This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Negate networks within an object group

Hi, is it possible to negate certain networks within a rule? example.. src (192.168.0.0/16) and dest (10.0.0.0/8) action Deny but want to negate dest 10.200.0.0/24 in the same rule so that 192.168.0.0/16 cannot talk to 10.0.0.0/8 but can talk to 10.200.0.0/24 (allowed lower down the order) the FW negate option negates all the objects within ...

PA_nts by L4 Transporter
  • 1419 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama will not upgrade as a stand alone.

Hi guys new here. The problem I'm having is my panorama will not upgrade. Of course I get the "requires a content version of 8529 or greater". I've look that up and found out I needed to download the latest content(APPS and Threats), did that but I get an error stated that encfilesize is 91802736. No matching apps package found. I'm have 2 new F...

Myoung1 by L1 Bithead
  • 2302 Views
  • 5 replies
  • 0 Likes

Resolved! Exempt alerting for specific threat

We have an open wifi network and do see lot of coinhive spyware threat alerts. Recently a user genrated in excess 30000 email alerts for CoinHive JavaScript Detection. We don't want to block the user and also the external IP is not single one. Firewall is set to reset-bot on detection. We just don't want to see this email alert, is there a worka...

raji_toor by L4 Transporter
  • 6102 Views
  • 6 replies
  • 0 Likes

Resolved! ION CLoudGenix Devices Offline

Hi Team, Has anybody experienced any issue with CloudGenix ION devices where you can SSH onto the device but actual on the Prisma Cloud Portal all the CG devices shows offline ? I have one of this issue where I can remote into every single ION device but on the cloud portal all of them are showing offline. Any help would be much appreci...

H.Suthar by L0 Member
  • 2119 Views
  • 3 replies
  • 0 Likes

Decrypt STARTTLS SMTP protocol but not blocked Virus File

The mail server resides on the network inside PaloAlto.I am trying to add a feature to use STARTTLS for SMTP/25 from the mail server to the Internet. I implemented STARTTLS decryption (Forward Proxy) on the PaloAlto and sent an email with Eicar Virus to the Internet via the mail server and it was sent without being blocked. The PaloAlto threat l...

Hogewo by L1 Bithead
  • 1372 Views
  • 2 replies
  • 0 Likes

Block Exchange ECP externally

Hello team, We are experiencing with our hosted exchange server on the cloud. Despite efforts from our Server team to block ECP access from external networks, it remains accessible. The team has suggested blocking ECP for external networks only. I have attempted to address this by creating a URL filter and applying it to the security policies,...

GP issues after a fail over test

So we have an annual BCP fail over test, during the fail over test when we shut the primary TOKYO PA 850 it fails over to PA 850 SEC, however when we connect to the VPN we cannot on our TOKYO we are not able to connect. I'm a bit newbie on PA and needing your assistance. Please provide me a detail troubleshooting steps on GP. The local IT s...

weezy by L3 Networker
  • 1032 Views
  • 1 replies
  • 0 Likes

RJ-45 10GB interface and cat7 cable

Hi All, Anyone deployed a ngfw (pa-3430) using the 10gb ports with a cat7 copper cable yet? same process as normal cat5/6 connection no additional changes needed? have a deployment for a client with fiber sfp but they did not purchase the sfp modules.. so in a bit of a pickle as needing to put these FWs in as vwire on the fiber connection betw...

PA_nts by L4 Transporter
  • 1039 Views
  • 1 replies
  • 0 Likes

Resolved! Trial VM-Series OVA-deployed VM stuck at PA-HDF login prompt for over 24 hours; multiple hosts and multiple attempts

Hello! I reached out to receive a trial for the VM-Series NGFW so I could practice/lab out some configs during my certification path. I have followed all of the instructions provided, confirmed ESXi version was fine, increased vCPU and RAM allocated following the sizing guide, and tried being patient, but multiple attempts at getting the VM-se...

VRT-JH by L1 Bithead
  • 20186 Views
  • 8 replies
  • 0 Likes

Resolved! Captive portal 403 forbidden

Hello, I've configured a new Captive portal but when i'm trying to reach it I receive 403 forbidden. The CP is enabled on the inside interface where the traffic is coming in. The zone have the user id enabled. The interface have the Management profile with User-id and Response page on. I've created a Auth Rule with Default-web-form but when I te...

rustdesk for remote support

Hello Friends, I have a question considering your valuable openinion regarding remote support applications. For financial issues I am moving to use an Open source "RustDesk" for remote supprt in my company. I can see that the application has its app-id in the paloalto application DB which is encouraging, but since I will inst...

issue about sdwan bgp routing

HI , Bro I setup a hub-spoke sdwan on my pnet labHub can learn site1 and site2 internal routing , but it can not pass these routing entry between site1 and site2.which cause hub and spoke(site1 and site2) can access each other , but the spoke (site1 and site2) can not access each other.

SD WAN using loopback on Palo Alto

I configuring a HUB for SDWAN with vpn, however this firewall currently have vpn tunnels to 3rd parties. Due to this I am planning on using a separate wan ip for sd-wan. However I do not have free ports on my firewall for this. Is it possible to configure a SDWAN HUB to use a natted loopback? If so I am not seeing any place to configure teh ...

mmercald by L1 Bithead
  • 2290 Views
  • 4 replies
  • 1 Likes

Resolved! looking for efficient way to clear specific security rule hit counts

I have Panorama managing 2 HA paired firewalls. The security rules are pushed to both HA pairs. I want to clear the hit counts for specific rules. If I login to the active firewall then I can run this command and it works fine. show rule-hit-count vsys vsys-name vsys1 rule-base security rules list [ "asdf1" "asdf2" "asdf3" ] And the clear ve...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks