This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

7.1 default behavior changes

So I was reading about OS 7.1 because I am planning on upgrading from 7.0.12 to 7.1 and found some information of the default behavior of app-id

appid.PNG
jdprovine by L4 Transporter
  • 5776 Views
  • 12 replies
  • 0 Likes

Resolved! Path Monitoring question?

Hi folks, Preparing for my HA configuration this weekend. 🙂 I have a question about creating a Path monitoring group on the Passive device. While I go through the procedures to configure HA on the Active device, I plan to set a Path monitoring group for our virtual router named SDTSS. When I go through the same procedures on my Passive devic...

OMatlock by L4 Transporter
  • 3090 Views
  • 3 replies
  • 1 Likes

Finally IPv6 over GlobalProtect, or should i say v6IP?

About 2 months ago I was thrilled to hear that PANOS 8 was coming out and that it would bring us IPv6 inside a Globalprotect VPN. After fixing the "licence issue", i finally came arround to doing the upgrade and eagerly started to configure a tunnel for IPv6. To my regret it did not work. As I figured it, it would probably be some remote setting...

P.Braat by L1 Bithead
  • 5178 Views
  • 6 replies
  • 0 Likes

Headsup: AZURE VPN not comming up again, session discarding

Hi, I just want to share a problem i have been troubleshooting. I have lots of vpn's terminating on our FW, haven't had real problems until i started to connect Azure VPN's. After a network hickup they usually did not come up again. I had the hardest time in finding out why. It seems that Azure sends so many IKE initiation packets that if for so...

P.Braat by L1 Bithead
  • 2818 Views
  • 2 replies
  • 0 Likes

Log Card Interface Issues

We have configured a log card interface on one of our 7050 devices for submission to wildfire. This is not working. Our testing shows we cannot ping the default gateway conifgured on the interface. If we ping from the router, then no response is recived, but the packet count on the log card interface increases according for both recicieved and t...

HTTP OPTIONS Method

Hi,I am getting contionous 'HTTP OPTIONS Method' - alertWhat is the reason for thisIf I have multiple vulnerabilty profile ,I want to exclude this from one of the profile or one of the ip(I want to ignore this vulnerabilty checking in a profile or against an IP)How can i do that ?Thanks

simsim by L4 Transporter
  • 3237 Views
  • 3 replies
  • 0 Likes

cookie size

Hi, Is there something settings related to 'cookie size' in pa Thanks

simsim by L4 Transporter
  • 1969 Views
  • 2 replies
  • 0 Likes

Resolved! Path Monitoring Group Name field will not save?

Hi folks, Another HA question, but seems like could be an easy one. I have one test PA-200 OS 6.1.4, enabled HA (for practice), created a Link Group, and now trying to create a Path Group.However, when I type in a name and click off of it, press enter, or click OK the text I typed disappears and unable to save it. I tried it on our production PA...

PathAny1.jpg
OMatlock by L4 Transporter
  • 2329 Views
  • 2 replies
  • 0 Likes

IPSec Tunnel PAN to Cisco ASA - matching for phase 2

Do the proxy ID's on the pan side have to match the ACL defined crypto domain on the ASA? That is - suppose on the PAN side you had for phase II of the tunnel 192.168.1.0, 192.168.2.0 and 192.168.3.0 while the ASA side had only 192.168.1.0 and 192.168.2.0. Would phase II tunnel still come and allow traffic for the first two subnets? Or would bot...

palomed by L3 Networker
  • 2700 Views
  • 3 replies
  • 0 Likes

Resolved! It's time to allow verified PAN customers to change URL categories for specific websites

Long time PAN Customer with huge PAN deployment, we have a very large user base and get multiple website blocked requests daily. We block Parked and Unknown domains for security purposes, it's worth it. However, there's a large amount of new websites that are rightfully listed as parked or unknown, then updated shortly after, then legit websites...

Rags by L2 Linker
  • 4512 Views
  • 5 replies
  • 1 Likes

Resolved! IPSEC site-to-site; passing ICMP only.. no other protocol (TCP/UDP)

I have an IPSEC-to-SITE.IKE Phase 1 and Phase 2 are good/live.Tunnel interface in right zone. Routes fines.Policy defined (app: any, service: any).I can see the policy being hit when I generate icmp/pings. And can get to the proxy id's/subnets on other side.I can't get anything other than ICMP through though.. No other TCP/UDP layer traffic.. ...

mpgioia by L3 Networker
  • 17683 Views
  • 20 replies
  • 0 Likes

API or script to report bad URLs to PAN?

Is there an ability to post bad URL reports to PAN in an automated/scripted fashion? I know the report site exists (https://urlfiltering.paloaltonetworks.com) but it requires a captcha. My goal is to write a script which takes in a (phishing) URL as input and automatically reports it to several security vendors.

Schuyler by L0 Member
  • 3840 Views
  • 3 replies
  • 0 Likes

Report issue - incorrect data

Hi All, i have a problem: when my customer generates reports there are problem with data, i see that the usage in one week is less than the sum of two random days in the same week.example:Week report: 450.5 G bytesDay X: 588.3 G bytesDay Y: 262.0 G bytes Has anyone some hints? Regards,Daniele

DKanta by L2 Linker
  • 2285 Views
  • 2 replies
  • 0 Likes

Recommended MTU for GlobalProtect Gateway

Hello, We’re experiencing slowness from global connect clients located offsite back to firewall (i.e. 5MBps). Without the VPN client, the user can get up to 60MBps. What is the recommended MTU settings for GlobalProtect Gateway/interface should be set at? Our Ethernet interface(1/3) MTU where gateway terminates in DMZ is set at 1350 and the tunn...

Farzana by L4 Transporter
  • 10136 Views
  • 5 replies
  • 0 Likes

Resolved! URL log forwarding to syslog servers, but not all informational threat logs.

we need to forward url filtering logs from PaloAlto to syslog server ( similarly from Panorama to syslog server.)To do this we need to to forward the Threat "Informational" logs ( generally url filtering logs are part of threat "informational logs ). But we do not want to forward all "informational" threat logs to syslog servers as it will add l...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks