This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

SSL Decryption

Hello, I have a PA-VM running on a ESX server.I want to set up SSL Decryption on it using a SUBCA certificate chain signed by a PKI (windows server).I check boxes "Forward to trust/untrusted certifcate"I export the SUBCA to store it on a client machine (to avoid warning message)The network is OKThe policy is Any any permitThe SSL decryption poli...

Incorrect GeoIP location

Hi, It came to my attention that our IP address: 94.23.154.203 according to paloalto geo database appears as it is located in Russian Federation, whereas RIPE and ARIN, NIC, maxmind and others state correctly it is a United Kingdom based IP address.This is problematic for us, as some of the clients of your firewall solutions block traffic from/t...

pablo77 by L1 Bithead
  • 10177 Views
  • 8 replies
  • 0 Likes

Resolved! IPSec VPN Tunnel - Tunnel interface IP address use?

Hi folks, I am being asked to setup a new IPSec VPN Tunnel and one of the questions from their "worksheet" is what our Tunnel interface IP address is. We have several IPSec VPN tunnels, each with their respective Tunnel Interface assigned. Most of them do not have a specific static IP assigned to there tunnel interface, only a couple. These we...

OMatlock by L4 Transporter
  • 11962 Views
  • 1 replies
  • 1 Likes

Security policies & Schedules.

Hello, Just a quick question. Unsure if this has been asked previously. When applying a non-reoccuring schedule to a security policy, I have noticed in pan 8.0.x, once the schedule has expired, the policy in the security policy view does not identify it as expired. I am trying avoid the obvious scenario of temporary policies being applied eit...

mtizani by L1 Bithead
  • 3312 Views
  • 3 replies
  • 0 Likes

Resolved! Maximum number of rule per vsys ?

Hi, I would like to clarify the maximum number of rule/policies per vsys in PA 5220. As I noticed that 5220 supported up to 20k rulea per device. So, is there any limit of rule per vsys? https://live.paloaltonetworks.com/t5/Learning-Articles/What-is-the-Maximum-Number-of-Rule-Objects-Supported/ta-p/60774 Thanks.

Resolved! Intra-Zone Source (dynamic) NAT

Guest network (10.10.10.0/24) is in Outside zone & Internet link (11.11.11.11/24) is also in same zone.Guests need to browse internet (say google.com)My question is about intra-zone source NAT/PAT!Guest, who is the source of the traffic; requires translation to public IP address (say outside interface of the firewall).Destination of the traf...

Site-to-Site VPN random issue

I have Site A setup with a site-to-site VPN with Site B. Site A contains all the resources (DC, email, fileserver, etc). The firewall in site B is configured as DHCP for the local clients. Primary DNS is setup for internal AD DC/DNS server. Secondary is public DNS servers. We noticed randomly clients can not access certain local resources. Unab...

ce1028 by L4 Transporter
  • 2160 Views
  • 2 replies
  • 0 Likes

Office 365 access advice

We are moving to Office 365 Exchange Online and may use some other Office 365 services in the near future such as SharePoint Online or OneDrive for Business. I found the FAQ "Office 365 Access Control" and have configured the requisite custom application and a security policy rule; however, since we haven't fully rolled out TLS decryption yet, I...

Group Mapping Failure

Has anyone had a problem with the group mapping authentication process? We have successfully connected to our AD/LDAP, PA sees the groups and group members, however this connection and the associated mapping fails after the initial connection. In addtion, if we try to map a second AD group, PA fails to traverse the group for users and breaks the...

C.Wong by L0 Member
  • 1898 Views
  • 1 replies
  • 0 Likes

Resolved! App-id tcp/993 having issues

New install of dual PAN 3020s on 8.0.2 that went really well for the most part and the only issue I am having now is imap(s) and Linux clients w/office 365 not working right. I have a 'known ok' rule with outlook-web-online (among other allowed apps -- ssl included) using app-default but I get tcp-resets from the far end and users are not able...

drewdown by L4 Transporter
  • 13674 Views
  • 17 replies
  • 0 Likes

Slow VPN access

I have a user that is on wireless at home and using the VPN to access files and folders on the network and he says it is slow. I told him to hardwire in to his switch and see if that helps. Any other areas I should check to see if the VPN? might be causing any of these issues:

jdprovine by L4 Transporter
  • 3578 Views
  • 5 replies
  • 0 Likes

PA 3020 - new security rule isn't active.

Hey all!There is a strange problem with my PA 3020 7.1.7:I need access from a client pc to a printer with many ports so for testing I set up a security rule with application any and service any.The rule is enabled but it's not effective.The firewall even doesn't have traffic logs for this connection. I already had this problem in the past, I don...

MPI-AE by L4 Transporter
  • 3150 Views
  • 5 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks