This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

BGP establish state flapping.

I have couple of bgp established on the firewall. Confiugured new one to AWS ,tunnel comes up but Bgp is flapping.System logs.BGP peer session enters established starte,peer ip:169.254.32.1BGP peer session left established state,peer ip: 169.254.32.1.

Select route with shorther prefix length

I have a static route for 172.16.0.0/12 but my PA is also learning through OSPF a route for 172.16.0.0/24. As these routes have different prefix length both are installed in the routing table and the dynamic route for 172.16.0.0/24 learnt through OSFP takes precedence over static route for 172.16.0.0/12 without having in consideration the admini...

COM-UCO by L1 Bithead
  • 4187 Views
  • 3 replies
  • 0 Likes

Configure a static 1-to-1 destination NAT policy

Hello Live Community, I am a new comer to the firewall game and I am wondering how would I go about setting up static 1-to-1 destination NAT policy on my PA-500 Firewall. I just recently set up the firewall using the documentation below and everything seems to be running great but my Xbox One device Nat is set to strict. I was wondering if some...

lzabler by L1 Bithead
  • 5978 Views
  • 3 replies
  • 0 Likes

certificate is not signed by a trusted certificate authority.

Hello guys, I have a one question about Global Protect. I configured it and all was working properly, but when i updated my global protect to the versin 3.1.5 or new 4 and then when i trying to connect an error occur "Gateway ... : Server certificate verification failed" how to fix this problem can anyone tell me? PAN OS 7.1.7

Resolved! PANs as internal routers?

We are planning to make our Palo Alto (pair) into the main internal router for a decent sized enterprise data center and about 300 users. A pair of Arista routers will be our external WAN/BGP routers. Is using the PAN as a router considered a best practice? Is it an acceptable practice from a speed/performance perspective? We plan to hairpin a l...

dlazzaro by L1 Bithead
  • 6068 Views
  • 5 replies
  • 1 Likes

New-old VM models

Hi All, I have been updated with new information on "Colossal event" , but some things remain grayed... Example, I have VM-100 almost five years in production environment and I see that it got muscles right now. So I have several doubts regarding my "old" VM-100... What going to happend with licensing fee if consider resource increasing?How to ...

Tician by L3 Networker
  • 5276 Views
  • 5 replies
  • 0 Likes

Corporate Credential Submission / Phishing protection in PANOS 8.0

Good Morning, I'm lucky enough to work with a few early adopters and have PANOS8.0 running in several production locations on VM and 3000 series appliances. So far, business as usual with the "old" feature set.... I've now setup Credential Protection on two of these sites, using the RODC method to spot username/password combos, rather than just ...

Dpeters1 by L2 Linker
  • 2986 Views
  • 1 replies
  • 1 Likes

How to exporting URL log to CSV with comma inside URL field?

Hello, I'm exporting the URL log to CSV file (I'm using CLI csp export), but I'm having a issue when I try to import this log in MS Excel because some URL have a comma, that break the columns in a wrong way.Anybody knows if is there a way to export the URL field between double quote? I'm think that user_agent field can do the same issue.

Lauro by L1 Bithead
  • 6540 Views
  • 8 replies
  • 0 Likes

Resolved! EBL policy (URL & IP)

Hello, We have succesfully implemented the EBL with an Dynamic IP List,We also want to block destinations URL based , so i've created an Dynamic URL list. Is it possible to combine both objects into one security policy or do I have to create seperate policies?I am not sure about this and hope someone can answer my question. Best Regards,Patrick

ppater by L1 Bithead
  • 2298 Views
  • 1 replies
  • 0 Likes

Log Retention

I forward all my device logs to Panorama. I just noticed that the logs only go back 1 day. How can I enable longer retention? Is there a setting for that?

PANOS Autotag Workflow

I understand we can now add action to dynamic update source / destination IP to our DAG by log forwarding profile. Can i create 2 traffic profile, 1 for forwardining to syslog another 1 to update the DAG? How does it work. Thanks

On-Site-Spare (OSS) revert License

Dear all,Pls help meI transfered license to Spare device for PAN-OS upgrade, now I can not revert the license back to Primary device, is there any suggestion for me in this case?

Huy by L1 Bithead
  • 4047 Views
  • 4 replies
  • 0 Likes

Is there a Captive Portal type solution for non http/https services?

I am looking for a method to force identify users coming in over the internet trying to connect to an internal resource using MS-RDP. I originally thought I could use Captive Portal for this but CP documentation indicates its only works with HTTP & HTTPS....obviously this makes sense because without an http interpreter, how else could an app...

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks