This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

STUN Application

Howdy Folks, Trying to learn more about the STUN application. Wondering if any other enterprises are allowing this application. I know the applipedia says its not high risk but it also seems like it uses a variety of ports. Don't know much about it but in this case I can make a rule based on destination and Application/protocol. Thanks, ...

Automation / API - Register and de-register devices to log-collector group

I am looking for a way to automatically register and de-register a newly created firewall to a specific log-collector group. I had hoped to achieve this with https://github.com/PaloAltoNetworks/pan-os-python but I struggle translating the xml path to work with the op() method. While running "set log-collector-group collector-group logfwd-setting...

Findus by L0 Member
  • 1245 Views
  • 2 replies
  • 0 Likes

Resolved! Local Logging configuration

Hi Team, By default i see the logging configuration it is pointing to Panorama. But we are not managing the firewall using Panorama, we are managing it locally. Can we configure the logging to be logged locally only like live logs max of 100mb should be stored for troubleshooting purpose and then auto delete. Regards, Sanjay S

can't export BPA file

Hi every one, I need export BPA file, so I follow guide link https://docs.paloaltonetworks.com/strata-cloud-manager/getting-started/dashboards/on-demand-bpa-report But when I access this page, the option to upload the tech-support file does not appear.

KhoiVu by L0 Member
  • 1525 Views
  • 3 replies
  • 0 Likes

LDAP auth not working for Palo login

Hi all, I have deployed a new Palo and configured LDAP auth but I am getting an error. I checked the BIND account is active and all settings appear ok, anything else to troubleshoot this? Reason: Internal error, e.g. network connection, DNS failure or remote server down.

MAllen_0-1722337236638.png
M.Allen by L2 Linker
  • 3522 Views
  • 9 replies
  • 0 Likes

Resolved! Nat

Hello, I Saw this on a website "Security policies differ from NAT rules in that security policies examine post-NAT zones to determine whether the packet is authorized or not." I don't understand why because it's the packet without NAT ( no NAT) that reaches the firewall and the firewall compare it to the security policy to determine whethe...

Sarou22 by L2 Linker
  • 2221 Views
  • 3 replies
  • 0 Likes

CLI find objects by wildcard search

PANOS 10.2.9-h1. Is there a way to use the CLI to wildcard search for address objects either by name or IP address? The goal is to take those objects, manipulate them in a known way, and then re-inject them. Name would be preferable. Assuming I typed them correctly, then I should be able to get about 99% accuracy in replacement of ob...

mheyman by L1 Bithead
  • 1152 Views
  • 1 replies
  • 0 Likes

Resolved! Palo VM firewall drop packets behind Azure load balancer

The topoplogy is spoke subnet ---> Aure LB ---> 2x Palo VM firewalls -> express route --> on-prem Palo firewall --> on-prem server user at spok subnet send files to onprem is very slow. we did iperf test from a subnet in the spoke vnet to an onprem test server. There are drops on both of the firewalls that behind the LB. The dropp...

Global Protect multiple VPN and multiple authentication methods

I Have question regarding GlobalProtect: I have 1 Palo Alto with configured GlobalProtect. I would like to configure 2 profile, 1 for my internal users using SAML authentication,and another for vendors using the local database. Similar to Cisco AnyConnect where you can have a drop down list and pick the connection profile. Since i am using SA...

Monthly Traffic Report for a User

Hello everyone, I would like to export the monthly internet traffic usage of users on Palo Alto. Specifically, I need to know how much traffic a single user has used in a month, including both upload and download. However, I am unable to find this specific information. The reports provide all traffic data, which results in an overwhelming amount...

Fagani by L2 Linker
  • 1306 Views
  • 2 replies
  • 0 Likes

Resolved! PA-VM license

Hello,I am a PA beginner. I have pratice a lab for global protect and configuration finished, but it seem need license. The message has 「Warning: GlobalProtect Gateway License is invalid.」My PA is VM, software version is 8.0.0 , globalprotect agent is 0.0.0 , I don't know how to get free vm license.Thanks!

Chin123 by L1 Bithead
  • 5257 Views
  • 6 replies
  • 0 Likes

Globalprotect MFA with RSA secureID with Radius

I have a customer who is trying to configure MFA in GP with RSA SecureID server with Radius server profile (Not the MFA profile that was introduced with 8.1).The first factor should be user name and password and the second factor should be an OTP token.Both username, passowrd and token should be validated by the RSA server.I have done the config...

Help whitelisting a URL that routes through Cloudfront

Hi all, I am having trouble whitelisting a site and wanted to see what I can do about it. The website I am whitelisting is https://www.pahealthwellness.com/login.html. When you make some selections on the page, it redirects to https://sso.entrykeyid.com . I have a rule set to allow both those URL's with wildcards, but the bigger problem is tha...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks