This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4124 Views
  • 0 replies
  • 0 Likes

Resolved! IPSec Tunnel performance tips?

Hello folks, I've seen a this article about improving performance by enabling this Adjust TCP MSS. Ours is not enabled.https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Improve-Performance-for-IPSec-Traffic/ta-p/53301 Would this be enabled on the public internet facing interface?I do see some TCP retransmission and reassembled mes...

ipsec_performance.jpg
OMatlock by L4 Transporter
  • 5461 Views
  • 1 replies
  • 0 Likes

Determining if PAN might be introducing Skype video problems

Skype video calls are often described as choppy. The sysadmins who admin skype for business onlineare point the finger at the PAN 5060. It is not configured for QoS but it's only processing 600Mbpstops and typically around 400Mbps. What might be some means to rule-in, rule-out the PAN? Thank you.

debug Palo alto firewall rule

we maintain one PA security policy rule and give ip 192.168.0.11 to access server UTP01, the user is using ip 192.168.0.11, and he can't access the server, we can't find any security log for this. may i know how to debug this rule?

palolili by L0 Member
  • 2691 Views
  • 2 replies
  • 0 Likes

Firewall analyzers

Can anyone let me know about their experience with firewall analyzer tools? I work at a university and we have 20 PANs, but we're expanding to new campuses in a few cities in the US and one in Italy. It's going to be tough to manage double the number of devices, but I can't find anyone with good experiences with these tools. Gartner and Forres...

Global protect timeout

Here is a peculiar situation. We have some field users who use their hotspot to connect to global protect. Sometimes,they loose internet intermittantly for couple of minutes so they are being kicked out of vpn session on their machine. But in fact firewall is still having the session running on portal/gateway. They are being required to enter t...

Source Translations

I'm trying to find out how to get all the static source translations for a perticular subnet on our Pan 7050. I'm trying to make a spreadsheet to keep up to date static ip's being used. Can do such a command cli on the Pan. I was able to do on a Cisco ASA. But still new to palo alto. Any Ideas. Thanks

Resolved! GlobalProtect Inactivity Timer - is HIP Profile required?

So in the configuration of GlobalProtect ( v8.0.5, under Network > Globalprotect > Gateways > (gateway name) > Agent tab > Timeout Settings) There's an 'inactivity logout' setting, that has a description of 'Users are logged out of GP when the gateway doesn't receive a HIP check from the GP app in the time specified'. My questio...

Resolved! SYSTEM ALERT : high : User Group count of 2358 exceededs threshold of 1000

According to the New Features Guide in 7.1 PAN-OS the User Group Capacity was increased to a max of 3,200 groups IF you are following their note below: Do not add entries to the Group Include List or Custom Group list—doing so limits the number of groups that policy rules can reference. Populated lists can have a combined maximum of only 640 gr...

bspilde by L4 Transporter
  • 21096 Views
  • 9 replies
  • 0 Likes

Multiple ISP PA5250

Hi I have been asked to purchase a new PA 5250.It will potentially have 20GB throughput to the internet.i am looking at an active active setup, with Aggregate interface inside to each FW.On the Outside i have been asked to connect to 4 x ISP 5GB Bandwidth on 10GB Bearer to each ISP. (this is for resilience / redundancy)To share the traffic acros...

Resolved! Site to Site VPN Tunnel - NAT

Hello everbody, I am most likely struggling with a NAT problem in a site to site VPN tunnel, hoping you have an idea or tip to this topic.The setup is a site to site VPN tunnel between a PAN and a Cisco ASA.There is a host (172.16.2.20) behind the PAN which should be reached through the VPN tunnel.The problem is that the service provider behind ...

Resolved! PaloAlto WAN Interface segmentation

Hello Please help me in this scenario There is the big "Company Site" and the other branches point to this Site, there is an MPLS connection between the branches.Our need is, the PaloAlto supports segmentation on the WAN part ? can we create a sub-interfaces in the connected interface (MPLS) at the big headquarters, and each sub-interface commun...

VRF WAN.jpg

candidate configuration

Hi,What is candidate configuration and what is the purpose of candidate configuration ?What is the differnece between save candidate configuration and the save using the button on the top right corner ? What is the differnce between save candidte configuration and commitThanks

simsim by L4 Transporter
  • 4178 Views
  • 4 replies
  • 0 Likes

Resolved! Can Palo Alto firewall act as a SCEP server

I would like to generate a SCEP request that I want to have signed by the CA on the Palo Alto firewall. I have beel looking at the documentation and asking my buddy Google, but have not found a way to do this. I am thinking this is not supported. Pleas confirm.

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks