This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

Resolved! Path Monitoring Group Name field will not save?

Hi folks, Another HA question, but seems like could be an easy one. I have one test PA-200 OS 6.1.4, enabled HA (for practice), created a Link Group, and now trying to create a Path Group.However, when I type in a name and click off of it, press enter, or click OK the text I typed disappears and unable to save it. I tried it on our production PA...

PathAny1.jpg
OMatlock by L4 Transporter
  • 2359 Views
  • 2 replies
  • 0 Likes

IPSec Tunnel PAN to Cisco ASA - matching for phase 2

Do the proxy ID's on the pan side have to match the ACL defined crypto domain on the ASA? That is - suppose on the PAN side you had for phase II of the tunnel 192.168.1.0, 192.168.2.0 and 192.168.3.0 while the ASA side had only 192.168.1.0 and 192.168.2.0. Would phase II tunnel still come and allow traffic for the first two subnets? Or would bot...

palomed by L3 Networker
  • 2733 Views
  • 3 replies
  • 0 Likes

Resolved! It's time to allow verified PAN customers to change URL categories for specific websites

Long time PAN Customer with huge PAN deployment, we have a very large user base and get multiple website blocked requests daily. We block Parked and Unknown domains for security purposes, it's worth it. However, there's a large amount of new websites that are rightfully listed as parked or unknown, then updated shortly after, then legit websites...

Rags by L2 Linker
  • 4577 Views
  • 5 replies
  • 1 Likes

Resolved! IPSEC site-to-site; passing ICMP only.. no other protocol (TCP/UDP)

I have an IPSEC-to-SITE.IKE Phase 1 and Phase 2 are good/live.Tunnel interface in right zone. Routes fines.Policy defined (app: any, service: any).I can see the policy being hit when I generate icmp/pings. And can get to the proxy id's/subnets on other side.I can't get anything other than ICMP through though.. No other TCP/UDP layer traffic.. ...

mpgioia by L3 Networker
  • 18050 Views
  • 20 replies
  • 0 Likes

API or script to report bad URLs to PAN?

Is there an ability to post bad URL reports to PAN in an automated/scripted fashion? I know the report site exists (https://urlfiltering.paloaltonetworks.com) but it requires a captcha. My goal is to write a script which takes in a (phishing) URL as input and automatically reports it to several security vendors.

Schuyler by L0 Member
  • 3893 Views
  • 3 replies
  • 0 Likes

Report issue - incorrect data

Hi All, i have a problem: when my customer generates reports there are problem with data, i see that the usage in one week is less than the sum of two random days in the same week.example:Week report: 450.5 G bytesDay X: 588.3 G bytesDay Y: 262.0 G bytes Has anyone some hints? Regards,Daniele

DKanta by L2 Linker
  • 2313 Views
  • 2 replies
  • 0 Likes

Recommended MTU for GlobalProtect Gateway

Hello, We’re experiencing slowness from global connect clients located offsite back to firewall (i.e. 5MBps). Without the VPN client, the user can get up to 60MBps. What is the recommended MTU settings for GlobalProtect Gateway/interface should be set at? Our Ethernet interface(1/3) MTU where gateway terminates in DMZ is set at 1350 and the tunn...

Farzana by L4 Transporter
  • 10265 Views
  • 5 replies
  • 0 Likes

Resolved! URL log forwarding to syslog servers, but not all informational threat logs.

we need to forward url filtering logs from PaloAlto to syslog server ( similarly from Panorama to syslog server.)To do this we need to to forward the Threat "Informational" logs ( generally url filtering logs are part of threat "informational logs ). But we do not want to forward all "informational" threat logs to syslog servers as it will add l...

URL Filtering from Internet Traffic to Internal Websites

Been doing some searching but havn't come up with anybody doing this and if it has other problems / security ramifications I'm not aware of. My problem:We have an employee that is no longer working at our business but there personal computer at home is configured to our internal mail server. I can see the spam of authentication attempts from the...

Resolved! HA Configuration question?

Hi folks, As I prepare for my first HA configuration next weekend, have at least one question today. I understand from reading that the configuration will copy over to the second passive firewall over the HA1 link.Does that include everything? Certificates as well? Thanks

OMatlock by L4 Transporter
  • 2145 Views
  • 1 replies
  • 0 Likes

Resolved! Destination NAT vs Source NAT with Bi-directional?

Hi folks, I am reading several articles about NAT types and bi-directional.I have a test going, but confused about how my web server is translating its source address when replying. I thought that I would have to create a bi-directional NAT rule to get the web server to change its IP back to public (after the D-NAT), but that's not the case. It...

visio.jpg
NATRules.jpg
Securityrules.jpg
web.jpg
OMatlock by L4 Transporter
  • 15993 Views
  • 8 replies
  • 0 Likes

Palo Alto Updates not passing through another PA firewall

Network setup: PA3020 E1/2-->E1/1 PA500 E1/2-->Internet. In PA3020, we have configured the service route to paloaltoupdates through e1/2. Then traffic will reach pa500 e1/1 which will be routed to internet via e1/2. PAT configured on e1/2 which will be going to internet.I'm sure route, NAT,security policies are proper. In PA3020, connectio...

Resolved! PA-3020 - Internet Connection over Cisco Switch

Hey guys, at the moment, there is a direct connection between my Palo Alto Firewall and the Internet Router. Ethernet 1/20 on the PA is my external interface - it's one of the fiber interfaces. I want to change this connection from "direct" to "over switch". My question is: Which SFP module do I need in the cisco switch? I mean, the PA interface...

MPI-AE by L4 Transporter
  • 4656 Views
  • 3 replies
  • 0 Likes

Google drive not getting blocked

Dear Team,As per logs, I am getting drive.google.com is blocked.But actually, I can still able to access it. Please advise regarding this issue to get fixed. Give us the proper permanent fix for this issue.I can block mentioning the specific URL “drive.google.com” but every time we can not block new URLs like this.

qqq.png
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks