This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4237 Views
  • 0 replies
  • 0 Likes

Resolved! Determining safe starting thresholds for Zone Protection

I've been asked to investigate Zone Protection on one of our PAN firewalls. I'm trying to determine what safe values would be for me to begin with for syn, icmp, udp and other ip protection types. Since this is a production firewall, I need to be certain I'm not going to generate any issues when the profile is applied. Is there a way for me to...

epeeler by L2 Linker
  • 3666 Views
  • 2 replies
  • 0 Likes

Resolved! Large amounts of google-base traffic

I am looking into abusers of our bandwidth and have found one person who has 11GB in a day reported as google-base and from the low number of sessions (18), I suspect it's file transfer. I could understand tht much traffic being google drive but surely that would be reported as that sub category and not "base". Why would large amounts of traf...

djr by L4 Transporter
  • 5136 Views
  • 2 replies
  • 0 Likes

Resolved! Palo Alto VM-100 installed on VMWare workstation is unable to connect to internet.

Hi All, I have installed a Palo Alto firewall on my vmware workstation 8.0, with current settings i am able to access the Firewall GUI from my machine browser. But unfortunately, i am unable to connect to internet via firewall interface. I have 3 interfaces namely - mgmt, Untrust and Trust. I am trying to update license on firewall which require...

Diagram.PNG
error.JPG
virtual network editor.JPG
network interfaces.JPG
shafhuss by L0 Member
  • 4382 Views
  • 1 replies
  • 0 Likes

Resolved! Firewall not advertising the public IP

Hello, We want to allow traffic from outside to come inside our server however cannot see any traffic unless loopback is used. This server is behind DMZ. We can solve the public IP address of the server when we go to www.whatismyip.com Traceroute stops at 13th hop before we added loopback for the public IP. We are using Source NAT like below: In...

Farzana by L4 Transporter
  • 3693 Views
  • 4 replies
  • 0 Likes

PA Traffic is logged under different users other than the logged in user

Hi guys, We have a security rule that grant a certain app access to users based on AD group. User complained that sometime they can access the app and sometime they cant. Checked the firewall and found out that some of the traffics are logged under different user accounts, hence the right policy didnt get applied. User is using OSX (mac) and has...

2017-08-22_13-44-18.png
ESutedy by L1 Bithead
  • 3608 Views
  • 4 replies
  • 0 Likes

Microsoft blogs page cannot be loaded though paloalto

Hi, I have constructed Palo Alto on Azure and now all connections are allowed to connect.However it seems Palo Alto blocks below website. https://blogs.technet.microsoft.com/ I already checked I can access without palo alto and i think it is the cause of this issue.I think I should contact support but i am unable to create my support account. I...

キャプチャ.JPG

Need help on PaloAlto OID

Hi Experts , Looking for OIDs to monitor below mentioned list , using SNMPv3 for Palo Alto on AWS cloud but unable to locate any MIBs or OIDs. BGP (Established , down)Tunnels ( IP , Status , Traffic Stats)SSH (User IP , Count) Any help will be highly appreciated. RegardsFaiz.

How to terminate Live community account?

Last month I have created this account and today i have deployed Palo Alto from Azure...In order to get teachnical support from PA, it seems I need to register account but I cannot use this LIVE community account.So i think i better terminate this account first and create new one with new CID.. Please help me...

error.png

Dual ISP, ECMP, PBF, PAT to access internet, Destincaton NAT to Local Server

Dear Collegues, Need your help & clarify some douts. G1/1 - xxxxx/30 (ISP 1)G1/2 - xxxxx/30 (ISP 2)G1/3 - xxxxx/24 (LAN) Both the ISP have also provided xxxxxx/29 range of usable IPs Have Configured Dula ISP Redundancy with single virtual router by enabling ECMP and link monitor for static routeHave configured source NAT to access internet f...

Unable to connect to a PA 500 using the management IP.

Hi, I have just configured my PA 500 and I set up the management IP to be 10.2.82.3/24. I connected the PA 500 to a switch that has VLAN 80 (10.2.80.x) and VLAN 82 (10.2.82.x) my laptop is ip'ed 10.2.80.40/24, from the laptop I can ping 10.2.82.1 (default gateway for the management vlan), but I can not ping 10.2.82.3. I consoled into the PA and ...

Resolved! GP-VPN traffic is slow

GP VPN configured properly with IPSec enabled.But all the GP-clients are fall-back to SSL tunnel mode soon after connected.For testing purpose, give full access any-any allow in policy. one time connected as IPSec and when disconnect & connect again another time gp-client automatically fall-back to SSL mode. Port 4501 UDP & TCP are allow...

PA System Alert Reports

I am wondering if it is possible to create a report based on the number and type of "System" (Medium, High, Critical) alerts generated by the PA firewall?

Resolved! FQDN record keeps wrong ip address

Hi All, One of our FQDN records keeps wrong ip address (e.g 10.1.12.71) where really it should be 1x6.1x8.1x0.1xx: > request system fqdn show gives me below output: When l ping the same FQDN from the FW l get a correct ip address mapping: > request system fqdn refresh - didn't make any difference. How can I force firewall to refresh t...

Or1.PNG
2.PNG

Resolved! Server error : Partial commit is not allowed. Full commit must be completed.

Palo version:vm-license: VM-100 vm-mode: VMWare ESXi sw-version: 8.0.4 I am trying to do a partial commit after a change on policy rules.The following commands usually work. But for some reason, I ended in a state where partial commit/validate is not allowed: admin@CST-OCBFW-INT01(active)# validate partial device-and-network excluded Server err...

False-Positive on Comodo

Hi There,Not sure what's the right place to report this false-positive.I would like to draw urgent attention of Paloalto Networks staff to resolve following false-positive on one of Comodo Internet Security files:Virus Total (1/64)https://www.virustotal.com/en/file/f80c084dc4747b8fee70ac4028e9b734cbc8aa3aea230b24fa9740da44ffcec1/analysis/1502048...

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks