This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4231 Views
  • 0 replies
  • 0 Likes

Resolved! PA-5050 Google search engine issue?

Hi Guys, Having an interesting same time strange problem. Don't think it is Palo issue but decided to post here if somebody has seen the same before. Trust > Untrust traffic NATed to the external interface. All users affected but for test we do have a host in the Trust zone without any profile attached to the policy purely any any allow to th...

no pop up.PNG
when working.PNG

Panorama location best practice

I have deployed Panorama in our LAN and plan to manage a global install. Now I realized that remote firewalls cannot reach it until they have their VPN setup (which I prefer to do using Panorama too). What is the best practice to solve this? Should Panorama reside in a DMZ and have managed firewalls communicate over the Internet to a public IP?

Download fails at 35mins mark

I am trying to download an ISO from microsoft site. It is around 5.2gb file and it has failed few times now around 4.7gb/35mins mark. Logs shows access allowed. using PA200 7.0.9.

How to Add custom file extensions in PA file extension list?

Hello, As we are implemeting Paloalto NGFW 3020 in our organization and now we facing a problem. We are implemeting security profiles and we want to add some file extensions which is not listed in PA file extension list. How could we add these custom file extensions such as *.vb, *.vbs, *.com etc...? Very appreciate for all of your valu...

Wayne88 by L1 Bithead
  • 4276 Views
  • 1 replies
  • 0 Likes

Resolved! Policy lockdown question

Hi all, maybe obvious question but it there was to lock down a firewall policy to just a particular. Example only John Doe can make changes to Rule#1 and 2

Resolved! Github Pan-configurator tool

Trying to install and use Pan-migrator what does below mean and how does one resolve itC:\Users\frankcl\Downloads\dev\dev\pan-configurator>git pull origin masterfatal: unable to access 'https://github.com/cpainchaud/pan-configurator.git/': Could not resolve host: github.comC:\Users\frankcl\Downloads\dev\dev\pan-configurator>pausePr...

GP certificate differences in 2.3 and 3.1

Hi, We have an internal CA, we have a certificate generated and it is used for GP portal/gateway only, clients are authenticating via usual credentials. Nothing fancy overall. So there are external clients who do not have CA cert installed, so they are getting "untrusted certificate" warning when connecting to the GP gateway. But the GP agent be...

nikoo by L3 Networker
  • 2005 Views
  • 1 replies
  • 0 Likes

Resolved! CLI command to disable power supply

Hi Does anyone know of a command to disable one of the power supplies on a PA5000 series firewall (for the 7.0 software train) please? I need to disable one of the power supplies on a remote firewall and dont have the option of pulling the cable manually.

Interface traffic utilization report for multiple VSYS device

Hi all So I'm trying to generate a very simple report on the interfaces showing what the max, min and Avg interface utilization was for the PAN device. So I have two interfaces inbound and outbound, they have multiple subinterfaces created and configured as Virtual Wires that are tied to different VSYS. I can pull a report for all VSYS showing ...

AHBosch by L0 Member
  • 2773 Views
  • 1 replies
  • 0 Likes

Resolved! MineMeld syslog indicator rules

Hi all, I've successfully connected my firewall to the syslog miner and can see logs arriving. I believe I now need to create a rule to match logs to extract the indicators. Here's my recieve stats from the miner: Here's the rule I'm trying to craft to extract the src_ip info.. Additionally, is it possible to extract the attacker IP from ...

miner-stats.jpg
rule.jpg
tkirk by L1 Bithead
  • 11639 Views
  • 6 replies
  • 0 Likes

Removing interfaces off a VM-series HA pair

As per title, functionally, this is easy to do.1. Shut VM down.2. Remove interfaces from virt solution configuration for the VM3. Power up. 4. All is well. But, in a PAN VM-series HA pair... I'm worried that I might have to shut both down AT THE SAME TIME. To remove the interfaces symmetrically.. off both. And then power both back up again. To...

mpgioia by L3 Networker
  • 2235 Views
  • 1 replies
  • 0 Likes

Import from xml of a 2 vsys system

I have an xml config export from a PoC system that had 2 vsys configured. Is there a way to peel out one of the vsys configurations from the xml and import vsys1 only?

RFalconer by L3 Networker
  • 2417 Views
  • 1 replies
  • 0 Likes

url-filtering

Hi,In url filtering adult-and-pornography blocked . But la-xxx.com can accesiblexxx.com not blocked 1)test url la-xxx.comla-xxx.com adult-and-pornography (Dynamic db)2)test url xxx.comxxx.com adult-and-pornography (Base db)other info----------show url-cloud statusThis command requires the PAN-DB URL filtering database.url filtering db5076Thanks

sib2017 by L4 Transporter
  • 5384 Views
  • 8 replies
  • 0 Likes

Two L3 interfaces on One Zone

Hi, in the setup of the above diagram , I need to run OSPF on Paloalto between two Core-SWs, so I have to create two L3 interfaces Point to Point with the two SWs. the two core-SW is considered as inside for me , so from the prespective of routing it is okay.but the issue on the polices, I have to create the polices duoble between two inside z...

Question.jpg
  • 24357 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks