This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4436 Views
  • 0 replies
  • 0 Likes

Best way to add application

Hi I want to give my users access to bitbucket via ssh. This is provided on port 7999. So 2 ways I think i can do this. create a service TCP-7999 Bitbucketadd policy with application ssh and service TCP-7999 or I can create a custom applicaiton on port 7999. then i have to do a applicaiton override. so which is the better way , I am thinking th...

Ideas for new and/or updated KB articles

With the ever-growing plethora of features in Palo Alto Networks firewalls and Panorama, keeping up with the knowledge is vital. In the world of Network Security, there is very little room for the 'unaware' and 'unprepared'. At LIVE community, we are constantly adding up-to-date and relevant articles, which can not only make you aware of our NGF...

ansharma by L4 Transporter
  • 8194 Views
  • 8 replies
  • 2 Likes

URL filtering - no response page appears with https site

Hi, On my PA-200, I use URL filtering to block the access to some http and https site. For https sessions, the response page is serving without SSL decryption. I use this command: set deviceconfig settings ssl-decrypt url-proxy yes I use also a intermediate CA certificat generates by our organization for Forward Trust. The response page is also ...

sam76 by L0 Member
  • 4420 Views
  • 2 replies
  • 0 Likes

Wildfire scheduled updates through Panorama

Is there any way to schedule Wildfire updates to kick off only a couple of times a day? I know we can do every minute, 15, 30, etc. Due to the connections and the environment I have 1500 firewalls I need to schedule the push to only be twice a day. Is this possible? Is that ability coming?

JeffTQT by L2 Linker
  • 2729 Views
  • 1 replies
  • 0 Likes

Limting Globalprotect client access via IP address

Is there a way to allow specific GlobalProtect users to only connect from specific public IP addresses? For example say I only wanted to allow user1 to connect from IP address 1.1.1.1, and if user1 connects from any other public IP address, or if user2 is trying to access from 1.1.1.1, to have that access be denied?

Resolved! Newbie question on polices

Hi Got to test pa-3060's got them setup in HA active active mode. I have a LACP trunk setup with 2 vlans of it. vlan 213 - zone trustedvlan 215 - zone devi have ospf and ip addresses assigned and working on the 213 side of things. so I can ping it from the rest of my network.vlan213 gets DGW from OSPF. I have .2 and a .3 address assigned to pa1 ...

Resolved! OSPF LSA Threshold: Security Finding

Wondering if there's a way to configure a threshold for OSPF LSA updates/messages?Or if such a threshold is already in place by default on Palo Alto firewalls. Something that can maybe drop anything more than say 7 LSA messages in 5 minutes.Apparently, there's a security threat related to a device getting DOS'd by an overwhelming flow of LSA me...

Resolved! Exposing Videoconference - "Incomplete" traffic allowed

Hi allI have tried to expose Videoconference system behind Palo Alto.Unfortunately using App ID in security policy I have seen Palo Alto allows a lot of "incomplete" traffic.That's really an issue: When enabling h.323 in security Policy App id engine starts to allows every port in order to find something related to this protocol and obviously yo...

TheRealDiz by L4 Transporter
  • 10877 Views
  • 14 replies
  • 0 Likes

BFD Dropping During Firewall Failover

Having an issue with BFD. I have BFD configured between the Palo Alto and a couple of routers (BFD Single Hop). When a firewall failover occurs, this causes the BFD peering to drop and come back. I would not anticipate this to happen. This causes a unicast path between multihop BFD peers to drop in turn causing multihop BGP peerings to drop as w...

Resolved! Management Interface traffic logs

Hi guys,Is there a way to see traffic logs of management traffic? I'm trying to troubleshoot user-id redistribution source from the management interface.ThanksNetWorkZeus

Resolved! Customizing Prototypes in Office365

I note that Office 365 recently updated the URL definitions to include microsoft Teams etc. Has anyone customized the prototypes to support this change ? https://support.office.com/en-gb/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2 Drew.

Resolved! Panorama shows FW as disconnected after App and Threats Update

So I got the mail today about the certificate which is about to expire.I installed App protection 694-4000 on the Panorama as described .After the reboot I no longer have communication between my 2 PA-2050 boxes and Panorama. The log is no longer updated and it shows the 2 boxes "Device State" as Disconnected. I currently run 7.0.10 on all devic...

Resolved! DNAT issues into servers with teamed nic's ?

DNAT issues into servers with teamed nic's ?Anyone seen issues with this before ? I literally can't DNAT into servers with teamed nic's.. I'm going to run a wireshark capture on the server to see what is going on..

mpgioia by L3 Networker
  • 11237 Views
  • 18 replies
  • 0 Likes

PA upgrade problems

Hi, we have a cluster with PANOS 7.0.6, we want to upgrade to 7.1.8. In a similiar upgrading path we were affected for a bug related to VPN, which was applying when you jump to 7.1.0 an then 7.1.8. So we would need to jump directly to 7.1.8. On the another hand, when we have upgraded others cluster A/P, downloading version 7.1.0 and 7.1.8 and j...

  • 24374 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks