This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4114 Views
  • 0 replies
  • 0 Likes

Resolved! content update

I have this question and cannot find the answer from the online training: Which type of content update does NOT have to be scheduled for download on the firewall? I think it is PAN-DB updates but I just need to make sure.

Resolved! Where do you track your certification progress?

Hi all, I thought you'd want to be able to list your certifications and their expiry dates and any relevant announcements, so you could plan your further study, re-certification...Also, employers ask about cert updates.Couldn't find it myself.Other than a notification email saying a cert expiring in 3 months.

GAleksic by L1 Bithead
  • 4622 Views
  • 3 replies
  • 0 Likes

Resolved! To drop or deny

I found some best practices documentation on the fuel group site and they recommend drop over deny. So I would be interested to see how people are configuring their fire wall more drops or denies and why?

jdprovine by L4 Transporter
  • 52621 Views
  • 6 replies
  • 1 Likes

MAC OS Decryption Issues

Hello All, I was just curious if anyone has encountered issues with Apple Mac devices and SSL decryption? We have users that are unable to perform an Internet Recovery over the network, but when they are off the network it works for them. This has only started since implenting SSL Decryption. We have excluded apple.com from SSL inspection but th...

Resolved! How to manage 140+ Firewalls with their certificates...

Hello Community, I was wondering how in a "larger scale" environement (140+ branche offices) people are generally managing their certificates?Take the scenario of Panorama managing thoses 140+ PA firewalls with their corresponding 140+ templates...Then you either import the compagny's Root CA / generate a Sub-Ca to every single 140+ firewall (i...

Rievax by L2 Linker
  • 4235 Views
  • 5 replies
  • 0 Likes

Best Practices for Security Policies with App Default and Custom Services

Hello, I have been tasked with converting some legacy security rules from app=any, service=custom object to app=app-ID and service=application-default. However, some of our apps use custom ports over known applications, so straight conversion is not possible. For example. I have a basic rule to allow inbound applications web-browsing (tcp/80) a...

What app id is used for remote access to Windows 2012 Server and Windows 2016 Server?

Hi all, we've noticed our admin accounts have been locked several times today due to consecutive failed login attempts to our VM-s.Most likely, these would have gone through the PA firewall.I wonder what would be the way to filter huge log, other than destination address?Would the app id be ms-rdp? Or something newer for Windows 2012 Server and ...

GAleksic by L1 Bithead
  • 8121 Views
  • 3 replies
  • 0 Likes

Dual ISP scenario

Hi, I need to create a dual ISP scenario. This FW has 2 interface with differents ISP. (ppoe)eth1/2 (1.1.1.1/32)eth1/3 (2.2.2.2/32) We would like to balance both ISPs and in the case one of this ISP goes down, all traffic takes the ISP up in that moment. So i was checking, https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Imple...

Config, System, Supervisor timing out

I cloned few output prototypes and created my own miner -> ipv4 agg -> output config. I logged off for some reason and now that I login, I am getting timeout error for config, system, supervisor etc. I dont see any config info or indicaters in System. I have tried stopping and starting the services as found in one of the questions. None he...

Doubt about 8.1 version source-user logs

Hi, I just upgraded my firewall to 8.1.0. I was checking the log and i see that now the "source user" in log traffic is the full name machine with $, not the AD user. Before 8.1 was: domain/john.englishNow is: xxxx.dom\PCfullname$ Why??? how can we continue using "acme\user"??

Resolved! autocommit fail : Total NAT DIPP exceed

Hi all, I found the issue after upgrade Palo alto from PAN-OS 5.0-6.1.0 when to 6.1.0 auto-commit faile and show messages "Total NAT DIPP translated IP 804 exceeds the capacity of 800 " My model PA-5050 so, I would like to know this issue occur?

Palo alto static routing issue

Hi, We are configuring a new routing scenario but we are expecting problem taking the correct route. This is our static route table: destination interface gateway metric 10.50.1.0/24 eth1/1 10.50.250.1 110.50.2.0/24 eth1/1 10.50.250.1 110.0.0.0/8 eth1/5 10.50.50.4 10 If we run a "test rou...

BigPalo by L4 Transporter
  • 9817 Views
  • 19 replies
  • 0 Likes

test security-policy-match application ping -> Server error : argument protocol is required

Hi, I am trying to test ping from zone A to zone B using 2 hosts IPs which belong to their respective zones.What is the correct way to specifically test application ping? fw1(active)> test security-policy-match application ping from from zone_1 to zone_2 source 192.168.1.1 destination 192.168.2.1Server error : argument protocol is required Pi...

ash83 by L2 Linker
  • 4289 Views
  • 1 replies
  • 0 Likes

SYSTEM ALERT : critical : fail to integrate the update of registered ip addresses since 61 seconds

Greetings I am not sure if anyone has come across this alert SYSTEM ALERT : critical : fail to integrate the update of registered ip addresses since 61 seconds on a regular basis? If yes, can someone please shed some light on what is causing this issue? When this alert was seen for the first time, I went on to restart the user-id agent as ...

  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks