This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Security profile group best practice

HI guys, I've read most of the reference material by Palo alto only applying security profiles on inside->out security polices but not outside->inside polices. I would think that is a given since outside->inside policies are to protect your front facing web services. Do you guys apply security profiles for outside->inside policies. Khai

No wildfire submissions (FWD_ERR_CONN_FAIL_PUB errors)

Hi there, Wildfire is not submiting files. I have the simplest configuration possible, and I'm using the test file (https://wildfire.paloaltonetworks.com/publicapi/test/pe). However, nothing is getting to the portal, or logs for that matter.I'm running VM-100 on a ESXi server, 8G RAM, 4 vCores, PAN OS 8.2.The only thing I have noticed is on the ...

Hwinter by L2 Linker
  • 6491 Views
  • 7 replies
  • 0 Likes

Configure GlobalProtect With Public IP adresse

Hello 1-i have the router adsl with the public ip adresse : ex 41.137.11.123 (WAN interface) ==> this is a Public/fixe IP adresse.2-i have a paloAlto firwall, is connected by its wan interface (192.168.1.2) to the local interface of the router adsl (192.168.1.1). 3-i follow this course to configure the GlobalProtect (https://live.paloaltonetw...

Resolved! Call API key via invoke-restmethod

Is Palo Alto's API able to accept GET requests from the PowerShell "invoke-restmethod" cmdlet which have the api key set as a variable? I ask this because I would like to run these requests without embedding my API key in the HTTPS GET request. This does not seem secure to me. Rather, I would like to store the API key elsewhere and have Power...

Log forwarding "Zone Protection" ?

I can't find an up to date way to enable log forwarding for "Zone Protection" profiles. I found a guide for 6.1 but its not relevent for 8.0 I want alerts when we get port scanned. Cheers Rob

SSL Decrypt and GitHub

I keep fighting this SSL Decypt issue with my PAs, its almost getting to the point where its not worth running the SSL decrypt function because it causes so many issues. I am currently having issues with people downloading a zip file from git hub. github.com/Microsoft/vsts-agent/releases/download/v2.117.2/vsts-agent-win7-x64-2.117.2.zip The err...

Resolved! PA is Default Deny

Stupid question. Just need confirmation.PA (42020) devices are default deny correct?If a packet is not specifically allowed or denied by a rule; when it gets to the bottom of the rules the default action is to deny, correct?thanks--CH

choff123 by L3 Networker
  • 7087 Views
  • 4 replies
  • 0 Likes

Port analyse by TCPDUMP

Hello All, I would like to capture packet by tcpdump on other interface than management interface.How can do it ? (please explain more detailled as possible). Thanks for your help.GB.

Global Protect and Bandwidth Considerations

Looking for feedback on what you all have experienced with GP VPN for a user count of over 2k users. Specifically what type of INet circuits that were needed. What was the amount of bandwithd which was seen on the circuits? Finally, is there any sort of way to limit the amount of bandwidth each host can consume?

Resolved! App-ID Mismatch for symantec-endpoint-manager

Is there any experience with 'symantec-endpoint-manager' over tcp/8014 being mis-identified as web-browsing? We have a 5260 firewall in a datacenter environment, with hosts that need to access a Symantec-Endpoint-Server for AV updates. Clients access the server on port tcp/8014. Tha pport is associated with app-id 'symantec-endpoint-manager' p...

chrislss by L1 Bithead
  • 5221 Views
  • 4 replies
  • 0 Likes

Global Protect logging out right after it logs in

On the PAN 5020 I can see in logging that user successfully authenticates with MFA and radius but within a second it says the user has logged off. I know that in fact the user did not log off. I hope to grab some logs at the client next week. But I figured I'd ask the hive mind if anyone has ever seen this symptom and what they found. Thanks.

Resolved! VPN Tunnels between two PA over an MPLS infrastructure

I have a scenario where I'm creating a VPN tunnel between two PAs. The infrastructure between the two PA is MPLS, each PA has two BGP links (Primary 50Mbps) and (Secondary 10Mbps). I'm terminating the VPN on the loopback of the PAs, however, i noticed that the VPN tunnel is initiated from the primary link (50Mbps) of the first PA and entering th...

Site to Site VPN supported on Unlicensed VM-Series Firewall (?)

I am aware of the below limitation when using an Unlicensed VM-Series Firewall: https://live.paloaltonetworks.com/t5/VM-Series-Articles/No-Logging-in-Unlicensed-VM-Series-Firewall/ta-p/66123 Are site to site VPNs fully supported when using an Unlicensed VM-Series Firewall? If it is, are there any restricions like IPsec tunnel numbers, throughput...

ash83 by L2 Linker
  • 4502 Views
  • 2 replies
  • 0 Likes

Resolved! Best practice for windows 10 updates about QoS policy

Hi, all. Recently, one of our company's valuable customer request the solution about QoS policy. The customer's QoS policy was Application 'ms-update' Services 'application-default'This policy applied well in Windows 7 environment. However, the problem is Windows 10 envrionment.When the computers tried to update to Window Updates, this QoS rule ...

30 Day Trial License Expire

Hi guys,We have been used 30 Days trial ULR Filtering License so far.After 30 days, it means expired, We couldn't use it naturally.and I tought it may can use old db version-url filtering- even though It won't get any update information as like normal License. But it didn't happen like below traffic log It couldn't block any pages belong to in...

image.png
Kang_Han by L1 Bithead
  • 4583 Views
  • 3 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks