General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.


How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature


JayGolf by Community Team Member
  • 2 replies

AWS Palo Alto and Configuring Interfaces

I'm new to AWS, but not new to Palo Alto. We are at the initial phases of building out our AWS environment. I'm getting familiar with AWS but not an expert by any means. I thought I'd start with a trial version of Palo Alto for AWS. At any rate, I've


Resolved! User Activity Report for Managers

Management has asked for a weekly summary of department web activity on our new PA-500.


I created a User Activity Report for each department but these reports are not conscise and difficult to read, especially for managers who would like a summary.


ESM service account rights

When I try to install the ESM core and console with a service account that does have the logon as a service rights but not administrator rights, I keep running into issues. As I don't like to grant full admin rights to a service account on a box I'd


Resolved! Trusted Root CA Not Installed on Client?

This is on a PA-3020 running PAN-OS 7.0.4.


I've always manually chained certificates when installed an SSL certificate for Global Protect.  I decided to see if I could install the SSL certificate and the Intermediate certificates separately and see


Resolved! Firewalls accessing Panorama: best practice



I'm looking for a best practice when deploying Panorama accross multiple sites that do not really have any interconnections (and have quite a few overlapping subnets).

From what I understand, the firewalls themselves initiate the connection tow


Arne-VDH by L3 Networker
  • 2 replies

Resolved! Convert Template to Template Stack

We use Panorama to manage our firewalls and have a template configured with settings for all of our devices. I would like to split the devices by region for administrative access and would like to retain the current settings in the template. I can cr


Ash2k by L2 Linker
  • 3 replies

Panorama: dynamic updates to clients



I've added two VM-100's to Panorama and placed them into a device group. Connectivity is okay, deploying templates goes fine, but for some reason when I try to configure Panorama to shedule dynamic updates to the VM's, they don't show up in the


Arne-VDH by L3 Networker
  • 5 replies

Response Page on Internet Zone

Hello Community,

our customer has a Cluster of PA-3020 with PANOS 7.0.2.

We have enabled Application Block Page and the Internal users can view it properly.

Customer has a rule to permit Web-browsing traffic from Internet to DMZ.



When users try



Policy Based Forwading Capability Question

Hello All, Was just wondering if anyone may be able to help with this our question.


Please see the attached High Level Diagram. Both Firewalls are PA 3020's with the full licence set enabled. We need to replace the ISA server which is not providing


Data Flows.jpg
WesNeary by L1 Bithead
  • 5 replies

Resolved! Zone Protection exception


We’ve a problem with one of our customer.
Probably due to a carrier router misconfiguration, packets coming from - and only - a specific IP source are matched as fragmented by PA. As consequence, due to a Zone Protection and Fragmented Traffic p