This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Global VPN

Hi All, Since IOS devices has issue in global vpn due to which it cannot access the DNS define in gateway when splittunneling is enabled.Due to which user cannot access certain URL so we added them in DNS suffiex , but if we want to define the domain can enabling inherit dns suffix will resolve the issue e.g URL is abc.network..com and adc.netw...

Himarya by L1 Bithead
  • 2353 Views
  • 1 replies
  • 0 Likes

Migrating Site to Site VPNs to IKEv2 & Suite B Crypto

Dears, I have multiple site to site VPN between my branches and most of them are terminated on PAN3020 and PAN-820.I want to upgrade them all to IKEv2 and Suite B Cryptography. What is the recommended IKE and IPSEC proposals when moving to IKEv2 and Suite B. Thanks.

Ammar by L2 Linker
  • 2858 Views
  • 1 replies
  • 1 Likes

Resolved! Critical License Expiration

Hi! I have a PA-VM 300, and I've got the error message "Critical License Expiration" warning.I can't seem to ping my fw interface from a directly connected host, though I have my MGT profile configured to allow ping to my internal interface. I have read somewhere that unlicensed FW can only pass the first 200 sessions, then after that it will no...

LIC errors.png

Need assistance with Certs and Firewall

I has been years since I have done anything with Microsoft CA so I am really struggling. Here is the problem: When enabling URL filtering and I am blocking a certain site that has HTTP and HTTPS, the HTTP page will present the block page, but the HTTPS does not. I am not doing any SSL Decrypt, I want to in the future but that is requiring cert...

Resolved! Certificate expired

Hello, Received following message/alert.WarningsCertificate PA Net Root CA in shared expired on Jun 3 23:26:00 2016 GMTCertificate GlobalProtect in shared expired on Jul 27 02:34:06 2016 GMTDo we need to action any renewal? If so, kindly show the steps. TIA

Farzana by L4 Transporter
  • 9633 Views
  • 3 replies
  • 0 Likes

Panorama slowly driving me insane.

I'm wondering if anyone can explain this to me. I've recently started working with Panorama. When I import devices I follow this process: Add device, and input the serial number of the device and commit.Wait for it to connect.Import device configuration into panorama. (I've tried both selecting import shared objects and not selecting it)If I jus...

Panorama Certificate question

In pamorama I created a default template with basic configuration settings for all firewalls and then create a site specific template and put them both in a template stack to apply the stack to each firewall. This way the default settings apply to all firewalls for consistancy and we can apply site specific settings like individual rules. This w...

dstjames by L2 Linker
  • 5310 Views
  • 3 replies
  • 0 Likes

rules to allow webinars while blocking http-audio and http-video

We block most http-audio/video in our enterprise but we allow access to webcasts/webinars. We have had to resort to create a "webinar" rule allowing http-audio and video, rtmp, rtmpe, gotowebinar, and more... with specific IP ranges. Because these change often we have to keep adding CDN IPs to this rule for people to see/hear the webinars. This ...

Resolved! Redundant circuit fail over capabilities

This is a general question about PAN capabilities. We are looking at acquiring a second, slower circuit for internet access backup. We would like this to be an automated fail over. I am trying to see if our PA 3050's are capable of this and am looking for the documentation on how to set this up on the PANs.Also, not sure how to route public DNS ...

Bvance by L2 Linker
  • 3094 Views
  • 2 replies
  • 0 Likes

SIP - services only, does ALG apply?

I am troubleshooting Cisco phone registration issues through a 3020 running 7.1.7 . My rulesets are only service based (TCP/UDP 5060, 5061, etc) and allow any application. Cisco TAC is telling me that ALG issues are interfering with registration. If I am allowing any application and using services only (and the traffic is hitting these rules), ...

dpride by L0 Member
  • 2372 Views
  • 1 replies
  • 0 Likes

Palo Alto ping response is slow from Cisco

A directly connected Cisco 4500 Switch Ping's to different office goes through the PA cause nearly 700-1000msec, whereas PA pinging the Server to same site has only 20msec. I understand the Ping ( and Extended ping with TOS 184) is not the exact way to work on the Issue.We have OSPF running between PA and Cisco.But I was informed that PA will n...

Resolved! Incorrect User-ID

Hello, We are using User-ID Agent. A number of Source Users are reported as “sophosupdate”. It is not picking up the correct user.The expected behaviour would be for the end user name (example of m.hayes in the list below). How to correct this?Thanks in advance.

User-ID.jpg
Farzana by L4 Transporter
  • 8884 Views
  • 5 replies
  • 0 Likes

How can I create a report that shows my ISP outages in a given month?

The information I'm trying to see is how often one of my ISP's goes down in a given week/month. I have dual ISP's so I use PBF rules to failover. I currently have a system log setting to email me when a PBF rule is triggered (subtype eq pbf). But I don't see any "system" categories in the scheduled reports. Is there any way to make a report for ...

Maxstr by L3 Networker
  • 3971 Views
  • 2 replies
  • 0 Likes

Active Active Setup PA-500

HelloCould someone direct me or provide me with instructions on setting up twp PA-500's in an Active Active configuration?Much appreciated and Thank You

RyanA. by L0 Member
  • 4467 Views
  • 2 replies
  • 0 Likes

How vulnerability profiles work

Hi Guys,Please need your supprt in understanding how vulnerability profiles work or in general how security profiles work.I have done a lot of studying in this regard and all they say is that it works on the basis of signatures.Below is my understanding. Signatures:Its like any specific pattern or a behaviour in the traffic ,payload etc,please ...

mahmoodm by L3 Networker
  • 4354 Views
  • 6 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks