 2 Likes

URL filtering - no response page appears with https site

Hi,

 

On my PA-200, I use URL filtering to block the access to some http and https site. For https sessions, the response page is serving without SSL decryption. I use this command:

 

set deviceconfig settings ssl-decrypt url-proxy yes

 

I use also a inter

...

sam76 by L0 Member
  • 1915 Views
  • 2 replies
  • 0 Likes

Wildfire scheduled updates through Panorama

Is there any way to schedule Wildfire updates to kick off only a couple of times a day? I know we can do every minute, 15, 30, etc. Due to the connections and the environment I have 1500 firewalls I need to schedule the push to only be twice a day. I

...

JeffTQT by L2 Linker
  • 1262 Views
  • 1 replies
  • 0 Likes

Limting Globalprotect client access via IP address

Is there a way to allow specific GlobalProtect users to only connect from specific public IP addresses?  For example say I only wanted to allow user1 to connect from IP address 1.1.1.1, and if user1 connects from any other public IP address, or if us

...

Resolved! Newbie question on polices

Hi

 

Got to test pa-3060's got them setup in HA active active mode.

 

I have a LACP trunk setup with 2 vlans of it.

 

vlan 213 - zone trusted

vlan 215 - zone dev

i have ospf and ip addresses assigned and working on the 213 side of things. so I can ping it fr

...

Resolved! OSPF LSA Threshold: Security Finding

Wondering if there's a way to configure a threshold for OSPF LSA updates/messages?
Or if such a threshold is already in place by default on Palo Alto firewalls.  

Something that can maybe drop anything more than say 7 LSA messages in 5 minutes.
Apparent

...

How to get a historical graph of Qos Statistics

I have PAN 8.0.2 and  I would like to get a historical graph  of  the  diferents class in the interfaces  where I have applied QoS .

 

I do not if  I can  do that  with  PA3020 o I need  a syslog server to do it. 

 

what do you suggest me ?

QoS.JPG

Resolved! Exposing Videoconference - "Incomplete" traffic allowed

Hi all

I have tried to expose Videoconference system behind Palo Alto.
Unfortunately using App ID in security policy I have seen Palo Alto allows a lot of "incomplete" traffic.

That's really an issue: When enabling h.323 in security Policy App id engine...

BFD Dropping During Firewall Failover

Having an issue with BFD. I have BFD configured between the Palo Alto and a couple of routers (BFD Single Hop). When a firewall failover occurs, this causes the BFD peering to drop and come back. I would not anticipate this to happen. This causes a u

...

Palo Alto Participation in Spanning Tree Protocol

Putting it out there for votes:

Among other benefits, one of the big items we would like to see in a FR is the ability for PAN to participate in STP

For a layer 2 deployment the only option we have for HA state is "shut-down" on the passive. The issue

...

Resolved! Management Interface traffic logs

Hi guys,

Is there a way to see traffic logs of management traffic? I'm trying to troubleshoot user-id redistribution source from the management interface.

Thanks

NetWorkZeus

Top Liked Authors