This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4454 Views
  • 0 replies
  • 0 Likes

CLI find objects by wildcard search

PANOS 10.2.9-h1. Is there a way to use the CLI to wildcard search for address objects either by name or IP address? The goal is to take those objects, manipulate them in a known way, and then re-inject them. Name would be preferable. Assuming I typed them correctly, then I should be able to get about 99% accuracy in replacement of ob...

mheyman by L1 Bithead
  • 1237 Views
  • 1 replies
  • 0 Likes

Resolved! Palo VM firewall drop packets behind Azure load balancer

The topoplogy is spoke subnet ---> Aure LB ---> 2x Palo VM firewalls -> express route --> on-prem Palo firewall --> on-prem server user at spok subnet send files to onprem is very slow. we did iperf test from a subnet in the spoke vnet to an onprem test server. There are drops on both of the firewalls that behind the LB. The dropp...

Global Protect multiple VPN and multiple authentication methods

I Have question regarding GlobalProtect: I have 1 Palo Alto with configured GlobalProtect. I would like to configure 2 profile, 1 for my internal users using SAML authentication,and another for vendors using the local database. Similar to Cisco AnyConnect where you can have a drop down list and pick the connection profile. Since i am using SA...

Monthly Traffic Report for a User

Hello everyone, I would like to export the monthly internet traffic usage of users on Palo Alto. Specifically, I need to know how much traffic a single user has used in a month, including both upload and download. However, I am unable to find this specific information. The reports provide all traffic data, which results in an overwhelming amount...

Fagani by L2 Linker
  • 1429 Views
  • 2 replies
  • 0 Likes

Resolved! PA-VM license

Hello,I am a PA beginner. I have pratice a lab for global protect and configuration finished, but it seem need license. The message has 「Warning: GlobalProtect Gateway License is invalid.」My PA is VM, software version is 8.0.0 , globalprotect agent is 0.0.0 , I don't know how to get free vm license.Thanks!

Chin123 by L1 Bithead
  • 5446 Views
  • 6 replies
  • 0 Likes

Globalprotect MFA with RSA secureID with Radius

I have a customer who is trying to configure MFA in GP with RSA SecureID server with Radius server profile (Not the MFA profile that was introduced with 8.1).The first factor should be user name and password and the second factor should be an OTP token.Both username, passowrd and token should be validated by the RSA server.I have done the config...

Help whitelisting a URL that routes through Cloudfront

Hi all, I am having trouble whitelisting a site and wanted to see what I can do about it. The website I am whitelisting is https://www.pahealthwellness.com/login.html. When you make some selections on the page, it redirects to https://sso.entrykeyid.com . I have a rule set to allow both those URL's with wildcards, but the bigger problem is tha...

Having issue with management profile to be applied to Outside (public) interface.

We have /24 public ip allocated to the main office. So we have pretty wide range of pubic addresses to use while testing configuration. I have been configuring Palo Alto firewall for new migration project. Currently managing Palo Alto through dedicated management port. I have setup management profile to allow: HTTPS, SSH, PING only. Want to ac...

B.Alimov by L1 Bithead
  • 1836 Views
  • 2 replies
  • 0 Likes

IP address associated with wrong zone

My appliance is associating the wrong zone to an ip address. It was picking the correct zone but then stopped.Does any one know why that would be the case and to get it back into the correct zone? I'm running PAN OS 8.0.4. Thanks,Eugene

eugenep by L3 Networker
  • 6491 Views
  • 4 replies
  • 0 Likes

LAB SKU for PA-VM 10.1.0 License

I am interested in purchasing a LAB SKU license for my PA-VM 10.1.0 to use in my VMware environment for practice labs. Could you please provide information on the available options and pricing for a lab-specific license? Thank you for your assistance.

Resolved! PAT/NAT rule not working

Hi I am looking to create a PAT for an internal server which will use the /30 public IP of the Palo outside interface and port 16385 to be reachable. The below scenario: PAT/static NAT towards the private IP of O-IntercomSRV-01 (the intercom server) using UDP port 16385 from sources OG-Parking-Intercom-Dest source port 16385. O-IntercomSRV-0...

MAllen_0-1721916847976.png
MAllen_1-1721916864575.png
MAllen_2-1721916898264.png
MAllen_3-1721916944923.png
M.Allen by L2 Linker
  • 3041 Views
  • 4 replies
  • 0 Likes

Palo Alto Intergrade with ACI- Cannot see hop firewall on tranceroute

I Integrade Firewall Palo Alto with ACI One Arm , virtual system divided into 2 for North South and East West On Firewall config Subinterface Layer3 ( Vlan Tag) set IP and config default route to Gateway one ACI. (reference guide) https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/set-up-a-firewall-in-cisco-aci/integrate-the-f...

Resolved! TCP & UDP Floods from trusted zones

Hi everyone, We receive TCP or UDP Flood threat logs from time to time on different firewalls of ours. In the image below you can see that the source and destination zones are the same, i.e. "zoneTrust", and this the case for all threat logs of this type. Is this information regarding zones reliable? and if yes, how can we find the host(s) respo...

Arman_Zaheri_0-1722255506276.png
  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks