This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Resolved! GP-VPN traffic is slow

GP VPN configured properly with IPSec enabled.But all the GP-clients are fall-back to SSL tunnel mode soon after connected.For testing purpose, give full access any-any allow in policy. one time connected as IPSec and when disconnect & connect again another time gp-client automatically fall-back to SSL mode. Port 4501 UDP & TCP are allow...

PA System Alert Reports

I am wondering if it is possible to create a report based on the number and type of "System" (Medium, High, Critical) alerts generated by the PA firewall?

Resolved! FQDN record keeps wrong ip address

Hi All, One of our FQDN records keeps wrong ip address (e.g 10.1.12.71) where really it should be 1x6.1x8.1x0.1xx: > request system fqdn show gives me below output: When l ping the same FQDN from the FW l get a correct ip address mapping: > request system fqdn refresh - didn't make any difference. How can I force firewall to refresh t...

Or1.PNG
2.PNG

Resolved! Server error : Partial commit is not allowed. Full commit must be completed.

Palo version:vm-license: VM-100 vm-mode: VMWare ESXi sw-version: 8.0.4 I am trying to do a partial commit after a change on policy rules.The following commands usually work. But for some reason, I ended in a state where partial commit/validate is not allowed: admin@CST-OCBFW-INT01(active)# validate partial device-and-network excluded Server err...

False-Positive on Comodo

Hi There,Not sure what's the right place to report this false-positive.I would like to draw urgent attention of Paloalto Networks staff to resolve following false-positive on one of Comodo Internet Security files:Virus Total (1/64)https://www.virustotal.com/en/file/f80c084dc4747b8fee70ac4028e9b734cbc8aa3aea230b24fa9740da44ffcec1/analysis/1502048...

URL category not effecting to all traffic passing through security policy

we are facing problem with PA 7.0.7 version , custom url category is mapped to security and certain URLS are allowed . when traffic passes the policy some of the traffics are allowed and then it hits the deny rule . The size of the packet becomes less when it is hitting the deny policy if we create a security policy only for one url it is worki...

Rameshwar by L3 Networker
  • 3014 Views
  • 5 replies
  • 0 Likes

Blocking Hexa Protocol (Hexatech VPN)

I just became aware of this yesterday, but we were seeing a rise recently in "unknown-udp" traffic on our Palo Alto Firewalls and have discovered what it was. The amount of traffic was significant - always used the more bandwidth than anything else on the network. There is a new-ish VPN service by BetterNet that uses a protocol called "Hexa" (...

SAML ADFS for GlobalProtect

Hi,Is someone able to shed some ligh on the below. 1. Can SAML be used to map to an LDAP group, if so is there guidance?2. Does PAN support using SAML AND prelogon/alwayson with GP? Thanks

Resolved! custom report - "unknown" category

Hello I observed that in my reports in pdf I have a lot of "unknown" in CATEGORY column.My report looks like: How is possible that google-base or linkedin-base have category=unknown ? RegardsSlawek

2017-08-15_201653.png
2017-08-15_203202.png
_slv_ by L4 Transporter
  • 5882 Views
  • 9 replies
  • 0 Likes

Resolved! Traffic seen as application "authentic8-silo"

Hi, On our PA device, we suddenly have this issue that lots of traffic is seen as application "authentic8-silo" which is not allowed.Lots of services (Lync/Skype for Business, websites and other services) which use SSL do not work anymore.There was no change/upgrade done before the issue started. Only the daily App/Thread/AV/URL filtering update...

Farzana by L4 Transporter
  • 3056 Views
  • 2 replies
  • 0 Likes

VPN Palo Alto - Microsoft Azure. Slow transfer. Not reaching internet by this tunnel.

Hello, We are having a annoying issue :S We have configured a tunnel routed-based between PA (7.0.6) to Microsof azure. The tunnel is up but we are detecting several problems. 1) The transfer speeds are very low, fluctuate and are nothing stable: When we try to move a file using this tunel from Azure to one of our servers in PA, the transfe...

URL Filtering response pages never appear

Hi, My URL filtering response pages never appear, even the default ones.Is there anything to do to activate them ? I always have the "This site can’t be reached" message with a connection reset. Thanks

PorZik by L0 Member
  • 8182 Views
  • 4 replies
  • 0 Likes

Syslog miner not recieving the syslog messages

HI All, I have used the below link to configure Syslog miner, but metrics are not showing up in stats. https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-the-syslog-Miner/ta-p/77262 I have tried to troubleshoot using following discussion but no luck https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Mine-s-not-working/m-p/1...

syslog miner node.png
stats.png
rsyslog_config.png
rsyslog-logs.png

Clear Config on new Palo

Good Morning. Is there an easy way to clear out all configuration settings on a new Palo without having to go through the CLI to clear each item individually, or doing the same in the GUI? It is time-consuming to have to go in and delete the default Vwire, zones, and everything else that comes with a new appliance. Better yet, is it possible to ...

NAT very slow

PA-3020 Software Version 8.0.4I have several policies U-Turn Nat and Destination Address Translation in the DMZThree times a day the acces to these Policies becomes very slowIf I send a ping to one of these servers the time is very large the 1000 to 2000 ms approximately, butthe internet service continues to work in a normal wayWhen this happens...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks