This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4137 Views
  • 0 replies
  • 0 Likes

Tool to help map out your PA configuration

I need to go through my PA and map out the security zones, NAT rules, and so on that have accumulated over the years and I need a tool to help me scrub through the configution and sort out what is going on. I heard there was a tool called Clikr or Clickr or something like that that is an open source tool that is supposed to help with this kind ...

RustyPA by L1 Bithead
  • 5214 Views
  • 4 replies
  • 0 Likes

Resolved! Possible to store foreign ssh key on the firewall (for key-based scp transfer)?

I want to be able to use scp from the firewall to transfer a config file to a remote server without entering a password. So I need to store the remote user's public ssh key in the equivalent of an authorized_keys file on the firewall. Is this possible? What I'm trying to do is schedule an automatic pull of the running-config.xml down to a server...

dsegel by L0 Member
  • 4041 Views
  • 2 replies
  • 0 Likes

Palo Alto as a DNS Server

I have a very small network without a DNS server and I'd like to if possible use a PA200 as a DNS server. I want to try to create static DNS entries for a few hosts on the PA, then point those hosts to the PA as their DNS server. Does this work? Any caveats?

RustyPA by L1 Bithead
  • 4580 Views
  • 3 replies
  • 0 Likes

Scheduled a reboot of managed firewalls (tasks) from Panorama

Hello everyone, I want to know if is possible to ask Palo Alto to add this feature to Panorama, we have 100+ firewalls at branch offices, when we applied a software upgrade for example 6.0 - 7.0 it always ask for a reboot to apply the new version (In a perfect world we could reboot the firewall at any time but sadly is not possible until third s...

scp export with unexported-only option

Hi,I would like to know how to use the unexported-only feature with this command:scp export log traffic to user@ip:/path/test.csv start-time equal 2016/08/14@00:00:00 end-time equal 2016/08/14@23:59:59 Also is it possible to invoke it through the API? Thanks!

amagri by L1 Bithead
  • 4847 Views
  • 4 replies
  • 0 Likes

Static Routes not Working

I have a network with in my network that I am trying to control access with user-id in the palo alto. Before I can do this I need to get routing working. The routing works just fine up to the palo alto in my test environment. Each interface can talk to the next hop on the otherside but traffic isn't routing across the interfaces. I can not p...

trees by L1 Bithead
  • 8859 Views
  • 4 replies
  • 0 Likes

application not working.

I had a customer connecting to an application from trust to untrust. It was working and then suddenly stopped working.I could see in the logs it was coming as port 443 and application -incomplete and then next day it started working with port 443 and application ssl. Any logical reason why this would happen. Running 7.0.6 PA200.

about mtu

Hello all, There is a problem with a smb traffic(very very slow)For the related source and dest. ip address 2 filter is configured and show counter output has : flow_fwd_mtu_exceeded 9 3 info flow forward Packets lengths exceeded MTUflow_ipfrag_frag 18 6 info flow ipfrag IP fragments transmitted There is no drop.All devices through the way has m...

PanIst by L3 Networker
  • 2556 Views
  • 1 replies
  • 0 Likes

Resolved! Blocking macro-enabled Office files (docm, xlsm, etc)

The available file types that can be filtered doesn't include Office documents with macros (docm, xlsm, etc). These are being used now to sneak garbage into the network. Is there a way to ID them or are they on the horizon for inclusion in the file blocking filters? An innovative way that is being used is to create an xlsm file with a malicio...

gleduc by L1 Bithead
  • 12603 Views
  • 4 replies
  • 0 Likes

Resolved! Domain names in Security Policy

Does anyone know if it's possible to use a domain in a security policy? I know that I can use FQDN but what happens if I need to allow a wider range, such as *.zoom.us? Can this be done or am I out of luck?

BPry by Cyber Elite
  • 5583 Views
  • 4 replies
  • 0 Likes

GlobalProtect - Client Certificates Deployment

Greetings, I have used the following article to distribute client certificates for GlobalProtect: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Issue-Certificates-to-GlobalProtect-Devices/ta-p/53642 My understanding is that with this method of certificate distribution, all client machines will have the same client certificat...

Creid by L0 Member
  • 2573 Views
  • 2 replies
  • 0 Likes

QoS and interfaces - some conception advice needed

Hello I will migrate fom PA200 to PA500. I have some local networks (DMZ, Wifi for students, Wifi for stuff, LANs)I need to use QoS but I need some advice with that. I know that I can controll only on outgoing interfaces but I have no idea how to get it working with one condition: I wouldnt limit traffic from/to my local servers in DMZ. Now I ha...

_slv_ by L4 Transporter
  • 4211 Views
  • 6 replies
  • 0 Likes

Resolved! VM-300 Steps validation

Can some please these are the initial steps for setting up VM-300 in NSX? 1) Register auth codes for VM's2) Download the base-image on he VM that will host VM-300 firewall3) When download of sofware is complete I should UUID an dCPUUID4) After base configuration in VmWare NSX is completed I will be about to go to portal and register the new V...

  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks