This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Source address of PBF Monitor heartbeat ICMPs

I have a Policy Based Forwarding related question.

 

If we have a PBF rule, with Monitoring enabled, and the "disable this rule if next-hop/monitor ip is unreachable" also enabled.

 

So Palo Alto sends ICMPs to the monitored IP address out of the egress

...

*URGENT* URL Filtering

Hi folks,

 

Is there a way to block the entire sub-domains but to allow a particular sub-domain and its related subs ??

 

For Ex:

Domain :     *.cloudinary.com/*   

( Which covers  *.Cloudinary.com/blog/*  ,  *.Cloudinary.com/about/*   , *.Cloudinary.com/c

...

Resolved! Layer 2 Palo Alto to 802.1q subinterface on Cisco ISR

I am thinking to put a small pan between an Internet connected Cisco 4331 ISR and a Meraki switch. Will the PAN just pass all the tagged frames along and will the PAN be able to process the traffic from all those VLANs/tagged frames? Or would I need

...

Resolved! GlobalProtect gateway client configuration failed

Hello,

 

We are using PAN-OS 8.0.0 and GP agent version 4.0.2 

We cannot set any IP address for the Gateway. If we try then it auto changes to 'None'.

The output from the show global-protect-gateway gateway command shows there are two gateways.

But accord

...

GW.png
Systemlog.png
Farzana by L4 Transporter
  • 6128 Views
  • 2 replies
  • 0 Likes

Resolved! User Group Count Exceeds threshold

Recently upgraded to 8.0.9 from 7.1.x with mutiple devices from PA200 up to PA3050, Using UserIdAgent against an MS domain. managed via Panorama.

 

Started getting notifications in thes system log along the lines of 'User Group count of 7492 exceededs

...

SimmSimm by L2 Linker
  • 17971 Views
  • 3 replies
  • 0 Likes

Dataplane Crash in Paloalto after firmware upgrade

Upgrade the Customer device from 7.1.25 to 8.1.12 and after the upgrade, we are facing issues with Dataplane Crash. Attached is the error message. Below bug matches the error. We have also tried to downgrade the Firmware to 8.1.10 and the issue still

...

Server monitoring Not Connected / User-ID Agentless

Hello,

 

I have two Domain Controllers, one is shown as Connected and the other is Not Connected.

 

 

-The 10.0.12.80 is a replica of 10.0.0.51.

-The server 10.0.12.80 is reachable by the management interface.

 

-When creating the LDAP Server Profile & addin

...

2019-05-15 11_09_46-Películas y TV.png
upatino by L1 Bithead
  • 5652 Views
  • 3 replies
  • 0 Likes

MineMeld no longer accessible via CLI

Hello, LIVE Community!

 

I have a MineMeld certificate that has expired, so I want to renew it by uploading the renewed certificate to MineMeld. The issue I'm running into is ever since I updated to the latest version of MineMeld, I can no longer acc

...

Resolved! How to set CLI output in Operational mode

Hi everyone,


I'm working with different models of PaloAlto firewall (all of them have PANOS  and  I want to develop an automatic service on them to get the CLI output and parse it to get data I'm interested but, to do that as easy as possible, I want

...

Resolved! 'unknown ikev2 peer - Azure

Hi,

 

I have several Azure sites with an active-active gateway and 2 different ip.
I have a Palo Alto pa-820 with 8.1.12 firmware, 2 interfaces with 2 different communication providers and different public ip.
What makes a tunnel ikev2, bgp and peers.

Sch

...

Zero-trust region policies

We are testing out using a Zero-trust policy to block traffic to and from all regions but a few known good or needed regions. I am running into issues with Microsoft, AWS websites and services that roll to different data centers and IPs around the gl

...

drischar by L0 Member
  • 1485 Views
  • 1 replies
  • 0 Likes

Resolved! Global protect Compatibility Check

We are planning to go with the Preferred GP version 5.0.7. As currently the users don’t have the privilege to upgrade to this version on their laptop, is it ok to first install the GP on client systems through Active Directory Group Policy and then u

...

  • 24196 Posts
  • 100 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks