This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4468 Views
  • 0 replies
  • 0 Likes

Block page when searching google with safesearch enabled

Hello, We've recently enabled safe search on our PA-3020 and noticed that whenever you do your first google search while on google.com a quick block page pops up and almost immediately goes away. Is this to be expected behavior when safe search is enabled? Thanks

Resolved! 8.1.4 & TLS 1.3?

This link (https://www.ietf.org/mail-archive/web/tls/current/msg27066.html) says that PAN-OS 8.1.4, PAN-OS 8.0.14, and PAN-OS 7.1.21 will fix a TLS issue. I don't see any mention of this in the 8.1.4 addressed issues page though. Do we know this is fixed for sure?

Question about Scheduled Device Config export of Azure FW from Panorama - 01005602

Hello, Scheduled Device Config export is only exporting local running config from the managed devices(same as export config snapshot done from device) and not panorama pushed policies,objects and network templates. While this may appear as an expected behavior per below docs* https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface...

cguceyu by L1 Bithead
  • 2328 Views
  • 1 replies
  • 0 Likes

Resolved! Dual ISP VPN failover with static route path monitor

Now that we have newer features like static route path-monitoring, is there a new recommended configuration for Dual ISP with VPN failover? I'm thinking SiteA (Dual ISP) to SiteB (Dual ISP) with IPsec VPN both using a single VR. I assume it will be one static default route with path-monitoring to fail over to the other ISP default route. Then ...

Palo Alto Mgmt Port Issue

Dear Friends, We are facing a issue that currently we are unable to console to firewall device. But traffic is passing through active firewall. Status is HA1 backup= Down Please advice Thanks,Lakshitha

Resolved! logs for Intelligence Sharing and telemetry

is there any way i can find from cli or from web gui that confirms my PA is sending all telemetry data ? any where in PA cli i can find the logs or data send to Telemetry? where it send this data to? is this function performed by the MP of the PA?

MP18 by Cyber Elite
  • 2732 Views
  • 2 replies
  • 0 Likes

URL Filtering block websites?

I have a URL filter profile with a list of URLs set to block (under Objects Security Profiles > URL Filtering), which is applied to security group profile. However none of the URLs are being blocked. Is there something I should check to confirm this is setup right?

URL Filtering different with browser and application

Hi We have a server, from where the user wants to go to, for example, abc.xyz.com.The certificate from the website xyz.com has a CN *.xyz.com. We dont have decryption for URL Filtering. In the URL Filtering category, we have allowed abc.xyz.com.The user on the server wants to use an application which initiates a connection to abc.xyz.com.Now,Whe...

FQDN as source address

Hi to all I have a problems with riles with FQDN For example i created rule: source ip - destination ip - destination port I changed ip to FQDN object - pc1.domain.com. Palo Alto can resolve name to IP. New Rule: source FGDN - destination ip - destination port. In first five minutes (more or less) rule works fine, but after that traffic not hi...

aaobuhov by L2 Linker
  • 4445 Views
  • 4 replies
  • 0 Likes

Resolved! Upgrade to 8.1 from 8.0.x

I just got off the phone with Palo support as I'm doing an upgrade from 8.0.9 to 8.1.4. They said all I need to do is download (not install) the base 8.1.0 image, then download and install 8.1.4 While on the line with them, I came across this from documentationIf you are already running a PAN-OS 8.0 release, download and install the latest PAN-...

ce1028 by L4 Transporter
  • 13457 Views
  • 10 replies
  • 0 Likes

Custom Vulnerability Signature Name in Panorama logs

Anyone using custom vulnerability signatures in Panorama? Simple example.Threat ID 41000Name SSH-Auth-Brute-Force Using existing signature 31914 with Time Attribute to block source IP if too many login attempts in specified time period. My issue is that I run reports in Panorama and in report Threat Name shows ID number (41000 and up) not SSH-Au...

Resolved! Skype for Business vs Skype

Hi All, is there a way for Palo to distinguish between Skype and Skype for business?Application list only suggests you single Skype application... Idea is to block regular skype and only allow skype for biz, maybe there are any weird workarounds.... like allowing/blocking certain miscorsoft URLs or tcp ports. Cheers,

Carve public Subnet without involving Vendor

Anyway to accomplish following without modifying routes at the router? I have a subnet 1.1.1.0/24 1.1.1.1/24 PAN ETH1 Need to route 1.1.1.50 from ETH1 -> ETH3 as it sits behind ETH3. I need ETH1 to reply back to router when it says arp who has for 1.1.1.50

junior_r by L3 Networker
  • 8082 Views
  • 7 replies
  • 0 Likes

Resolved! ip id in wireshark to confirm PA is not dropping the traffic

I am troubleshooting sharepoint connection to cloud on port 443pcap and global counters show no dropsi see no discards in the cli. when user access the website he sees blank page no contents if i confirm the ip id in pcaps of the PA is same from receive and transmit then we are good right?

MP18 by Cyber Elite
  • 4619 Views
  • 6 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks