This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! Filtering Azure IP ranges based on a subset of regions?

I'm attempting to filter the azure.cloudIPs miner based on a subset of specific regions. I've customized IPv4 aggregators to specify individual regions (as shown below), and this works correctly. However what would the syntax be to filter on multiple regions? ie, effectively something like azure_region == ['useast' or 'useast2']? I've tried a ...

mpetzold by L0 Member
  • 5931 Views
  • 2 replies
  • 0 Likes

Tag Unused Rules

How to tag all unused security policies. I'm faimilar with the "highlight unused" and > show running rule-use rule-base security type unused vsys vsys1 command. Is there a way I can then easily tag all my rules used say older than 90 days?

nicford by L2 Linker
  • 10134 Views
  • 10 replies
  • 1 Likes

Disk space again

I have gone back and forth on disk space with tac and with the live community. I had tac clean up the log files before and that didn't gain me much. I am trying to prepare for an upgrade to OS 8.x this summer and I want to make sure I do not run out of diskspace and also not break anything trying to do some clean upI guess I want to know if thes...

jdprovine by L4 Transporter
  • 7276 Views
  • 13 replies
  • 0 Likes

Resolved! How to verify firewall operational mode (fips, cc, normal)

Dear comm, when searching for operational modes you will find a bunch of guides how to change mode from normal to CC or FIPS. However I would like to know where I can check the current mode running. I know you can clearly see it when using Panorama but this is not the case here. Where can I check the operational mode on a standalone firewall? Ki...

Rboehme by L2 Linker
  • 11230 Views
  • 1 replies
  • 0 Likes

Training - Labs

Hi all I am currently doing training - Firewall Installation, Configuration, and Management: Essentials I for PAN-OS 7.0 It's not an online class. I've found it on My Learning page and I think it's good to start with. Does anybody know whether there is a chance to do some labs? If yes, how do I set it up? I just don't want to only read up on th...

How to block Android users on PAN FW

Hi Guys, Is it feasible to block the users on our PAN FW for a specific manufacture or platform , let say to block windows or MAC or Android users ? Please assist as I m new to this PAN FW ... Regards Vineet

HTTP redirect at firewall level(currently being done in IIS

I'm currently doing http redirect at the web server(IIS) and allowing http and https traffic into the web server. Is there a way to do http redirect at the firewall level and that way I only allow SSL traffic and block http coming into the web server. IS it ok to allow http traffic into the web server behind the PAN? I want to know what other ar...

msintech by L0 Member
  • 3442 Views
  • 2 replies
  • 0 Likes

Resolved! Management CPU keeps 100% usage

Hi experts, We are using PA-2020 in our environment and its firmware version is "4.1.6" PA-2020 was working smoothly but now it appears very slow process when we click commit action. We have searched and followed many reference such like 1) disable each policy logging setting (no log now), 2) execute command "debug software restart device-server...

2018-01-10_141253.jpg

MineMeld - how to prevent age out of DShield in a TAXII output DataFeed

Here is the basic setup that I'm having trouble with: Miner: dshield_blocklist: output: true prototype: dshield.block Aggregator: aggregator_dshield: inputs: - dshield_blocklist output: true prototype: minemeldlocal.aggregator_dshield Output Node: taxiiDataFeedDshield: inputs: - aggregator_dshield ...

EdwinD by L3 Networker
  • 4977 Views
  • 2 replies
  • 0 Likes

Modify application

One of the applications (a default one in the Palo Alto) sometimes connects over an other port than the defined standard port for the application. Since I defined the plicys service as 'application default', this traffic gets blocked. Its the application 'magister', which has a standard port of tcp,443 but sometimes connects over 943 & 4502....

Sjoerd by L2 Linker
  • 3940 Views
  • 3 replies
  • 0 Likes

Resolved! Difference between pkts/sec vs conns/sec

Hi All, In Zone Protection Profile, a unit of rate changed from packets/sec to connections/sec when I upgrade into PAN-OS 8.0.It sounds defferent thing, though is this only changes on GUI and nothing changes on this feature, I mean way of counts is same as before?If no, how to calcurate accurate value for 'connections'?Let's say if I configure '...

71.png
80.png
emr_1 by L5 Sessionator
  • 3904 Views
  • 1 replies
  • 0 Likes

Recommened PAN-OS as of April 2017 (Q2)

What PAN-OS are people running these days? I am currently 7.0.8 and it is time for the care-and-feeding of the firewall code at my company. I am looking at upgrading to 7.1.8 (but 7.1.9 just came out today). I do not use any SSL Decryption features. Primarily firewalling, IPSEC tunnels and GlobalProtect.

rpugh1 by L0 Member
  • 2782 Views
  • 3 replies
  • 0 Likes

Resolved! BGP filtering question

Hi Quick question, pretty sure I know the answer. But I want to redistribute some of the OSPF routes I have into BGP.So I create a redist profile, say the source is OSPF then I can use the BGP export filtering to stop what I don't want out. So lets say I have in my ospf table 10.10.10.0/2410.10.20.0/2410.10.30.0/24 1.1.1.50/32 1.1.1.51/32 1.1.1....

Proxy ARP

Hi I have a 5220 in the DC and a 850 in the officeOn the 5220 I have an interface onto network 2.7.3.0/24On the 850 I have a NAT for 2.7.3.129/32the 5220 get this via OSPFHow can I make the 5220 response on the interface 2.7.3.0/24 for arp requests for 2.7.3.129Do I have to setup a 1-to-1 NAT on the 5220 so destination nat of 2.7.3.129 to 2.7.3....

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks