This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

Resolved! Static Route to directly connected Subnet

Hi All, I am working with a project, where the firewall (PA-3020) is connected to a DMZ via its sub-interface. I have two physical Copper interfaces in an aggregated group AE2 with LACP enabled, and then multiple sub-interfaces under that The DMZ sub-interface (ae2.4010) has a subnet of 192.168.66.0/24; however, I am unable to reach the backend ...

URL Filtering issues with 8.0

I'm using a PA-220 with 8.0.2. I have a profile defined which blocks several categories (malware, things not kid friendly, etc) including web-advertisements (the number one thing that gets blocked). It keeps blocking access to youtube videos. In the URL Filtering log entry, it shows these URLs in the "streaming-media" category, which is an al...

HA Active Active Asynchronous Routing Issue

Have two PA vm 1000hv setup in active active HA. They see each other on HA 1,2, and 3 link and synching configs (not vr configs). We have an asynchronous routing scenario that is temporary for now, but need it to work. However, the FWs appear to be dropping traffic. I haven't looked at the counters to indicate dropped asynchronous traffic yet, b...

Resolved! HA comments before configuration?

Hi folks, Configuring my first HA tomorrow around 1:30pm cst.I am enabling HA on a production 3020 as active, then adding a secondary 3020 as passive (same OS, updates, etc. according to HA documentation).Expecting a network interuption because of the MAC Address change, so we have a maintenance window of 1 hour.We are small company, the PA 3020...

OMatlock by L4 Transporter
  • 4931 Views
  • 5 replies
  • 0 Likes

Resolved! Parse rsyslog message

I want to integrate WLC to Palo-AltoI've done converting the snmp to syslog using rsyslogBut I don't get how to parse it in palo alto here 3 syslog messages I got from wireshark when a user tries to loginJun 10 14:08:37 localhost snmptrapd[10216]: 2017-06-10 14:08:37 <UNKNOWN> [UDP: [172.20.253.50]:32768->[172.20.10.43]:162]:#012DISMAN-...

mzharfan by L0 Member
  • 3730 Views
  • 3 replies
  • 0 Likes

Resolved! Help me troubleshooting my globalprotect setting

Hi All,My pan-os is 7.1.1.I want to setup sslvpn for my co-works. Here is my globalprotect setting screenshot http://pan.baidu.com/s/1ccW1h8#list/path=%2FpaloateCould you take a look and tell me where I wrongly configured?Once my globalprotect client try to connect, I get the following error (T5200) 06/10/17 21:09:38:717 Error(3650): NetworkDisc...

Resolved! Why does traffic log show Application for a rule that uses a Service?

Hello folks, I am doing some testing (studying) on using Applications vs Services and have a question about the traffic log. Why does the traffic log identify the traffic and rule to an Application when the rules are setup as Service? My rules are setup as Service. Traffic log identifies them as Applications. Is it because Applications are set t...

fwapps.jpg
fwapps3.jpg
OMatlock by L4 Transporter
  • 5533 Views
  • 8 replies
  • 0 Likes

Same Zone Traffic to inside hitting different rules

Howdy All, I'm running into an issue where traffic from "Colo-Voice" segment bound to Any on the inside is hittin an "Any L3" policy (shown below) that's in place as the last policy. During our capture, we can see there's another host from the same segment bound for the same segment however it is hitting the "Cisco Voice-to-Internal_Trust" polic...

Capture.PNG

Resolved! Clarification around URL Filtering licenses

I just wanted a quick clarification around what you Can and Can't do without a PANDB license, I know you can create Custom URL categories without a license, but can you also use Dynamic External Block List, or can you create a security policy and manually define URLs you want to block? Or does anything around URLs require a PANDB license

nrobison by L1 Bithead
  • 11092 Views
  • 4 replies
  • 0 Likes

"icloud-base" excessive hits on firewall

Hi there, I have a question in regards to iCloud (application = icloud-base) and I was hoping someone could shed some light on or point me in the righht direction. I have a source address which is showing in the URL Logs as blocked due to our restriction on 'online-storage-and-backup'. normally I could see a source IP hitting this about 10,000 p...

Resolved! SSL Decryption not working in chrome

Trying to configure SSL Decryption and googled this to no end.I have an Enterprise CA, created the cert with that, I can see that the GPO's have deployed to the cert to the users.In my testing I only have decryption turned on for one user. Internet Explorer works fine as best I can tell it's not even noticing.Chrome on the other hand is not amuz...

DaleK by L1 Bithead
  • 6389 Views
  • 7 replies
  • 0 Likes

is there autofocus artifacts miner

Hi, I am looking for autofocus artifact miner, and in minemeld app, I found "autofocus.artifactsMiner". But when I check my vm ubuntu, I could not find it. How Can I copy and re-use this "autofocus.artifactsMiner" to my ubuntu minemeld ? Thanks.

Resolved! NAT configuration - DMZ zone to Trust zone

I've had a total brain fade, and am unable to figure this out. Hoping you guys can help. Network topology is relatively simple. Firewall has three zones - outside, inside and DMZ - DMZ has a /25 of "real" Internet addresses on it. Outside has a /30, also of "real" address, and most traffic from inside is translated to the interface address of th...

darren_g by L4 Transporter
  • 7729 Views
  • 2 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks