This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

Globalprotect MFA with RSA secureID with Radius

I have a customer who is trying to configure MFA in GP with RSA SecureID server with Radius server profile (Not the MFA profile that was introduced with 8.1).The first factor should be user name and password and the second factor should be an OTP token.Both username, passowrd and token should be validated by the RSA server.I have done the config...

Help whitelisting a URL that routes through Cloudfront

Hi all, I am having trouble whitelisting a site and wanted to see what I can do about it. The website I am whitelisting is https://www.pahealthwellness.com/login.html. When you make some selections on the page, it redirects to https://sso.entrykeyid.com . I have a rule set to allow both those URL's with wildcards, but the bigger problem is tha...

Having issue with management profile to be applied to Outside (public) interface.

We have /24 public ip allocated to the main office. So we have pretty wide range of pubic addresses to use while testing configuration. I have been configuring Palo Alto firewall for new migration project. Currently managing Palo Alto through dedicated management port. I have setup management profile to allow: HTTPS, SSH, PING only. Want to ac...

B.Alimov by L1 Bithead
  • 1744 Views
  • 2 replies
  • 0 Likes

IP address associated with wrong zone

My appliance is associating the wrong zone to an ip address. It was picking the correct zone but then stopped.Does any one know why that would be the case and to get it back into the correct zone? I'm running PAN OS 8.0.4. Thanks,Eugene

eugenep by L3 Networker
  • 6409 Views
  • 4 replies
  • 0 Likes

LAB SKU for PA-VM 10.1.0 License

I am interested in purchasing a LAB SKU license for my PA-VM 10.1.0 to use in my VMware environment for practice labs. Could you please provide information on the available options and pricing for a lab-specific license? Thank you for your assistance.

Resolved! PAT/NAT rule not working

Hi I am looking to create a PAT for an internal server which will use the /30 public IP of the Palo outside interface and port 16385 to be reachable. The below scenario: PAT/static NAT towards the private IP of O-IntercomSRV-01 (the intercom server) using UDP port 16385 from sources OG-Parking-Intercom-Dest source port 16385. O-IntercomSRV-0...

MAllen_0-1721916847976.png
MAllen_1-1721916864575.png
MAllen_2-1721916898264.png
MAllen_3-1721916944923.png
M.Allen by L2 Linker
  • 2934 Views
  • 4 replies
  • 0 Likes

Palo Alto Intergrade with ACI- Cannot see hop firewall on tranceroute

I Integrade Firewall Palo Alto with ACI One Arm , virtual system divided into 2 for North South and East West On Firewall config Subinterface Layer3 ( Vlan Tag) set IP and config default route to Gateway one ACI. (reference guide) https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/set-up-a-firewall-in-cisco-aci/integrate-the-f...

Resolved! TCP & UDP Floods from trusted zones

Hi everyone, We receive TCP or UDP Flood threat logs from time to time on different firewalls of ours. In the image below you can see that the source and destination zones are the same, i.e. "zoneTrust", and this the case for all threat logs of this type. Is this information regarding zones reliable? and if yes, how can we find the host(s) respo...

Arman_Zaheri_0-1722255506276.png

App id

Hello, I have a question about app id. The App-ID description contains a Deny Action description of the action taken. Whatever action is imposed by the security policy, the flow will follow the action of the App Id?

Sarou22 by L2 Linker
  • 2001 Views
  • 3 replies
  • 0 Likes

How to Deny or Drop Replies in Allowed UDP Sessions

Hi All, I'm trying to address a hypothetical scenario where some solutions act only as listeners and do not need reply to the sender. For example, a SIEM system listening on UDP port 514 does not reply to the log sender. In such a case, we configure rule as follows:- Source: Log source- Destination: SIEM server- Service: UDP/514 However, I’m con...

Resolved! SYSTEM ALERT : medium : MLAV: Unknown error

Repeatedly receiving the above alert on 4 separate PA firewalls throughout the evening, can't find much information online relating to it. Has anyone else received this message before? If so, what steps should I take to troubleshoot and resolve the message. currently running versions 10.2.6-h3 and 11.0.3-h10. Thanks

KirkH by L0 Member
  • 10292 Views
  • 15 replies
  • 6 Likes

Resolved! Can't get AD and SMB to work from Azure to On-prem server

Hi, I'm working on a newly created Azure environment with very little networking set up. Our setups are as follows: Azure: Working S2S VPN Route table pointing to the on-prem subnet A VM for testing with an NSG allowing all traffic both inbound and outbound On-Prem: Necessary firewall rules (Palo Alto) to allow AD, SMB, RDP, and ping A domain...

Resolved! Application override

Hello, Application Override to a custom application will force the firewall to bypass Content and Threat inspection I've read several documents but I still don't understand the point of doing this. What's the point? Thanks

Sarou22 by L2 Linker
  • 2138 Views
  • 3 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks