This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Traffic flow

Is there a good way to determine if the traffic flow through you firewall is optimal and the most efficient?

jdprovine by L4 Transporter
  • 5973 Views
  • 8 replies
  • 0 Likes

Active/Active HA with OSPF is dropping packets when innactive member becomes active

I am seeing an issue where upon pulling the plug in an active/active setup, OSPF does it's job. A few packets are lost but it is within an acceptable range. My issue stems from when the innactive member comes back online and joins the HA. I can't confirm this, but it feels as if the OSPF routes are coming up before the FW services are ready t...

ImBatman by L1 Bithead
  • 4224 Views
  • 4 replies
  • 0 Likes

Resolved! Outputs Limit! Service restart loop @ 30+

So the title is a slight misnomer.Have a dev server with 59 miners, 42 procs, and 32 outputs, works fine.Have a prod server with 58 miners 41 procs and 29 outputs, does not work fine. The two devices are set up with "identical" configs the dev server having a few extra test nodes.On the prod box, as soon as I add a 30th output node the service g...

0isac0 by L1 Bithead
  • 5847 Views
  • 5 replies
  • 0 Likes

Resolved! Security policy that permits traffic to any *.office365.com ?

I see there is an FQDN option for Destination Address when I create a security policy.I want to permit port 993 to any host in office365.com. Will it work if I just put office.comin the FQDN destination? Trying to put the * wildcard causes the widget to gray out theOK button. Thanks!

Resolved! Adding Address object to GlobalProtect split tunnel access route list

Hi. In the Palo Alto firewall, I've created a new Address object with the type set to FQDN and with a valid DNS record. Saved and committed the change. Then I try to add this newly created address object to the access route list in the GlobalProtect's split tunnel list (we using split tunnel for the VPN connection). However, I am not seeing...

Block outbound NTLM auth

With CVE-2018-0950 from Microsoft, if an outlook user clicks on an OLE object in an RTF email, the client will send credentials try to logon. Our security group is quite concerned about this. While allowing ports 445, 137 and 139 out to the internet is a really bad idea, they want to make sure that it is explicitly blocked. Is the application "m...

Resolved! Antivirus Dynamic Update fails PAN-OS 8.1.0 Cluster

Hi Community, I have a PA-850 Cluster with PAN-OS 8.1.0 and a valid Threat license.The active firewall is configured to download and install antivirus updates and sync them to his peer. Unfortunately, the update failed lately, so we were 4 days behind the current versions.After manually using "check now" the new updates were found without proble...

Chacko42 by L4 Transporter
  • 15013 Views
  • 10 replies
  • 1 Likes

Resolved! Disabling Indicator Expiration

@lmori, thank you for your help so far. I am migrating my data to the "stdlib.localDB" miner, per your suggestion here. I have two questions now: First, I noticed that the default expiration for indicators added to this miner is just one day. How can I change this to one year? What about disabling expiration by default? Second, I am trying to pu...

Resolved! TAP mode interface drop

Hi. I have a question about TAP deployment I set the TAP mode which I used just one interface, set the zone TAPSecurity policy TAP-TAP any any permit. Then, regularly I'm checking the global counter, but I don't know why the drop packet occured.When I checked first at the 'packet capture' on the firewall, then I could see some packets are droppe...

drop-count.PNG

IKEv2 renegotiation on acceptor gateway reboot

Hi community, I have a site-to-site IPSec connectivity with Palo Alto gateway (PA-VM 8.0.5 on kvm hypervisor - CentOS 7 host) on one end as initiator and Vyatta OS based gateway on the other end as acceptor. When IKEv2 and IPSec (and BGP) are in established state, and the Vyatta OS reboots, it takes about 6 minutes for PA-VM to detect outage and...

rameshgi by L0 Member
  • 2305 Views
  • 2 replies
  • 0 Likes

PaloAlto Managed Services Question:

I have a question pertaining to Palo Alto's Managed Services business. Does Palo Alto have its own Managed Services business where they service end clients directly? Another way of asking this is, does PaloAlto only use the partner channel to deliver managed services? I was curious as I am looking at PaloAlto and doing research to learn more....

CryptoRG by L1 Bithead
  • 4571 Views
  • 4 replies
  • 0 Likes

Layer 1+2 decisions for PA820 HA pair

This is my first time having the luxury of two ISP's and redundancy in all hardware - I was tryingt to research best practice for wiring the PA pair as active/passive router/nat - I found some mentioning of using port channels to achieve local redunancy, but I don't see much info on it, doesnt seem widely used. Please see image below about my th...

2isp_asr_pa820_6840_wiring.PNG
stoker by L1 Bithead
  • 3773 Views
  • 6 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks