This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

dnsproxy failures

System log fills with messages like "Failed to resolve domain name:defrxpwgklm.capco.com after trying all attempts to name server(s): 8.8.4.4 194.25.0.68". DNS without dnsproxy is working. Can i restart the dnsproxy to fix this issue?The messages are appearing after some threats of type "Suspicious DNS Query".

azwicker by L1 Bithead
  • 3733 Views
  • 3 replies
  • 0 Likes

Resolved! DMZ Web Server Access Setup PT2

Hello Community, Can someone please let me know if Palo Alto have any documentation examples of setting up access to a webserver from the Internet that resides in a DMZ? Thank you Carlton

User-ID Agent Upgrade

Hi, We are planning to upgrade the User-ID Agent from version 6.0.6-4 to 7.0.3-13. Three PAN-OS are running with version 7.1.1, 7.0.5-h2 and 7.0.2 use the same agent server. Is version 7.0.3-13 will work with PAN-OS version above?

qafcopa by L1 Bithead
  • 4092 Views
  • 3 replies
  • 0 Likes

Global Protect 3.0.0 Gateway Certificate Error "Server Certificate verification failed" *FIX*

Hi All, Recently had a client upgrade their Global Protect Agent to 3.0.0 from 2.2.2. When connecting to the Gateway they would encounter the following message - "Server Certificate verification failed". From 2.1.0 you had to ensure the External Gateway address in the Agent/Client configuration of the Portal is the CN of the Certificate you...

Resolved! Group Mapping for Domains with Non-contiguous namespace

Hi I'm attempting to implement userID on PAN-OS 7.0.6 within a multi-domain forest. All of our workstations exist on one domain and users logging into those workstations exist on another domain within the same forest. I have the UserID agent setup on a member server on the workstation domain and it can correctly map the IP address to usernames...

Resolved! DMZ Web Server Access Setup

Hello Community, I have set up a lab environment shown in the below below that is meant to allow access from 192.168.1.X to the sever 10.2.2.1 using static NAT ip address 192.168.1.251 I have configured everything as demonstrated in the CBT Nugget see below for the NAT and Security Policies However, the policy wont

IMAGE.png
NAT POLICY.png
Security Policy.png

Blocking brute force SSH to firewall

For various business reasons I need to allow SSH directly to a PA-3020 to manage the unit. Is there a way to apply a vulenerability policy to this traffic so that I can block bruteforce attacks? Thanks Dustin

dscott98 by L0 Member
  • 5647 Views
  • 3 replies
  • 0 Likes

Resolved! How Passive FTP is filtered in Palo Alto

Hi Guys, I know application FTP covers both Passive and Active FTP. However, my question is how it filters the traffic. I mean how a server Intiating a connection to the client will be filtered and allowed. Can anyone help.

yadsingh by L2 Linker
  • 13190 Views
  • 3 replies
  • 0 Likes

Can I Obtain the CVE in the PA event Log

We have numerous PA firewalls that alert for vulnerabilities. I also have a product that scans for vulnerabilities in my network. The scanning device has CVE numbers in its events. The PA has PA's unique identifier in its event. Is there a way for me to pull in the CVE into the Pans threat event so I can correlate the PANs threat events to my ex...

Error after Upgrading to 6.1.10

I upgraded our Panorama and two PA3020's in a HA setup this morning. Afterwords I am getting the following errors committing from Panorama to our PA3020's. Details: . Configuration committed successfully Warnings: . vsys1 (vsys1) . Warning: NAT DIPP rule Source-NAT-Rules: Needed translated addresses space after multplying oversubscrition...

stjones by L0 Member
  • 4268 Views
  • 1 replies
  • 0 Likes

Syslog parser

Hi all, do you know if it is possible to use the syslog parser to obtain device information (for instance Operating system) and use this info in security rules?. I am using the syslog parser to obtain the IP-User mapping and it works perfectly, now I would like to obtain more info from the log. I know that the device info is available if you use...

ssancho by L2 Linker
  • 2676 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama HA Status

Hello everyone, When I have 2 firewalls in an HA state after a few minutes my primary device gets a Non-functional (Drive error detected). I normally fix this by suspending the local device on my passive firewall. Is there a way to keep both devices up with out having to manually reset the local device. Thanks, Jeff

Resolved! forming firewall HA in a panorama managed environment

we have a panorama managed firewall and we push objects from panorama to it . we are considering to make a HA firewall setup . as per articles from PaloAlto , Panorama objects are not being synchronized.Question 1 : Should we add secondary firewall to Panorama prior to forming HA cluster and ensure it's completely synced up ? Question 2 : Is the...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks