This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Resolved! Route specific traffic out backup ISP?

We have dual ISP (ISP-A and ISP-B) and utilizting PBR which works just fine. Now I have use case whereas I have a NAT configured on ISP-B (1 to 1) and I want to force traffic to a specific destination out the backup interface. I want to do this to ensure traffic destined for a specific address IP-B is sent out the backup interface. I tried ad...

drewdown by L4 Transporter
  • 14114 Views
  • 13 replies
  • 0 Likes

Resolved! Upgrading GlobalProtect while on corp network

Hi everyone, I have a client who said every time they try to upgrade globalprotect, they have mixed results. The issue seems to be that they'll set the GP App to "Allow with prompt". However, the users will never get the prompt while they are on the corporate network. It seems possibly, when the users go home, they'll get the prompt to download ...

ce1028 by L4 Transporter
  • 5982 Views
  • 9 replies
  • 0 Likes

Resolved! Adding app depencendies

This might be a dumb question, but I visited 3 clients in the past 2 weeks that did not include application depenendcies in their policy rules For example, they'll have a rule allowing webex-base, but don't add rtcp, rtp-base, or stun. To be fair, at least 1 of them had a rule that contains an application filter that allows risks 1, 2 and 3, so...

ce1028 by L4 Transporter
  • 3033 Views
  • 2 replies
  • 0 Likes

SSL Version

Is there any way for the traffic logs to display the SSL/TLS version that's in use for a particular flow? I don't see the data in the traffic logs or in the session info at the CLI.

Resolved! HTTPS URL Filtering without decryption

Hello all, I am trying to implement URL Filtering for HTTPS websites but without decryption. I found a post on how to deliver response pages to Users. (https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Serve-a-URL-Response-Page-Over-an-HTTPS-Session-Without/ta-p/55998) The URL Filtering is working for me but I dont understand th...

Resolved! Untrust to Untrust - Allow

I was working at a customer site and noticed the customer's last rule before their "Catch-All - Deny" rule was "Untrust - Untrust Allow". It was a universal rule with source zone untrust destination zone untrust set to allow. When I asked why they had this rule, the response was "By default, the firewall comes with a default intrazone allow r...

ce1028 by L4 Transporter
  • 17559 Views
  • 11 replies
  • 0 Likes

Binding to AD with globalprotect

We have user accessing the globalprotect VPN using their AD account and we have userid enabled, but we do not see any evidence of the users in the AD domain controller, is that because GP is accessing the DC using a service account? Is there anyway to get the AD accounts to bind on the DC? We need these records for other things

jdprovine by L4 Transporter
  • 7151 Views
  • 13 replies
  • 0 Likes

Dual ISP IPSEC vpn tunnel monitor drops the connection

Hi all, I added second ISP to firewall and created ECMP for dual ISP followed those guides: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Implement-ECMP-Load-Balancing-on-the-Firewall/ta-p/110339# https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-a-Palo-Alto-Networks-Firewall-with-Dual-ISPs/ta-p/59...

SShnap by L3 Networker
  • 3991 Views
  • 3 replies
  • 0 Likes

GRE support on PAN-OS 8.0

Hi,is it possible to terminate a GRE tunnel on a PaloAlto? Parhaps there is something new in 8.0 Best regrads,Sebastian

sst by L0 Member
  • 5624 Views
  • 5 replies
  • 0 Likes

Resolved! Log forwarding - Local on Gateway or Panorama

Hello - I have Firewalls configured with Log Forwarding to Panorama. The question is, do the traffic logs of the Firewall Gateway keeps the copy of the logs and send another copy to Panorama or does it have only one copy forwarded to Panorama Can i configure to forward all the traffic logs of the Firewall to the Panorama and not to keep local co...

PA VM licensing issue between support accounts

Hi, Although looking through this in internal sources as well, but maybe you guys have seen this and have an idea. Initially there was PA VM-100 trial registered in Support Account 1 - partner account. Everything's good.Trial expired, full license was purchased - auth code was registered in Support Account 2 - customer specific account. VM-100 w...

nikoo by L3 Networker
  • 6058 Views
  • 3 replies
  • 0 Likes

Web-Browsing default port application

Hey , i just wondered why in the era that all web traffic is moving forward beeing encrypted and browsers like chrome will soon mark websites that uses HTTP protocol as "unsage" paloalto "web-browsing" application still uses in it's default ports only tcp/80 port and not also tcp/443 port? thanks

minow by L4 Transporter
  • 29464 Views
  • 5 replies
  • 0 Likes

Re:Minemeld Miner Config

Hi guys,How can we creat a prototype miner in the MInemeld hosted by autofocus, is there any tech document with regards to how to customize/config a prototype for Miner.Thanks

Sanssj by L2 Linker
  • 3118 Views
  • 1 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks