This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Blocking Bittorrent

Hi Everyone, Is there a way to limit the sessions on bittorrent with Palo Alto ? You can only enable a session limiter based on a service, but not on an application i think? Anyone has some suggestions ? Goal-> Limit bittorrent traffic. Users must be still able to download via bittorrent but the experience should be limited. Kind Re...

Resolved! Source User Missing. Device has User Mappings.

I'm sure this is probably a rookie mistake, but I have to ask... I've set up our Meraki access points to syslog to my PA500 firewall. I'm successfully getting user-id to IP address mappings (I can see them in the output of "show user ip-user-mapping all" in the CLI). However, in the web interface, nothing is showing up in the source user colum...

Resolved! QoS: why is it capped at 1 Gbps?

Is it a physical limitation, or a software limitation? The PA-3020 has gigabit ports, which can be combined into aggregate interfaces that support multi-gigabit combined throughput. However, it you enable QoS on an aggregate interface, no matter how many interfaces are in that group, you are limited to 1 Gbps throughput. Shouldn't you be able t...

fjwcash by L4 Transporter
  • 4489 Views
  • 2 replies
  • 0 Likes

Google Hangouts audio-video detecting as STUN

I am noticing an issue were clients are using Google Hangouts, but the APP-ID is detecting the session as STUN over UDP/TCP port 19302-19309, instead of the APP-ID signature of google-hangouts-audio-video. Has anyone else noticed this behavior? The traffic is being blocked, so I am creating a custom service for those UDP ports to apply on a spe...

log snapshot.JPG

Resolved! Deleting Aggregate Interface

Good Morning, can someone verify that the following command is correct for removing an aggregate-ethernet interface? delete network interface aggregate-ethernet ae1 layer3 units ae1.82 I am a litte leary of implementing this command due to the fact that I cannot find where this is documented. Your help is greatly appreciated. Thanks.

global protect multiple portal issue

We want to configure Portal level redundancy in Global protect .If we bind 2 IPs of 2 different location firewalls to our portal address then how does clinent interpret the DNS resolution .after how much time client will try on another system

NIRAVK9 by L1 Bithead
  • 8247 Views
  • 13 replies
  • 0 Likes

ASK: GP with 2 network access

Hi All,Anyone have tried to create 2 network access within PAN-GP on PANOS 6.1?So, basically I want to create 2 PAN-GP Profile, one with split-tunnel, another one without split tunnel. Already read some article, said that I'll need PAN-GP license and 2 External IP.So, have someone tried this? Thanks in advance

why i must create vlan in paloalto firwall and not in cisco core switch ?

HelloPlz i need an exact informations and ansewr plz and plz brothers 😘 !what's the advantage/disadvantage of creating vlans on paloalto and not on cisco core switch ?? i need details informations plz, coz we have 2 sénarios possibles, and from my way i must give as an exact ansewr why we must create vlans on paloalto and not cisco core switch,...

Customer Account Personal Email

I bought a pa-220 for my own personal lab through my employer's pa vendor and I would prefer not to use my company email account just in case I were to leave my company. If that would happen, a year from now when my licenses expire, I won't be able to renew them to my pa as my corporate email account will not be accessible to me anymore. Are the...

Routing via PBF vs OSPF

I’m working on an implementation for about 15 branch offices where my organization is replacing an inconsistently-configured mix of SonicWALL and PA hardware with mostly PA-220’s. Each office has a Metro-Ethernet connection (100 Mbps at branches and 1 Gbps at HQ) and will also have an IPSec VPN tunnel back over their local internet connection ba...

locampo by L2 Linker
  • 4062 Views
  • 3 replies
  • 0 Likes

Resolved! Forwarding Decisions in PANOS

Hey guys. Fairly new to PANOS and also coming from the perspective of having been a longtime IT generalist with a large interest in networking to finally having a role as a dedicated SEM network engineering role. Having said that, we recently encountered a situation that confused me greatly. Context: we’ve got several branch offices with Metro-E...

locampo by L2 Linker
  • 7772 Views
  • 5 replies
  • 0 Likes

I want know CPU resouse mesage

What is mean??? flow_lookup flow_fastpath flow_slowpath flow_forwarding flow_mgmt flow_ctrl nac_result flow_np dfa_result module_internal aho_result zip_result pktlog_forwardinglwm flow_host ThanksRegard

awawa100 by L2 Linker
  • 3030 Views
  • 2 replies
  • 0 Likes

Resolved! SSL Website won't load with decryption enabled

Hello. One of my users was trying to go to: https://mn.b3benchmarking.com/Launch We have SSL forward proxy enabled. If I exclude the site from decryption is comes up fine. We are not using any decryption profiles. Can anyone tell my why the sites won't come up? I did run a check using https://www.ssllabs.com/ssltest/analyze.html?d=mn.b3benchma...

dannon by L3 Networker
  • 5816 Views
  • 3 replies
  • 0 Likes

Best Practice IPSec Tunnels

I was wondering if anyone had some good best practice recommendations for IPSec tunnel configurations. I’ve set up a lot of these in my time, but I’m realizing that I still don’t have a firm grasp over all these choices other than “make them match on both ends if you want them to work” and “more secure is better than less secure”. Especially, fo...

locampo by L2 Linker
  • 3871 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect breaking the Internet

Hello, We have an issue with our Global Protect client. The end users are able to connect and work fine, but when they press the disconnect button on the Global Protect client it is breaks their internet. Whether the user is connected to a WiFi network or via an ethernet cable or doesn't matter. To illustrate the issue, this is what we do:1. Use...

Error.jpg
Farzana by L4 Transporter
  • 12898 Views
  • 3 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks