This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4113 Views
  • 0 replies
  • 0 Likes

Filtered OSPF

I would like my PAN 5060 to learn one route from my OSPF infrastructure generally - but no others. The idea is that when this route is availalbe traffic would flow to the inside trusted interface of the PAN. But if that route drops out due to WAN circuit outage then a higher cost static route on the PAN would send the traffic down an IPSec tunne...

palomed by L3 Networker
  • 3104 Views
  • 3 replies
  • 0 Likes

Centralized User ID Agent to All firewalls with AD integration

Dear Community, Kindly note that we would like to achieve AD integration through centralized user id agent ,in that all of the firewalls will have userid agent which is integrated with AD. So basically userid agent work as a proxy, How this can be achived. I had gone through this link, https://live.paloaltonetworks.com/t5/Configuration-Articles/...

ymamis by L1 Bithead
  • 5189 Views
  • 5 replies
  • 0 Likes

SSH Brute Force and IP exception

I have vulnerability profile with action for High severity signatures as "alert". I then configured an exception for SSH Brute Force (ID 40015) as "block-ip, src and dst (30 mins)". Everything worked well until we had issues for the systems exiting from our own network and we had to provide an exception for our egress ip. We then added IP addre...

NTLM authentication problems

Hello,I`m trying to configure NTLM Authentification over Captive Portal for users in my network. I have PA-500. I set the next configuration parameters:1. LDAP Server Profile2. Authentication Profile3. Authentication Policy (Authentication enforcement is "default-browser-challenge")4. User-ID checkbox on the trust zone5. Generate certificate and...

niitnn by L1 Bithead
  • 6407 Views
  • 8 replies
  • 0 Likes

Logs not appearing in WebUI (likely nginx configuration fault)

Let me preface this by saying that I'm awre i've introduced this fault through my own modifications (and lack of experience with nginx). That being said I'd appreciate and insight into how I've broken this function. Symptom is that the 'LOGS' tab on the webUI displays nothing inside the frame other than the MM logo and "Loading...", likewise the...

Pan-OS 8.0 and PA-200

Has anyone upgraded a PA-200 to PAN-OS 8.0? If so have you seen a performance hit at all? Notice a difference in how long things take? Commits? Response time? How long did the upgrade take? Did it take the 50-60 minutes Palo says? If so is that sitting right next to you or on the local LAN? Or was it over WAN connection? Just looking for info at...

JeffTQT by L2 Linker
  • 7435 Views
  • 8 replies
  • 1 Likes

Resolved! How PA deals with packets with bad checksum?

Hey Guys, Just trying to find out if someone knows, what PA policy is regarding packects with bad checksum?Will they be allowed through the PA, or PA silently drops those packets or sends back a reset tothe source? Any help appreciated. Thanks,Fatema.

Fatema by L2 Linker
  • 6782 Views
  • 2 replies
  • 0 Likes

BGP peers transit sessions flapping

Hi Guys, PA-5050 is a transit device for four BGP peers. Had no flapping since 2015 on PAN-OS 6.0.12. After upgrade from 6.0.12 > 7.0.11 BGP peering no longer stable: Can anyone advise something? Apart of the increasing a timeout session under the application what else l could check/modify? Session end reason is "aged-out" Application versi...

BGP flapping.png

Resolved! Compatibility between Panorama 8.0 and PA-FW 7.0 and 7.1

did any one try to manage PA 7.0 and 7.1 with Panoramma running 8.0 ??is it supported ?any known issues ? we are managing more than 100 PA-FW running 7.0 and 7.1 using panorama 7.1recently we started to add PA-800 which doesnot support OS 7 is it safe to upgrade Panorama to 8.0

GlobalProtect Patch management Issue

Hi everyone, We have a (HIP) check list of security requirements (joined domain, antivirus version etc… ) for our user machines must be comply with this list before our VPN user can access corporate servers. We want to add Microsoft Patches (updates) to be a criteria for VPN access but im facing an issue with GP v3.1.6 for patch managment, GP n...

GP V3.1.6.PNG

MineMeld sudden_death...how does it work?

I need some help understanding the sudden_death behavior with a MineMeld miner/prototype. From the documentation[1], I understand that sudden_death is designed to immediately age out indicators when they disappear from a feed. Is it comparing the current indicator list to the latest run of the feed, recording indicators in the current list but n...

BRosenba by L1 Bithead
  • 3636 Views
  • 3 replies
  • 0 Likes

PA-200 Pan OS 5 12 **anyone with a config file?**

I've about ripped out enough hairs no matter what config or method or video i try my setup doesnt work. I know its a check box or something. I just want a basic/simple config I'd like all ports 2/3/4 usable on same subnet with nat/dhcpport 1.1 as wan (comcast arris modem) does anyone i mean anyone have a config file they can just send me with ...

Resolved! Using PA-200 for home internet router?

Hello folks, I recently bought a used PA-200 software version 6.1.4 for learning and testing purposes. I replace my home Linksys with the PA-200 following this article to configure.https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-Up-the-PA-200-for-Home-and-Small-Office/ta-p/61838 It's working. However, I notice that the inter...

OMatlock by L4 Transporter
  • 9366 Views
  • 9 replies
  • 0 Likes

Application & URL Filtering/ Blocking

Hi I've been this question, and I'd assume we'd need to block under both but I just want to make sure. If we block a URL e.g dropbox, does this block the application as well or do we need to double up and also block the application itself under file-sharing? Cheers Muir

Mlangley by L0 Member
  • 2474 Views
  • 2 replies
  • 0 Likes

DUAL ISP Failover Single VR

I have a situation below and I need to be able to configure failover, seeking some guidance. Basically I have SG3 (two ISP's in the same VR)ISP1 (eth1/7)--------------> WAN-VR2ISP2 (eth1/8) Then I have a whole bunch of other sub interfaces on the LAN side:TRUST-VR - VSYS3trust1 eth1/24.1trust2 eth1/24.2trust3 eth1/24.3 I found this link:https...

mali77 by L1 Bithead
  • 6987 Views
  • 6 replies
  • 0 Likes
  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks