This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

Stop web browsing to ssl

The external IP of our WiFi controller requires 443 to be open to the internet, so we have this open on our inbound rule>external IP of the controller. 443 needs to be open but we don't want this to be accessible via a web browser - as currently this rule allows the external IP to be accessed via https. Is there a way of stopping this behavi...

Resolved! Schedule a rollback to last known good configuration

Hi all, Is it possible to rollback to 'last known good' configuration, or even previously running config. Say for example I make some changes and issue a commit, then subsequently lose connectivity. Is there a mechanism to schedule a rollback to previously running config after say 5minutes?. Many thanksAjaz NawazJNCIE-SEC No. 254CCIE-RS No. 15721

nawaza by L2 Linker
  • 7557 Views
  • 6 replies
  • 0 Likes

RTP and RTCP traffic jumping rule

Hi, We have created a rule for Voice IP. Zone A to Zone B / Application RTP - RTCP / Service ANY / PERMIT So all the voice RTP connections should matched in the previous rule, but we are seeing connections which should be matched the previous rule but its matching in this rule: Zone A to Zone B / ANY / ANY / PERMIT Its like some connections are ...

Upgrade traps

Hi, Any advice about upgrading traps from 3.4 to 4.0?? can i install directly 4.0.4???We have an external database. 3 Cores, 2 Console. Any order to do this upgrade or procedure???thanks

Resolved! Failed commiting config from Panorama

Hi, We have a Panorama with several FWs managed. We commited the config but in one of these FWs was failed.Looking in panorama we see that this device is out of sync (in templates and shred policy). how can i force this commit?? or to have any reason for this fail??. I dont see any error or how to investigate....

Integrate with MISP

Hi all, Do you know something sample about integration with MISP (Malware Information share platform)??? So another question is about scripts, can I launch a script into conifg a new prototype? If I've created a new prototype I set a url option...can I set the url option for script option???? Thanks a lot

SantiBT by L2 Linker
  • 22851 Views
  • 19 replies
  • 0 Likes

Ignore all Computers from xmlapi mappings

Hi Everyone,I am trying to intergrate clearpass with Palo alto using xlampi, all was going well however i struck a problemIn clearpass i have two types of users that are autheticating, domain joined machines (which authenticate using "compute authentication" and i also have byod users that authenticate using user based ad authetication.so when a...

Resolved! Troubleshooting SSL decryption failure of a website

Hello. We are using panOS 8.0.7 , Pan-DB URL filtering, and SSL decryption. We are K12 education and use many Chromebooks in the organization. We are trying to use a system called Clever to have our students log into their Chromebooks by scanning a QR code. The problem is I cannot get the program to work. (https://clever.com/) I know the issue ...

dannon by L3 Networker
  • 12201 Views
  • 10 replies
  • 1 Likes

Clear Policies, Rules, Configuration without Factory Reset

Hello Community, Can someone please let me know if its possible to clear the PA-VM of all Security Policie, NAT rules, configuration, logs etc without issuing the command: request system private-data-reset This command requires that I re-install the license when all I want to do is clear the configuration etc. Thank you

Resolved! GlobalProtect client issues with Windows Hello login - Windows 10

Hi all, we've recently started using GlobalProtect but when using the client on my devices I've noticed an old issue that I first saw quite a while back during testing, wondering if anyone else has experienced it or has a fix? I run Windows 10 (1709) on my laptop using fingerprint login via Windows Hello. The functionality worked reliably until ...

hcnsgxs by L0 Member
  • 17740 Views
  • 4 replies
  • 0 Likes

Global protect username tags

Hello all, I use RADIUS server for authenticating GP users. Is there a possibility to read tags sent by RADIUS server associated with user groups and palo could allow/deny specific users?

Palo alto traffic shaping

Hi, I have the below topology . video conference device is connected in distribution .All the devices are cisco . Actually I want to prioritize and reserve 10 mb for the vc .Marking the vc network as real time will help . I have never seen the dataplane going high in palo alto . The real congestion is facing at internet router .In that ca...

Traffic Shapping.png
simsim by L4 Transporter
  • 7075 Views
  • 9 replies
  • 0 Likes

Resolved! Spectre / Meltdown vulnerabilities - why are default actions set to 'alert'

Specifically for: 38407 (TLS Network Security Protocol Information Disclosure Vulnerability - ROBOT)31127 (Multiple CPUs Side-Channel Information Disclosure Vulnerability - Spectre - Meltdown)30276 (Multiple CPUs Side-Channel Information Disclosure Vulnerability - Spectre - Meltdown) action is to 'alert' only. The last two vulns are severity 'c...

Resolved! Zero indicators in inboundfeed

I am trying out minemeld and I started by adding miner (zeustracker.badips) and removing the default dshield and spam nodes. Before removal inbound feeds were showing subnet ranges/indicators. After removal there is not a single ip. processor shows RX count and PROCESSED count but output is all zero. Am i doing something wrong?

raji_toor by L4 Transporter
  • 6768 Views
  • 3 replies
  • 0 Likes

Network Outbound baseline.

I need to provide a baseline of allowed traffic outbound for a period of time. So to list Client -> External Server [ Port/Application ] Is there a report on the PA-3020 that can be crafted to do this Thanks Rob

  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks