This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4240 Views
  • 0 replies
  • 0 Likes

Security policies & Schedules.

Hello, Just a quick question. Unsure if this has been asked previously. When applying a non-reoccuring schedule to a security policy, I have noticed in pan 8.0.x, once the schedule has expired, the policy in the security policy view does not identify it as expired. I am trying avoid the obvious scenario of temporary policies being applied eit...

mtizani by L1 Bithead
  • 3349 Views
  • 3 replies
  • 0 Likes

Resolved! Maximum number of rule per vsys ?

Hi, I would like to clarify the maximum number of rule/policies per vsys in PA 5220. As I noticed that 5220 supported up to 20k rulea per device. So, is there any limit of rule per vsys? https://live.paloaltonetworks.com/t5/Learning-Articles/What-is-the-Maximum-Number-of-Rule-Objects-Supported/ta-p/60774 Thanks.

Resolved! Intra-Zone Source (dynamic) NAT

Guest network (10.10.10.0/24) is in Outside zone & Internet link (11.11.11.11/24) is also in same zone.Guests need to browse internet (say google.com)My question is about intra-zone source NAT/PAT!Guest, who is the source of the traffic; requires translation to public IP address (say outside interface of the firewall).Destination of the traf...

Site-to-Site VPN random issue

I have Site A setup with a site-to-site VPN with Site B. Site A contains all the resources (DC, email, fileserver, etc). The firewall in site B is configured as DHCP for the local clients. Primary DNS is setup for internal AD DC/DNS server. Secondary is public DNS servers. We noticed randomly clients can not access certain local resources. Unab...

ce1028 by L4 Transporter
  • 2189 Views
  • 2 replies
  • 0 Likes

Office 365 access advice

We are moving to Office 365 Exchange Online and may use some other Office 365 services in the near future such as SharePoint Online or OneDrive for Business. I found the FAQ "Office 365 Access Control" and have configured the requisite custom application and a security policy rule; however, since we haven't fully rolled out TLS decryption yet, I...

Group Mapping Failure

Has anyone had a problem with the group mapping authentication process? We have successfully connected to our AD/LDAP, PA sees the groups and group members, however this connection and the associated mapping fails after the initial connection. In addtion, if we try to map a second AD group, PA fails to traverse the group for users and breaks the...

C.Wong by L0 Member
  • 1918 Views
  • 1 replies
  • 0 Likes

Resolved! App-id tcp/993 having issues

New install of dual PAN 3020s on 8.0.2 that went really well for the most part and the only issue I am having now is imap(s) and Linux clients w/office 365 not working right. I have a 'known ok' rule with outlook-web-online (among other allowed apps -- ssl included) using app-default but I get tcp-resets from the far end and users are not able...

drewdown by L4 Transporter
  • 13935 Views
  • 17 replies
  • 0 Likes

Slow VPN access

I have a user that is on wireless at home and using the VPN to access files and folders on the network and he says it is slow. I told him to hardwire in to his switch and see if that helps. Any other areas I should check to see if the VPN? might be causing any of these issues:

jdprovine by L4 Transporter
  • 3641 Views
  • 5 replies
  • 0 Likes

PA 3020 - new security rule isn't active.

Hey all!There is a strange problem with my PA 3020 7.1.7:I need access from a client pc to a printer with many ports so for testing I set up a security rule with application any and service any.The rule is enabled but it's not effective.The firewall even doesn't have traffic logs for this connection. I already had this problem in the past, I don...

MPI-AE by L4 Transporter
  • 3194 Views
  • 5 replies
  • 0 Likes

Miner for MS WNS

I would like to set up a new Miner to collect the Public IP addresses for the Microsoft Windows Notification Service (WNS). The list is available as a downloadable xml file but I haven't been able to find a feed. Does anyone know whether it is possible to get the WNS IP list. Thanks.

paul_w by L2 Linker
  • 4148 Views
  • 2 replies
  • 0 Likes

DAG is not working

hey i have started playing arround with MineWeld. i am testing a solution for a customer to update DynamicObject / Block lists on the PA to be used by the SOC team. i have created a IPv4 List and connected it directly to a DagPusher node. but when i add an indicator to the miner i do not see it on the PA dynamic group. this is what i see...

DagPusher.PNG
DagPusherConfig.PNG
PA-Group.PNG
minow by L4 Transporter
  • 7613 Views
  • 5 replies
  • 0 Likes

Resolved! MS O365 Dynamic IP addresses/Urls of Endpoints Url for MineMeld

In effort to understand the processing of the Microsoft Office 365 MS O365 Dynamic IP addresses/Urls of Endpoints Url (see MS url below) by the MineMeld application, where is the configuration file with this MS Office 365 url stored for the Minemeld application? https://support.content.office.net/en-us/static/O365IPAddresses.xml The Minemeld YAM...

Trek333 by L0 Member
  • 11537 Views
  • 2 replies
  • 1 Likes

User-ID suddenly stops recognizing Users

I'm using PA-5020 as a Perimeter firewall with User-ID implementation for 5000+ users with multiple User-ID Agents across network.Palo Alto Version : 7.1.8User-ID Agent Version : 7.0.7-13 Problem i'm facing is the User-ID Agent, all of a sudden it stops recognizing users and it causes the users distruption in services accessing different applica...

Screen Shot 2017-06-28 at 11.12.41 AM.png
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks