This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

Resolved! Default gateway to router with two IP address

Hi, I am installing a PA-3020... the customer have a internet router which has two public IP address (190.30.40.1/24 as primary IP and 186.3.30.1/24 as secondary IP).Currently the customer have a Cisco ASA, it is directly connected to internet router, but the IP address in Cisco ASA (untrust interface) is 190.30.40.2/24 and its default gateway o...

ms-teams not working

Hello, Ms-Teams works fine when we set the Profile setting to 'none' for the policy. As soon as we set the URL filtering profile, it stops working. We have allowed the category. Also, made sure *.teams.microsoft.com is added in the Overrides>allow list. URLteams.microsoft.comCategoryComputer and Internet Info What else we can check?

Farzana by L4 Transporter
  • 10351 Views
  • 1 replies
  • 0 Likes

PA200 and PAN OS 8.0.5 is it a good idea?

Hello I got new PA200 as a RMA replacement so I have more time for upgrade. Is it a good idea to do that? I keep always to wait at least for X.0.5 since I upgraded one time to 6.0.0. and it was nightmare. Is someone using 8.0.5 on PA200? or 8.0.4? What about commit time comparation to 7.1.x? RegardsSlawek

_slv_ by L4 Transporter
  • 7207 Views
  • 7 replies
  • 0 Likes

Youtube with Restricted Mode-On

Hello, We would like to play specific videos on youtube with Restricted Mode to On. We have followed the article below but no luck. https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Allow-a-Single-YouTube-Video-and-Block-All-Other-Videos/ta-p/58944 Is there a way of allowing just that specific video to play?

Farzana by L4 Transporter
  • 2792 Views
  • 1 replies
  • 0 Likes

Virtual Router static routes

So I made the mistake of creating static routes that specify an exit interface. So now I have traffic coming into the firewall and then going out a different interface to get to other networks, rather then having that traffic hairpin back down my AE interface. So I have kind of a loop going on. So my quesiton is: Can I remove the exit interface ...

Resolved! Pattern of network vulnerability scanning coming from all over the world

In the last month or so we have seen lots of network vulnerability scanning for the following 3 Threat IDs coming from all over the world.- MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability(30426)- WebUI mainfile.php Arbitrary Command Injection Vulnerability(38836)- Wireless IP Camera Pre-Auth Info Leak Vulnerability(33556)We ...

CTW1983 by L2 Linker
  • 4063 Views
  • 2 replies
  • 0 Likes

Best Implementation of PA 8.0

Dear All Expert,Do anybody can share Best Implementation of PA-8.0 ?https://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-benchmark-35777 Best Regards,Chhayheng

Resolved! Cannot access PA-200 via Console

Greetings all, I have a PA-200, there it was previously configured and it was stored for long time, we wanted to reuse it, however, I cannot access it via console, when I connect to it nothing there in Putty just black screen. here is what I have: Console cable connected to USB-Serial( Iam sure the cable and adaptor works fine, I tested it with...

mfkoko by L1 Bithead
  • 15046 Views
  • 8 replies
  • 0 Likes

Block SSL urls for BYOD student users- Maintain Cert trust chain

Hello all... I find myself in a bit of quandary on how to deal with blocking\inspecting various SSL based urls for our student BYOD users. I realize I need to decrypt the traffic in order to take action on it... but our problem lies with how to deal with certs....and keeping browsers happy with an intact trust chain. PA support told me that I mu...

Is it possible to export the private key from the forward-untrust certificate to view in wireshark ?

I want to check a specific HTTP request that is send to a webserver and which is currently blocked by one of our vulnerability checks to verify if the signature is correct.But I need to be able to view the decrypted data on the exported capture, therfor I have to import the private key of the forward-untrust certificate into wireshark....But I h...

DaxVC by L2 Linker
  • 2602 Views
  • 1 replies
  • 0 Likes

dismiss global protect download link From GP Portal

hi Guys, well, i m running on version 8.03 and have done all necessary clientless configuration but one thing is a bit weird to me. - Once a user log in via the Portal, he is able to use or see the GP download link, has anyone any idea on how to dismiss the GP download Link from the Portal? i want them to see only the assigned applications. ...

big_Gilo by L2 Linker
  • 2473 Views
  • 1 replies
  • 0 Likes

FTP weird behaviour

Hi, We realised that our PA is doing something strange with FTP appWe have create and above rule (Servidores a INET 1). All our FTP connections involved should match this rule but we see connections which are jumping this rule and mathicng in another one below (Servidores a INET ftp) This is the log traffic (source 192.168.53.182) where all...

policies.jpg
good rule.jpg
Bad rule.jpg

Skype for Business - Send files

Hi, Having some issues with Skype for Business and file sending. When i have SSL Decryption on, I cant recieve or send files over SfB (Works when I turn it off).Does someone know what URL`s i should add to the "NoDecrypt" url list to make it work?

JoneSkj by L1 Bithead
  • 3254 Views
  • 4 replies
  • 0 Likes

Resolved! DHCP Clients Not Getting IP From ISP Router Thru VWIRE

Hi All, I may be missing something but wanted to check with you all. I have a network with a PA-200 (vwire) between a FIOS router and a Netgear Layer 2 switch. I also have WAPs connected to the switch. The FIOS router is providing DHCP address to the wired/wireless clients connected. The DHCP clients are not getting IP addresses and I'm get...

GlobalProtect & User-ID

Hello, I am trying to find some information on how to configure GlobalProtect with User-ID but haven't been able to. What I am trying to do is to enforce a new policy where when some of the users, who have laptops that aren't joint to the enterprise AD but have AD user accounts, will need to use GlobalProtect. And, use GlobalProtect with User-ID...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks