This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4253 Views
  • 0 replies
  • 0 Likes

Create new prototype for Rest API and simple URL

Hi Experts, I have a customer who wants to create new prototype for this customer. customer requirement is very simple but, it's very hard to me. first of one, customer said spunk is using Rest API, below is feeds from splunk curl -k https://splunk_IP_address/services/search/jobs/export -d "search=| inputlookup autofocus_lookup" -d output...

jilim by L1 Bithead
  • 4583 Views
  • 3 replies
  • 0 Likes

RTP fragment packet flowing is not allowed when fragment enabled on zone protection of PAN-OS

Hi All, I have an issue about sip/rtp traffic. Endpoints are using a calling application that used sip protocol . We have also enabled fragment feature in zone protection setting.I investigate this issue and when endpoint make calling, zone protection drops rtp packets because they are fragmented.Could you inform me is there another solution adv...

Resolved! How do you use the new predefined Dynamic IP lists?

Greetings all, I'm wanting to use the new Palo Alto provided dynamic IP lists to block known malicious or high risk IPs but, when creating a security policy, I can't seem to get it to appear in the list for selection. I've tried copy/pasting the name in there and it just shows the red underline. I'm doing this in 8.0.7 Panorama and both of my f...

jsalmans by L4 Transporter
  • 9576 Views
  • 11 replies
  • 0 Likes

SSL decryption non standard ports

Hello all, I am wondering if palo can identify and decrypt encrypted traffic on non-standard ports(other than 443)? In other words, does firewall decrypt all encrypted traffic traversing through that matches rule?

Resolved! show user group name not showing user list

Hello, We are not getting the list of individual users in the command: show user group name <name> > show user group name "CN=adminstaff,OU=staff,OU=security,OU=Groups,OU=College,OU=Schools,OU=CEWA,DC=test,DC=edu,DC=au" short name: test\adminstaff source type: ldapsource: TEST_AD_Groups We can see them in the Webgui. We followed t...

Farzana by L4 Transporter
  • 9228 Views
  • 1 replies
  • 0 Likes

PAN-2020 site-to-site with Meraki Cloud managed firewall

Hi all,Has anyone had success establishing a site-to-site tunnel between an PAN firewall and a Cisco Meraki Cloud managed firewall? I've been messing with it for most of the day and have not found much luck. I've added a third party peer on the Meraki, but it doesn't seem to make any connections back to PAN even an attempt to establish the tun...

cmateam by L3 Networker
  • 10215 Views
  • 7 replies
  • 0 Likes

Resolved! Configuring OCSP

I am trying to configure OCSP and I am a little confused. I have added an OSCP responder. It appears the second step is to allow the Firewall to use it by configuring Device-Management->Interfaces. However, for most of my settings, I am using a Service Route Configuration and I don't see HTTP OCSP listed as an option in Service Route. Is ...

Resolved! Minemeld with Proxy

Is there any way to perform the minemeld install from behind a proxy? I am deploying a minemeld node in a datacenter where internet access is only available via squid proxy. Thanks,Nasir

nbilal by L3 Networker
  • 19823 Views
  • 12 replies
  • 0 Likes

VPN SITE TO SITE PALO ALTO NETWORKS

Hello, I configure a VPN tunnel between two firewalls Palo alto Networks . The tunnel status is up but the other network is unreacheable.I configure the tunnel on the trust zone . I restart the firewalls without result . The first PA-500 with PANOS 7.1.0 and the second with PANOS 8.0.3Should I do an upgrade to the OS? Or there is any suggestion ...

ra7oub4 by L2 Linker
  • 9806 Views
  • 7 replies
  • 0 Likes

Error : Number of addresses ,dynamic groups, external-ip-lists.... exceeded platform capacity (2500)

While pushing policy from PAN to PA220 Firewall running 8.0.3I am getting attached Error. We have around 6kplus object in that specific template.As per PA support, 8.0.X pan version comes with a precheck that will not allow commit till the object count be below 2500 value for PA220.My Query...1. Does all objects get pushed from PAN irrespectivel...

Nischal by L2 Linker
  • 7608 Views
  • 2 replies
  • 0 Likes

Exception for threat type "file"?

Hi, I have following in my logs: Threat tpye: fileThreat name: CSV fileID: 52032Severity: lowFile Name: xyz.csv For Vulnerability Protection and Anti-Spyware I know how to easily create exceptions for specific IPs/URLs. Is there a way to easily create exceptions the same way for "file threats"?Furthermore I'm not aware that my file blocking prof...

Installing a pair of 850s and a pair of 3260s this weekend - interface speed

We have had some requirements change since ordering this equipment and may change direction on where these new firewalls get installed. Initially we ordered the 3260s for our hosted data center since most of the servers are located there and vendor provided backup solution is there. The concern was the amount of traffic that we would be pushing ...

Resolved! HA2 Backup Port Link Speed

Does the HA2 backup port need to be the same link speed as the primary HA2 port? Customer is wondering if it is possible to use a 10G SFP+ port to backup the 40G HSCI port. I cannot find anything in the documentation discussing this and don't currently have access to the hardware to test. Thanks.

User-ID Service - Client IP Population

All, When we first installed our User-ID Agent service on Windows Server 4-5 years ago we implemented Security Log Reading (from domain controllers logs), AD Session Scanning, and MWI polling. About 5-6 days ago we started running into issues (which we have yet to determine what is causing it), where polling seems to be openeing up multiple con...

  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks