General Articles
LIVEcommunity's General Articles area is home to how-to resources, technical documentation, and discussions with Accepted Solutions that turn into articles related to all Palo Alto Networks products.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
About General Articles
LIVEcommunity's General Articles area is home to how-to resources, technical documentation, and discussions with Accepted Solutions that turn into articles related to all Palo Alto Networks products.
This Nominated Discussion Article is based on the post "Internet -> PA-440 -> ASUS RT-AX53U AX1800. Error = Router does not get Internet access " by @SoloSigma  and answered by Cyber Elite @reaper.
View full article
The connection between the Prisma Access Cloud and the on-prem devices is usually based on the IPSEC protocol for site to site VPNs. For extra security, configure Prisma Access to be the VPN responder and the on-prem firewall/router as the VPN initiator.
View full article
You can use debug filters to enable the Palo Alto Networks firewall to collect packet captures for troubleshooting purposes.  
View full article
Real-time retrieval of WildFire signatures, WildFire Inline ML and Advanced Wildfire that are available for Palo Alto NGFW and Prisma Access SASE.
View full article
This Nominated Discussion Article is based on the post "Bring Down IPsec Tunnel Manually" by @j.nepomuceno and responded to by @TomYoung and @Raido_Rattameister . Read on to see the discussion and solution!     I am troubleshooting an issue where I need to bring down the IPsec tunnel manually, what is the best way to do this in GUI or CLI? Thanks   Depending on whether you want to bounce the tunnel or actually disable it, you have different options.   The following CLI commands will tear down the VPN tunnel (phase1 & phase2 respectively): Phase 1 > clear vpn ike-sa gateway <gw-name>​ Phase 2 > clear vpn ipsec-sa tunnel <tunnel-name>​   Follow these steps to clear (bounce) a tunnel using the GUI: Phase 1 Goto Network > IPsec tunnels and select your tunnel Click IKE-Info At the bottom, click the action you want (Refresh or Restart)   Phase 2 Goto Network > IPsec tunnels and select your tunnel Click Tunnel-Info At the bottom, click the action you want (Refresh or Restart)   Instead of bouncing, you can also choose to disable/enable IKE gateways or IPsec tunnels.   Enable/Disable an IKE Gateway Go to Network  > Network Profiles > IKE Gateways and select the gateway in question.   Click Enable/Disable at the bottom of the screen   Enable/Disable an IPsec tunnel Go to Network  > IPSec Tunnels and select the tunnel in question Click Enable/Disable at the bottom of the screen   For more information: Refresh or Restart an IKE Gateway or IPSec Tunnel How to check Status, Clear, Restore, and Monitor an IPSEC VPN Tunnel Enable or Disable an IKE Gateway or IPSec Tunnel How to Troubleshoot IPSec VPN connectivity issues
View full article
The Palo Alto NGFW is a really stable device but sometimes there is a need to restart a process as a workaround for a bug causing high CPU or Memory leakage. How can we automate this process? 
View full article
 This article is based on a discussion, Tracing external IPs back to internal IPs at a specific moment in time..., posted by @Tom_Access. Read on to see the solution and collaboration from Cyber Elite @OtakarKlier & @Adrian_Jensen!   In the course of tracking down security vulnerabilities, I find myself trying to trace External IPs (from external security scan reports) back to Internal IPs at a specific moment in time (the timestamp from the scan report). Most of the time, it's very simple, as many internal IPs are NAT'd 1-to-1 to external IPs. Those tend to stay static. But there are also large groups of PAT'd addresses, such as whole ranges of internal IPs (like guest WiFi network DHCP pools) that go out a single external IP.   I'm really struggling with how to track these devices down. I can rarely even find a matching internal IP for that timestamp.   Is there a specific NAT/PAT log I can reference? Or a tool for this that I'm missing? I've been trying to use the traffic logs, but that's not always fruitful and it is tedious.   Any suggestions? I'm using a Palo Alto PA-5250 running PanOS 10.2.0.   Thanks in advance, Tom Solution:   First thing is to make sure you have logging at session end enabled on all of your security policies. Then you go into the Unified log and filter on source IP of the attacker. This should show all the traffic from that IP address. Then click on the paper/magnifying glass icon on the far left of the log.   This will bring up all the session details and will show you the NAT'd IP.      In addition the Monitor -> Logs -> Traffic viewer has many additional fields which can be selected/filtered upon by selecting the down arrow in the column name header and selecting additional fields. (Note: You can also reorder columns by dragging them to either side.)   Two additional columns that are not shown by default are "NAT Source IP" and "NAT Dest IP" (as well as NAT Source/Dest Port), which show the NAT'd IP results. You can filter you traffic on these fields as well. So, for instance, if you external security report complains about an exploit attempt from your public IP to an internet IP:   2022-07-08 12:35 - ->   You can find all the matching outbound traffic logs with a Traffic log filter like: ( natsrc eq ) and ( natsport eq 53219 ) and ( addr.dst in ) and (port.dst eq 443)   You can further add time filters to narrow down a window, though be aware that while log receive time appears to be a log database index, session start time is not. So queries using start time may take much longer/time out when searching (you can work around this by also using a wide receive time filter to pre-narrow the results subsequently filtered by the start time filter). ... and (receive_time geq '2022/07/08 12:30) and (receive_time leq '2022/07/08 12:50) and (start_time geq '2022/07/08 12:30)
View full article
This article is based on a discussion, Knowledge sharing: Palo Alto Free Workshops, Trainings and Trials and possible PCNSA/PCNSE training, posted by Cyber Elite @nikoolayy1. Read on to see which resources are available for certification! Thanks @nikoolayy1!   As part of my "Knowledge sharing" series I decided to share to everyone interested in learning more about Palo Alto the following links.   1. The Palo Alto Demo Center, where there are workshops, demos, trials (You have 30 day trial on the Palo Alto NGFW with a virtual machine or the XSOAR product):   Product Demo Center   2. Palo Alto Networks Beacon, where with free registration there is a lot of things to learn. Also it has many trainings for Palo Alto or Panorama features that can be used for learning PCNSA or PCNSE and in other words like a free PCNSA/PCNSE training. Also "What's New" in beacon will show what was added in version 10.1 or 10.2 (also the Nebula series recordings can be checked as they will show in more detail what is added in 10.2: Tech Deep Dive Miniseries: Nebula PAN-OS 10.2). Beacon Student Catalog   New Digital Learning Courses for PAN-OS 10.1   From time to time there are free PCNSE bootcamps and there are recordings:     3. The Palo Alto Network Guides:   PCNSA Study Guide   Palo Alto Networks PCNSE Study Guide     4. Palo Alto Education Services:   Education Services Certifications on LIVEcommunity     5. Palo Alto Networks Youtube channels, where there are playlists IoT security, the new Palo Alto native firewall in AWS, Prisma Access and many more:   Palo Alto Networks LIVEcommunity YouTube   Palo Alto Networks YouTube   Cortex by Palo Alto Networks YouTube   Palo Alto Networks SASE YouTube Playlists   6. The NDG labs for Palo Alto that are around just for 50 dollars for 6 months access:   NDGE Labs for Palo Alto Networks   7. The CBT nuggets on version 10:   Level Up Your Security Skills with Palo Alto Training     8. A great book about Palo Alto Networks:   Mastering Palo Alto Networks: Build, configure, and deploy network solutions for your infrastructure using features of PAN-OS, 2nd Edition  
View full article
  • 179 Posts
  • 252 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors
Top Liked Posts in LIVEcommunity Article
Top Liked Authors