This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! Creating a block timeout for mac addresses for malicious behavior

Hello, I was interested if there was a way to block a mac address of a device for malicious behavior? Bacially if i have a user on a guest connection and they are searching things they shouldnt, they could be blocked for 5 minutes or whatever and then return to the network. I know its a strange request but I was curious to see if it could be don...

mmaynard by L0 Member
  • 3002 Views
  • 2 replies
  • 0 Likes

Setting Up MS DirectAccess

Trying to configure DireectAccess (Windows Server) to work but I believe it is failing due to the Palo Alto. I created a custom application and application override for the ports needed but still failing. Per a Microsoft Document, "the firewall has to be configured to pass the traffic through transparently. you cannot NAT the traffic". How do I...

jharlow by L3 Networker
  • 4118 Views
  • 3 replies
  • 0 Likes

Resolved! Seperate Internet Connections

HiFirst time here, so after some advice.We have a Palo Alto 3020 providing internet access and DMZ, all is running fine.I have to order another internet circuit, which is the best way to connect / configure this? 1. Create an LACP port channel on the inside and use 2 Gig interfaces as the new inside (traffic will go up to 2GB).Create a second ou...

Resolved! Subordinate CA creation for SSL Decryption

Hello, I am attempting to set up SSL Decryption on a new firewall and trying to create a Subordinate CA with our internal Microsoft Certificate Services. I am in the process of generating the CSR on the PA, but I am a little confused on what the Common Name should be. Should it be the Inside interface IP, Outside interface IP, the AD domain ...

Virtual Wire + vPC

I’m considering the following ( Active / Passive Virtual Wire + vPC ) configuration in my primary Datacetner. I really don’t want to lose the current vPC redundancy that I have in place today. Today I can cut, unplug, power off, kick, shutdown, and I’m still up and running that's point. I also don’t want to have to redesign my entire CORE infra...

thaubein by L0 Member
  • 2780 Views
  • 3 replies
  • 0 Likes

Setting up Policy to allow all access to a squid proxy

Hi Still a beginer with the PA. I have a universal rule that allows from any zone my internal ip address to ip address group that has by proxy addresses in it. For applicaiton I have http-proxy - this covers a lot of portsdefault urls from my test box I try wget -O /dev/null http://www.smh.com.au this works !!!wget -O /dev/null http://www.goog...

Double NAT

Hi!we have a couple of customer who use paloalto firewalls. We have always problem to connect two accesses through NAT via paloalto. We usually use cisco meraki and the communicate on the higher port numbers. It always work when we have one site that are behind a NAT but when we move the device behind a NAT, it fails. Like this: 1) NOK: lan&l...

majo44 by L0 Member
  • 2903 Views
  • 1 replies
  • 0 Likes

Scripting

Who can provide me with a from scratch python script to create a new firewall rule? Im not looking to use pandevice or any of Palo Alto modules on github (my compnay will not allow us it import and use it.) Looking of a script that doesn't use pandevice as AWS Lambda equally doesnt support it. Or would it be best to contact my PA Account person ...

PA-500 SSL decryption decrypt-error session end

I apologize of this is a dumb question as I know that some sites will have decyrption issues, but is it normal to have a lot of traffic log entries with decrypt-error as the session end reason? None of our users are complaining that they can't get to something/anything, but I'm seeing a lot of entries with this session end reason. Was going to o...

gwosad by L0 Member
  • 4770 Views
  • 4 replies
  • 0 Likes

Getting the user activity report to sort by username not time

Hello, I am wondering if there is a way to get the standard User Activity Report to be formatted by grouping by Username not the time of each event. I can get a custom report to group by user but it is not as nice as the User ACtivity Report. We're using a pa-500. THANKSChad

chadwyss by L0 Member
  • 2064 Views
  • 2 replies
  • 0 Likes

GP for many external clients

Does anyone have a good solution/setup for providing external clients with VPN access? Not regular users/company employees. We need to be able to provide these external clients access to different resources internally. IE webpages, server access using RDP etc. We would like to tie this into AD also. I would prefer not to have to create a gate...

Resolved! Seperate URL categories for free and paid web hosting?

Hi, We are seeing an influx of phishing mails trying to send users to sites hosted with free web hosting services. On of the things we've done to combat phishing is blocking access to unknown domains, but every subdomain of a free web hosting provider is currently being classified as "Web Hosting", causing users to be allowed access to them. In ...

arvesynd by L3 Networker
  • 2514 Views
  • 1 replies
  • 0 Likes

Resolved! malicious domain

Hi,What is the benefit if we use sinkhole instead of just blocking malicious domain resolvingThanks

simsim by L4 Transporter
  • 4588 Views
  • 5 replies
  • 0 Likes

Firewalls in HA, how bring them in Panorama

Hello I have a HA Active/Passive pair of Firwealls in 7.0.5 and Panorama 7.1.9I need to import configuration into Panorama. The process below is not clear if I need to do that for both firewallshttps://live.paloaltonetworks.com/t5/Management-Articles/How-to-add-a-locally-managed-firewall-to-panorama-management/ta-p/58348or should I just bring th...

Kaliman by L2 Linker
  • 2108 Views
  • 1 replies
  • 0 Likes

Resolved! Issues with GlobalProtect on Windows 10 1703

Hi, I recently had a collegue who installed Windows 10 1703, also called the Creators Update.After the update GlobalProtect appears to be able to connect to the gatway, but it fails to retrieve an IP address and DNS servers from the firewall. Have anyone else had this issue, and have anyone been able to find a solution? I will try to have him do...

arvesynd by L3 Networker
  • 7463 Views
  • 6 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks