This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4229 Views
  • 0 replies
  • 0 Likes

Resolved! Redundant circuit fail over capabilities

This is a general question about PAN capabilities. We are looking at acquiring a second, slower circuit for internet access backup. We would like this to be an automated fail over. I am trying to see if our PA 3050's are capable of this and am looking for the documentation on how to set this up on the PANs.Also, not sure how to route public DNS ...

Bvance by L2 Linker
  • 3124 Views
  • 2 replies
  • 0 Likes

SIP - services only, does ALG apply?

I am troubleshooting Cisco phone registration issues through a 3020 running 7.1.7 . My rulesets are only service based (TCP/UDP 5060, 5061, etc) and allow any application. Cisco TAC is telling me that ALG issues are interfering with registration. If I am allowing any application and using services only (and the traffic is hitting these rules), ...

dpride by L0 Member
  • 2398 Views
  • 1 replies
  • 0 Likes

Palo Alto ping response is slow from Cisco

A directly connected Cisco 4500 Switch Ping's to different office goes through the PA cause nearly 700-1000msec, whereas PA pinging the Server to same site has only 20msec. I understand the Ping ( and Extended ping with TOS 184) is not the exact way to work on the Issue.We have OSPF running between PA and Cisco.But I was informed that PA will n...

Resolved! Incorrect User-ID

Hello, We are using User-ID Agent. A number of Source Users are reported as “sophosupdate”. It is not picking up the correct user.The expected behaviour would be for the end user name (example of m.hayes in the list below). How to correct this?Thanks in advance.

User-ID.jpg
Farzana by L4 Transporter
  • 8944 Views
  • 5 replies
  • 0 Likes

How can I create a report that shows my ISP outages in a given month?

The information I'm trying to see is how often one of my ISP's goes down in a given week/month. I have dual ISP's so I use PBF rules to failover. I currently have a system log setting to email me when a PBF rule is triggered (subtype eq pbf). But I don't see any "system" categories in the scheduled reports. Is there any way to make a report for ...

Maxstr by L3 Networker
  • 3999 Views
  • 2 replies
  • 0 Likes

Active Active Setup PA-500

HelloCould someone direct me or provide me with instructions on setting up twp PA-500's in an Active Active configuration?Much appreciated and Thank You

RyanA. by L0 Member
  • 4496 Views
  • 2 replies
  • 0 Likes

How vulnerability profiles work

Hi Guys,Please need your supprt in understanding how vulnerability profiles work or in general how security profiles work.I have done a lot of studying in this regard and all they say is that it works on the basis of signatures.Below is my understanding. Signatures:Its like any specific pattern or a behaviour in the traffic ,payload etc,please ...

mahmoodm by L3 Networker
  • 4433 Views
  • 6 replies
  • 0 Likes

Resolved! SMB versions

I currently have ms-ds-smbv2 and ms-ds-smbv3 permitted but I am seeing ms-ds-smb-base getting denied. What is ms-ds-smb-base? Is this the same as ms-ds-smbv1? Thanks!

SMB : SMB: User Password Brute-force Attempt

Hi, my customer had a problem with this threat. They have a internal app which was failing when palo alto updates changed the action to reset-both. Customer told me that this problem started last 15/06 but i went to the PA updates mails and i didnt see anything about changing the action for this threat (SMB: User Password Brute-force Attempt ID ...

Resolved! How does link monitoring work in High Availability ?

Hi All, I am working on the following HA design - As you can see above, each firewall will have two interfaces connected to Juniper routers on the inside and outside zones. The firewall peers will also be directly connected to each other for the HA links. The plan is to use Active/Passive deployment and I am trying to figure out if this desi...

(Vendor - PAN) 40 Gig PRD Firewalls Topology (1).jpg

Issue with NAT over Site-2-Site VPN

Hi there, I am reasonably good with Palo Alto Firewall however struggling with the NAT over VPN. I am trying to hide some internal IPs behind 9.9.0.1/32 and 9.9.0.1/32 is configured in Proxy ID as Local host. VPN phase 3 comes up but i think the way i am doing NAT is wrong. NAT policy is created is as follows Source Zone Destination ...

nvirmani by L1 Bithead
  • 5612 Views
  • 7 replies
  • 0 Likes

Panorama Problems!

Any ideas how to fix the following error: Failed to establish SSL connection to Panorama Server: Port:3978? We are unable to view the logs on Panorama or push the firewall policy from there as a result so it's causing a few issues to say the least. Any help would be appreciated. Thanks! Nothing has changed on the firewalls or Panorama. Panorama ...

Multiple Globalprotect Gateway using Same ISP on same firewall

We have to implement a Globalprotect VPN Deployment using 3050 in HA Pair in which we have to use a single Portal and define Multiple External Gateways somewhat we call in Cisco Anyconnect as multiple profiles. Is it possible to define Multiple External Gateways using the same Interface catering to different OS types and using a single Portal co...

dborasi by L0 Member
  • 2464 Views
  • 1 replies
  • 0 Likes

Proxy server for PA services

Hello, We are using a proxy server to control Internet access from internal resources, including the PA firewall. This proxy can only be used to reach external destination.Also, we had to configure the proxy server on the PA device (Setup -> Services -> Global) in order for the PA to perform updates. Now we would like to use External Dynam...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks