This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4133 Views
  • 0 replies
  • 0 Likes

FQDN Address Object wont resolve

Hello, I am trying to setup a U turn NAT that runs so that any system trying to contact time.apple.com using the NTP protocol will be rerouted to an internal NTP server. We do not allow NTP out and iPhones and iPads ignore DHCP settings for the NTP server. I have created the NAT rule and when I input the destination as an IP address (not an ...

PhilH by L2 Linker
  • 15418 Views
  • 9 replies
  • 0 Likes

Resolved! How to make App-ID migration with a configuration splitted between Panorama and Firewall

I have a customer installation with addresses and services defined in the Panorama as shared objects. On the other side, all rules (using those objects) are define as local policy on the firewall. When I import panorama config in migration tool I see all objects. But when I import firewall configuration, policies display addresses and addresses ...

pglohr by L2 Linker
  • 10103 Views
  • 6 replies
  • 0 Likes

Youtube getting falsely recognized as google

Shortly, after the APP-ID changes were implemented, I'm having problems with youtube. By default we disable general access to youtube. However, we do allow access to specific videos. When I attempt to connect to youtube.com using http, I get blocked properly. But when I go to it using https. I pretty much have free run, and when I review the...

bwsaloum by L2 Linker
  • 3693 Views
  • 2 replies
  • 0 Likes

migration ipsec rsa vpn from juniper ssg

Hello all, There is 2 juniper firewalls.side to side between them.Side A and Side B I'm going to change side A with Paloalto and for sideB change configuration is not allowed. So everything is ok except for vpn.inside juniper phase 1 profile is selected as preddefined Rsa(rsa-g2-3des-sha sig), so what will I do on paloalto ? Thanks.

mathsss by L1 Bithead
  • 4924 Views
  • 6 replies
  • 0 Likes

GlobalProtect Prelogon without initial Internet Connectivity

Hi, Please can someone explain to me how GlobalProtect Prelogon can possibly work without any valid internet connection. For example in a hotel or cafe, you have to be logged into your laptop first to connect to the hotel's wifi portal so how does Prelogon work in this scenario?

indysogi by L2 Linker
  • 10588 Views
  • 9 replies
  • 0 Likes

How custom forward logs to syslog server

We are sending all logs from Palo to SIEM. How can we eliminate those of low or no value to us (exp. Allow_TCP_End) to be sent to syslog server? The server fills up quickly and there's a large amount of logs that provide no insight during analysis; we would like to NOT forward such logs. In other words, how pick and choose which event logs to se...

Arezoo by L0 Member
  • 3198 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama LDAP group mappings not updating for user-id

We have user-id setup and every cluster with a designated master device for user-id mappings. I have the group mapping of the new AD group showing in the gateway itself, however when I go to implement the group in a policy in panorama, it will not display the new group. I have done a forced refresh on the gateway and refreshed the panorama but w...

VPNC Ports?

Hi all, I have enabled VPNC for my Linux users who cannot use GlobalProtect. Does VPNC use port 443 like globalprotect? Can't seem to find any information about this on the web. -Matt

mmclimans by L3 Networker
  • 2850 Views
  • 1 replies
  • 0 Likes

How to restart the OSPF Process

Hi, I'm trying to do some debugging of some OSPF troubles that we are having and I'd like to restart the OSPF process to see the neighbors comes up and the LSA exchange. How do I do this via CLI? On a Cisco router it would be "clear ip ospf process X", but I can't find a Palo Alto equivalent. Thanks

GlobalProtect Client not Connecting

Hi All, I'm experiencing a problem with GlobalProtect and I'm hoping I can get some assistance. I'm able to log on to the GlobalProtect Gateway. I successfully log in and Download the agent. However, when I click 'Connect'. I get an error that says: 'CONNECTION TO SERVICE SOCKET FAILED'. I tried collecting logs from the GlobalProtect clien...

Bocsa by L3 Networker
  • 7952 Views
  • 3 replies
  • 0 Likes

Resolved! Old OS versions

I have serveral version of the OS under the device\software tab, is there first any harm to deleted old unused ones and will I regain disk space, a usefull amount?. I want to keep more logs on the box and am looking for ways to increase the space for logging. Any suggestions will be appreciated.

jdprovine by L4 Transporter
  • 5371 Views
  • 2 replies
  • 0 Likes

Unable to remove custom report from Reports.

When I go to Monitor->Report tab . Under Custom Reports I see 3 reports. One of the report test_report shows in there but is not in my Manager Custom Reports. I tried deleting it using delete report custom scope 1 report-name test_report file-name * I am getting an error. Server error : unable to remove directory for 'test_report'

Highlight Unused Rules

HiWe're running 4.0.1 in a test environment. We have a large Checkpoint rulebase that we will export. It ideally needs a rule tidy up to remove unused rules and objects.Can someone describe how the "Highlight Unused Rules" tick box option on the policy page works. Yep, I know it sounds obvious!! But what is it based on - the logs? If so how far ...

fmd by L3 Networker
  • 6663 Views
  • 5 replies
  • 2 Likes

Netflow data - How often is it exported to a collector and..

Our firewall is setup to export Netflow data to Nagios Network Analyzer. We need to know: a) How often is data exported from the Palo Alto to the NNA collector, and b) How large are the packets sent from the Palo to the collector Any ideas on where to find this information?

LShelton by L1 Bithead
  • 5501 Views
  • 7 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks