This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4236 Views
  • 0 replies
  • 0 Likes

Security Policy Granular to Address Group?

I have a group of computers that I want to apply a different security policy with a different Security Profile to. I have created 2 Security policies.The first policy = Internet Out allow any - Trusted Zone to Untrusted Zone with the default 'basic file blocking' Security profile.The second policy = Internet Out allow any - Trusted Zone with S...

catrock by L2 Linker
  • 3766 Views
  • 4 replies
  • 0 Likes

Resolved! Simple Explination of Share Levels

I have read all the documentation, and have a test environment for MineMeld, but I still cant work out what share levels are being used for.I was of the beleif that it was green=good (i.e. whitelist these) and red=bad (i.e. block these) however this doesnt seem to be the case in most the current prototypes.@lmori Said the following, but I am not...

Aggressive cleaning feature

Hi,I have a doubt regarding the aggressive disk cleaning feature introduced starting in PANOS 8.0.7. Details below.To enable aggressive cleaning:> debug software disk-usage aggressive-cleaning enableTo check if enabled (if enabled, this command will return output with True)> show system state | match aggressive-cleaningBut my doubt is, wha...

SSL_ERROR_NO_CYPHER_OVERLAP

All clients are intermittently seeing "SSL_ERROR_NO_CYPHER_OVERLAP" when browsing secure web pages. This began just about half an hour ago. Any Ideas?

Erro: Threat database Handler failed (Module: device) commit failed

Hi, i have to test the lab in eve-ng with palo alto 7.0.1 image and i can't commit to save the configuration as well as ip-address cannot set into this for management interface. Are we need to set the management ip address same EVE-ng ip address or same prefix range? How can i do the set ip address to reachability to internet? How can i fix thi...

IP error2.JPG
IP error.JPG
commit error.JPG

PA VM Interface Issue

Dear All, I setup test lab with vmware workstation. only ethernet1/1 interface is up. Others are down mode. I have attached screen also . Please advice me. Thanks,Lakshitha.

Resolved! expired dhcp leases PA-3020 8.0.7

Hi all,there is a dhcp server for a network with a lease time of 14 days. When I open the allocation, there are a lot of expired dhcp leases.Doesn't the firewall automatically delete them?

MPI-AE by L4 Transporter
  • 6184 Views
  • 6 replies
  • 0 Likes

Resolved! Terminal Server Agent on Windows Server 2008 R2 (service wont start)

Hi guys, I have installed TSA 7.0.6-4. as administrator on windows server 2008 R2 with remote desktop services installed. The TSA will not start (see screenshot) These are the logs from the TSA file menu. 10/21/16 15:31:02[Info 427]: TSA: Install driver succeeds!10/21/16 15:31:02[Info 519]: TSA: install service succeeds!10/21/16 15:31:02[Info 3...

Screenshot 2016-10-21 15.41.33.png

Where to mine all O365 endpoints?

Hi dear community, I just implemented MineMeld server and configured EDLs and test policies. For the MineMeld I used "o365-api-any-any.txt" from https://paloaltonetworks.app.box.com/s/ywkh7rc2rj0kyl0qetr6m6ag3akxvvx6/folder/51988433336. Does anybody know if it's enough for all O365 endpoints, or I'm missing something? i still see that some endpo...

Resolved! Disk usage for / exceeds limit, 99 percent in use, cleaning filesystem

Hi Guys, We have a setup where our main front end Firewall is a PA2020 with PA200 setup to IPSEC tunnel into it to add remote branches onto our network. All of the PA200's are on 7.0.1 and I have noticed that they all seem to be suffereing from the Disk usage for / exceeds limit, 99 percent in use, cleaning filesystem. The only posts I can see ...

CERTIFICATE VERIFY FAILED

Hello, I created a custom taxii client node type using cabby. But I get an ssl certificate error. I'm behind a proxy. When I run a test py using cabby, everthing works fine. But the node shows error. As you can see, I've set verify_ssl=False. Could anyone help me with this ?? Engine log: (4510)basepoller._polling_loop INFO: Polling swiftClient...

zulaa by L1 Bithead
  • 6210 Views
  • 1 replies
  • 0 Likes

Can a NAT IP be in my DMZ subnet

So I'm working through an IP migration when I thought of this question that I don't know the answer to and can't find an answer to with my Google skills. Is it possible to assign an IP from the DMZ subnet as a destination NAT? For example, if my DMZ were 1.1.1.0/24, could I assign 1.1.1.200 as a dynamic NAT IP for an internal subnet such as 10...

Lcroce by L1 Bithead
  • 4305 Views
  • 5 replies
  • 0 Likes

Resolved! 2 different portal configs on a single GP portal

Hello, I currently have external contractors using on-demand globalprotect to remotely connect into the network. I have a new request to enable handful of internal users to access a specific server on mobile phones remotely.if bought a GP gateway license, how can I make sure external users(Laptops) connect the same way i.e RADIUS( OTP) and new i...

Source User Information from Syslog push to PA

Hi we use Aerohive AP and from there i get syslogs at my Kiwi Syslog Server. Like this one:ah_auth: add new RT sta: MAC=xxxxxxxx, IP=10.100.100.20, hostname=xxxxx, username=xxxxxx on wifi0.7And now i need this information in the PA because there i only see in the traffic monitor the Source IP Adress from the AP and no Source User.How can i confi...

Resolved! NAT order in PA

Hi Experts, Can someone please assist on the NAT order considers in PA firewalls. Is it considered from top-down architecture or Twice NAT (NAT'ing both source and dest) takes precedence over source or dest NAT. ThanksSrinivasan

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks