This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! Using Panorama to setup a HA cluster

Hi I am trying to setup a brand new pair of pa-5220's in active active. But I can't set aux1 & aux2 for HA1, HA1 backupIP address used for HAand I can't seem to push the config to the PA from panorama, a cyclical error - no ip address , HA not enabled , device ID not set... Is it possible ?Or do I need to setup the HA links first and then d...

PA SSL decryption for web traffic and squid

Hi Where should I be doing the decryption client -> pa (l3) -> squid -> internetorclient -> squid -> pa (l3) -> internet I thinking the first one, then I can also see who is making the request A

Resolved! The only populated item under the ACC tab is the risk factor

Hey there everyone, I'm running 7.1.11 on a PA-200. The top-applications widget under Dashboard tab works just fine, but nothing (other than risk factor) is presented under the ACC tab. No filters are active and it doesn't matter what time period I set it for. Actually, data pertaining to threats is displayed, with bytes and sessions always ze...

DHCP ISP CLIENT

Hi, I have a DYNAMIC ISP that I will use DHCP Client on interface. I know there is option to add default GW provided by ISP, but I only want to use this default GW for a couple IPS such as peer IPSEC IP. How can I do this with out PBF Thanks

junior_r by L3 Networker
  • 1831 Views
  • 1 replies
  • 0 Likes

Can OSPF run without a "true" area 0

I've started working for a new company who uses only static routing. We just turned up a second ISP at one site, but I noticed an issue with failover which is expected. When ISP 1 fails, local traffic at the site routes out ISP 2, but site to site traffic doesn't failover because of the metrics on the site-to-site VPNs at the other sites. At my ...

Resolved! Not-resolved URL category

Having issues with many urls being categorized as not-resolved - tried failing to passive box and same issue. Also have tried to recatergize a url from within the firewall gui (url logs) and get an error: 'This functionality is unavailable as this device is in passive state or is connected to a private instance of the PAN-DB servers. Please subm...

clewis1 by L3 Networker
  • 6639 Views
  • 2 replies
  • 0 Likes

Filtering Microsoft Exchange Server services [Outlook Anywhere, ActiveSync, OWA]

We are using Exchange 2013 and have the Palo Alto allowing https access to it so our users can use OWA and ActiveSync. We recently discovered that users can also connect an Outlook client to our Exchange server from anywhere (no VPN needed) as long as they have a valid mailbox and password. We do not want this to be allowed but don't want to b...

jrauman by L2 Linker
  • 9290 Views
  • 6 replies
  • 0 Likes

Resolved! How to block Dish Network application

I have a user that is abusing their privileges and would like to block services internally. A user wished to have the Dish Network application installed on their laptop to use while traveling. There has been reports that the use was using the application in the office while on the network. I wish to block services to this application while on th...

ksmith by L0 Member
  • 7795 Views
  • 6 replies
  • 0 Likes

Resolved! When setting Strict Security Profile

Good day everyone need help with verify some information about setting strict security profile. We are wanting to set the all Security profile from default to strict to help contiune doing the best security practices recommend by palo alto. Also not wanting the logging in the threat montior to show traffic we already know is ok. So when we are m...

Resolved! URL Filtering doesn't work with Google-base/quic/google-docs

Hi Everybody I have a customer who whant to block this page "goo.gl/forms/NeclIZETrjUiyFBT2" (seems to be used as malware). We include it in "block list" in the Url Filtering Security Profile but it doesn't block it. In monitor tab, the session doesn't appear in Url Filtering, it appears in Traffic, the paloAlto detects the flow as application ...

SOC_CSG by L4 Transporter
  • 15573 Views
  • 7 replies
  • 0 Likes

App-ID for general internet browsing

This is a question for the Heavy App-ID users. How do you handle the rules for normal internet browsing? My users have access to most of the internet (except for a handfull of URL catagories) I have been trying to figure out something using Application filters, but cant seem to quite hit on the right filters for an allow rule (seems like app-f...

Kaje by L2 Linker
  • 6896 Views
  • 7 replies
  • 0 Likes

Resolved! Advice needed for WiFi network

Hello I have network dedicated for WiFi: 192.168.33.0/24 with DHCP on PA box. Lease time is 30min but even with that there is a lot of commited IP's that are unusable because of lack of Wifi coverage. I'd like to expand it and get more than 250 possible IP's - how to achieve it Sorry for silly questions ...RegardsSlawek

_slv_ by L4 Transporter
  • 3374 Views
  • 3 replies
  • 0 Likes

Setup HA now and update Licenses later?

HI there,Right now we have single PA-3020 as our HQ firewall.We are planning on setting up HA on a pair of PA-3020. Right now we only have been approved for a budget of the secondary hardware. We have been approved to add matching software licenses in December. I was wondering if it is possible to setup an HA with primary firewall having full li...

Create device group to use it on panorama target field

Hello,I use Panorama to deploy some policy rules to my 40 firewalls.Obviously some rules are the same for all firewalls, others are specific to a some of them. Is it possible to create different groups of firewalls and deploy the rules to the groups. So if I have to add/change a FW to a panorama rule, will be sufficient to modify the group and n...

FassaSRL by L1 Bithead
  • 3854 Views
  • 3 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks