General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 86 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3330 Views
  • 2 replies
  • 14 Likes

Patching One HA fully then the next.

If patching a HA pair to the next Major version i.e. 9.0.6 -> 9.1.0  is it safe to patch one of the pair all the way to 9.1.0 (minor versions and major versions) 

 

And then fail over and do the other firewall to bring that up to latest minor and final

...

Resolved! Global Protect Hip check iOS UDID

I'm looking for some feedback on the UDID HIP check for iOS devices.  Currently there is no way to pull serial numbers from the Apple iOS platform unless you connect a compatible MDM solution to the PA.  There is however a way to pull the UDID or ( u

...

Danross_0-1644850516993.png
danoman2 by L3 Networker
  • 3695 Views
  • 4 replies
  • 0 Likes

Routing Table size on PA appliances

Hello All,

 

We are looking into use PAs as routers on some of the sites. This will entitle us to accept BGP routes from Prisma and OSPF from internal routers. That's the reason I would love to find out if there's a limit (I am sure there is) for ammou

...

SAML Login to local firewall certicifacte

I am getting a SAML error after renewing a few certs that expired. 

 

eventid eq saml-certificate-error


Can you use the same IDP xml file across multiple Device SAML profiles? IDP is Microsoft azure.

and ( description contains 'Failure while validating t

...

Resolved! DNS Security

Hi, 

 

We are getting warning message (Warning: No valid DNS Security License) when we commit every time. currently we are using PAN OS 9.0.5. Is it possible to disable this warning message.

 

Regards,

Logesh S.

Logesh by L1 Bithead
  • 21974 Views
  • 24 replies
  • 1 Likes

Device Log Forwarding CLI

Hello -

In GUI I can do the following:

Panorama > Collector Groups > {Collector Group Name} > Device Log Forwarding > Log Forwarding Preferences

 

In here I have two Palo Loggers and I split my HA firewalls like so (for example):

Devices:                 

...

Resolved! Inbound SSL decryption

I am trying to set up a TLSv1.3 / TLSv1.2 webserver behind a palo firewall with ssl inbound decryption.

However i seem to get a lot of ssl errors and the website does not work if specific ciphers are not listed first...

For one I would like to understa

...

CLIq by L3 Networker
  • 9372 Views
  • 9 replies
  • 0 Likes

Quantifying Global Protect User Experience

I am now seeing about 500-600 Global Protect sessions a day connecting with autoVPN. A problem I 

am running into is reports from our Help Desk of session disconnections. It's hard for them to get

time with the users to grab the tech support bundle and

...

palomed by L3 Networker
  • 1075 Views
  • 0 replies
  • 0 Likes

Resolved! Upgrading PANs in Serial Question

I have two PAN 3220s operating as Virtual Wires behind a pair of ASA 5525s. Normally in upgrading a pair of PANs you upgrade the standby, then suspend the primary (secondary takes over), upgrade the primary. Repeat as necessary to get to your target

...

palomed by L3 Networker
  • 1712 Views
  • 2 replies
  • 0 Likes
  • 24125 Posts
  • 100 Subscriptions
Top Solution Authors
Labels