This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Enabling TLS 1.1 in Decryption profile always allows 3DES even if unchecked

Scenario:Decryption profile for traffic from the internet to GlobalProtect IP along with an SSL/TLS Service Profile for GlobalProtect, both set to TLS 1.1 or above; Decryption profile has 3DES unchecked.PA-5020, 7.1.10Scans from sites like ssllabs.com will show that 3DES is still enabled. Only changing one of the profiles to TLS 1.2 stops this....

bfperez by L1 Bithead
  • 4659 Views
  • 7 replies
  • 0 Likes

Resolved! Malicious file not getting blocked

Hello, An email attachment has been classified by Wildfire as malicious. However, it was not blocked and just an alert was logged.Below are two screenshots from the Wildfire submission and threat logs.Any idea why has the Vulnerability Protection classified this threat as medium even though WildFire classified this file as malicious? How to make...

Log.jpg
Wildfire.jpg
Farzana by L4 Transporter
  • 2833 Views
  • 2 replies
  • 0 Likes

Resolved! Package Fetch/Repository Problem

Taken from the install guide, but is this still the correct repostitory: :~$ sudo add-apt-repository "deb http://minemeld-updates.panw.io/ubuntu trusty-minemeld main" :~$ sudo apt-get update Hit http://security.debian.org wheezy/updates Release.gpgHit http://security.debian.org wheezy/updates ReleaseHit http://security.debian.org wheezy/updates/...

Altering Cloned Template Changes Original?

I've been working with one of my customers on enhancing security across their firewall deployment. After creating a template in Panorama including management hardening and protocol hardening configurations, they cloned the template so they could apply it on another firewall. They then updated one of the zone names on the new template. And for s...

Minemeld administrator rights

Hello, I found how to add a new administrator. But I want this new administrator to get only read access on everything and write access on a miner - in order to add indicators (IPv4 and URL) on it. Do you know if it is possible ? and how ?

GVN2022 by L0 Member
  • 5711 Views
  • 2 replies
  • 0 Likes

SSL Decryption

Hello, I have a PA-VM running on a ESX server.I want to set up SSL Decryption on it using a SUBCA certificate chain signed by a PKI (windows server).I check boxes "Forward to trust/untrusted certifcate"I export the SUBCA to store it on a client machine (to avoid warning message)The network is OKThe policy is Any any permitThe SSL decryption poli...

Incorrect GeoIP location

Hi, It came to my attention that our IP address: 94.23.154.203 according to paloalto geo database appears as it is located in Russian Federation, whereas RIPE and ARIN, NIC, maxmind and others state correctly it is a United Kingdom based IP address.This is problematic for us, as some of the clients of your firewall solutions block traffic from/t...

pablo77 by L1 Bithead
  • 10395 Views
  • 8 replies
  • 0 Likes

Resolved! IPSec VPN Tunnel - Tunnel interface IP address use?

Hi folks, I am being asked to setup a new IPSec VPN Tunnel and one of the questions from their "worksheet" is what our Tunnel interface IP address is. We have several IPSec VPN tunnels, each with their respective Tunnel Interface assigned. Most of them do not have a specific static IP assigned to there tunnel interface, only a couple. These we...

OMatlock by L4 Transporter
  • 12026 Views
  • 1 replies
  • 1 Likes

Security policies & Schedules.

Hello, Just a quick question. Unsure if this has been asked previously. When applying a non-reoccuring schedule to a security policy, I have noticed in pan 8.0.x, once the schedule has expired, the policy in the security policy view does not identify it as expired. I am trying avoid the obvious scenario of temporary policies being applied eit...

mtizani by L1 Bithead
  • 3349 Views
  • 3 replies
  • 0 Likes

Resolved! Maximum number of rule per vsys ?

Hi, I would like to clarify the maximum number of rule/policies per vsys in PA 5220. As I noticed that 5220 supported up to 20k rulea per device. So, is there any limit of rule per vsys? https://live.paloaltonetworks.com/t5/Learning-Articles/What-is-the-Maximum-Number-of-Rule-Objects-Supported/ta-p/60774 Thanks.

Resolved! Intra-Zone Source (dynamic) NAT

Guest network (10.10.10.0/24) is in Outside zone & Internet link (11.11.11.11/24) is also in same zone.Guests need to browse internet (say google.com)My question is about intra-zone source NAT/PAT!Guest, who is the source of the traffic; requires translation to public IP address (say outside interface of the firewall).Destination of the traf...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks