This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

DMZ network redesign

Hi all, I'm hoping someone can help me avoid a huge overhaul and outage window of our DMZ network... Our DMZ gateway is currently a Palo interface with GlobalProtect enabled on it. Servers on the DMZ are at a remote site connected via a Layer 2 spanned VLAN. We intend to decommission this L2 link and move to a L3 VPN service. We have an entire p...

dmz.jpg

Problem with File blocking

Hi all i need to prevent all downloads on a network using Palo alto without affecting browsingi created a file blocking profile , denied all extentions in the download direction and applied it in a policybut iam still able to download many exe and jpeg for examplei dont have a decryption policy in placeis it necessery ??

AKabary by L2 Linker
  • 4012 Views
  • 2 replies
  • 0 Likes

PBF and cisco vpn client

Hi everyone i have two ISPsinterfaces connected to my palo alto i need to make a pbf forcisco vpn client app traffic to cross through the second isp in the pbf section in policies , i set the application to cisco vpn and ipsec-udb and IKE and set the destination and next hopbut traffic still go through the first ispwhat am i missing?and is it ...

AKabary by L2 Linker
  • 4884 Views
  • 6 replies
  • 0 Likes

Resolved! Redistribute Global protect mappings to another FW

Hi, We can not identify GP users in a remote FW. We can see all AD mappings but not GP. I explain the scenario: INTERNET ---------------> FW Central (gateway GP) -----> MPLS --------------> Remote FW PALO ALTO both PA are integrated with LDAP, but not have userid agents.We can see the AD users in both PA, but when a user is connecting ...

BigPalo by L4 Transporter
  • 5947 Views
  • 6 replies
  • 0 Likes

Minemeld: Custom IP list, miner etc for EDL.

I apologize if this has been answered in previous posts, I've tried searching and it seems that I'm getting bit and pieces but not the whole picture. How would I go about creating my own list of IPs and then customizing Minemeld to mine \ gather the IPs to be used in an EDL. We have McKesson products and they recently send us a PDF with a l...

rkoenig by L3 Networker
  • 6584 Views
  • 4 replies
  • 0 Likes

Understanding Panorama Log Ingenstion & Sizing

I am new to PA & I'm trying to understand the necessity of log collection to a Panorama VM. My company is about to deploy PA-3220's in HA pairs in several data centers. We have a single Panorama VM getting deployed for 6 firewalls (3 HA clusters). Coming from a traditional ASA background logging is set up either to go to syslog server or ...

QOS for multiple user addresses

Hi i need to create a qos policy to limit downloads and uploads of user addresses objects created on palo alto device i know that i will ceate a qos profile for down and up , choose a class , priority and type guaranteed and max BW then create a qos policy and qos interface 1-regarding the qos policy , do i need a policy for upload and policy f...

AKabary by L2 Linker
  • 7293 Views
  • 8 replies
  • 0 Likes

Resolved! netflow behavior

Is the session is long live ( some applications like nfs,panorama) will start and last till 1 month.As we have configured log at session end, the log entry will be created once the session is ended.However we have configured netflow as well.Netflow is also reporting data to netflow server once the session ended on firewall ( which is 1 month lat...

Resolved! Help understand TAP mode

Hello,sorry for a dumb question but I am new to PaloAlto and I would like to understand the TAP mode on a physical PA firewall. We have Cisco Catalyst 6509 switch running in 1 of the offices as a core. PA firewall is used for users' internet traffic and it is directly connected on that switch. We need to find a way to mirror traffic going throug...

Panorama PAN-OS 8.0.8 and always highlighted (Green) Commit button

I have recently upgraded Panorama from 7.1.x to 8.0.8. Although there are no changes and all firewalls are "in sync" for the configuration, the Panorama "Commit" button is Green/Highlighted. Is there anyone using Panorama with 8.0.x and seeing the same behavior? Until 7.1.x, the green/highlighted butting always meant pending config push/non sync...

Resolved! PAN-89471 userid causes firewall to reboot ?

I am considering upgrading from 8.0.x to 8.1.x, but this issue seems like it might be a show stopper. In 8.1.x known issue PAN-89471 "Firewalls reboot because the userid process restarts too often due to a socket binding failure that causes a memory leak. Workaround: Terminate the process that is using port 5007." This seems to read "userid caus...

mike406 by L2 Linker
  • 3544 Views
  • 3 replies
  • 0 Likes

Palo Alto firewall generates SSL version / cipher suites errors

Hi, i have a very strange issue. I have a webserver protected by a palo alto NGFW, if i disable inbound ssl inspection policies everything works fine and i can access the server as intended. However when i enable the inbound ssl inspection policy, with the proper certificates imported in the NGFW, i always get SSL version/ Cipher suites errors ...

tombarat by L1 Bithead
  • 4458 Views
  • 4 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks