This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

How to generate SNMP Trap for testing purposes on PAN OS?

Hello I'm on PAN OS 6.1.8 and I try to test my reporting/alerting system. Is it a way to generate trap from PAN os from CLI/GUI? P.S. This doc https://live.paloaltonetworks.com/t5/Configuration-Articles/SNMP-Trap-for-Port-or-Link-status/ta-p/56280 is realy outdated but still searchable. It also doesnt have info of PAN os. Regards Slawek

_slv_ by L4 Transporter
  • 4360 Views
  • 1 replies
  • 0 Likes

python-script How to add source address to gpolicy (XML API)

Hello, i would like to add source address and destination address in a policy using XML API. below syntax is right? /api/?type=config&action=set&key=key_value&xpath=/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test']&element=<source><member>192.168.1.1</member></source><destinat...

RADIUS authentication and multi-vsys configuration

Hello, i have a pair of 5020, with multi-vsys environment and i want to be able to separate admin access based on vsys and read-only/read write access. I successfully configured following admin access scenario, using external RADIUS server: separate read-only user access to all vsys separate read-only user access to only one vsys separate read-w...

What is the "Allow" action in Data Filtering log for Wildfire?

Hello, I understand what forward, upload, and upload skip mean in the Data Filtering logs for wildfire. But some files I see the Action listed as "Allow". What does this mean exactly? I've been searching for an hour and can't find any reference to that action. Thanks, Elliott

epeeler by L2 Linker
  • 2626 Views
  • 2 replies
  • 0 Likes

Resolved! Configuration Migration between same series appliances

Hello PAN Community. I would like to read your opinions/comments about the following situation: we currently have a HA Scenario deployed in production with 2 PA-3050 in active-pasive mode, both of them with PAN-0S 6.0.4. We plan to replace the scenario with PA-3020 appliances and both of them with PAN-OS 6.0.6 installed. How should we proceed? I...

Resolved! SSL Decryption - log for SSL certificate errors?

Hi all, We are using PANOS URL Filtering and SSL Decryption, and we reject a variety of SSL certificate problems such as expired certificates, SHA-1 signing, etc. When one of our users hits one of these web sites, they get a "block" page. This invariably leads them to submit a request to have the site unblocked, without any additional inform...

RSKadish by L2 Linker
  • 8775 Views
  • 3 replies
  • 0 Likes

Resolved! Proxy IDs help

HelloI have a Palo Alto Firewall which wants to have IPsec Tunnel with a peer firewall which is a Checkpoint Firewall. Any of the firewalls can initiate VPN Traffic. Can someone kindly let me know, what proxy IDs can be set on my Palo alto firewall for the following 2 cases.Case 1:My internal networks for VPN (Palo Alto Firewall) : 172.16.10.0/2...

way to do site-to-site with single tunnel and preserve security rules for intra and interzone?

hello all, I've got to add a new satellite office into our network and I was hoping to do this with a single tunnel. If that were all that was required I'd probably be fine, but it's complicated by the fact that several years ago when our network was built it was decided, presumably for budget reasons, to use our PA hardware as router, firewal...

Domain-map showing no result

What can be the possible reason for debug user-id dump domain-map showing no result. I have a domain with netbios name as test where in the actual domain is test.abc.def.com. I am using user-id agent. I am pulling mapping from the user-id agent as test\usernamewhere as group mapping as test.abc.def.com\group.when I tried to use domain-map comman...

Westcon2 by L3 Networker
  • 2692 Views
  • 1 replies
  • 0 Likes

Wildfire signature

Hi folks, After Wildfire detect that file is malicious , how can i block this file or how can i find this malicious file signature ?

User-ID domain-map

Hi guys. I have a problem with a user-id setup in a large multi domain envoirment. User-ID agentd are working fine, but the user did not match against the group mapping. It looks like we have a problem with the domain map. The command debug user-id dump domain-map delivers only a empty result. We setup the group maping against the Global Catal...

Routing Multicast PIM SSM

Hi guys, I have Palo Alto cluster A/P with PIM SSM, I would like to know how is manage the multicast routing if i lost the active member ? Regards

Zacre by L0 Member
  • 2546 Views
  • 1 replies
  • 0 Likes

Resolved! How to find out the right app-id

Hi all, I started studying PA firewall recently and am struggling with finding out the APP-ID for some traffic. I can easily find out the services(or ports for CISCO ASA) and create the rules based on services/ports, but by doing this we will lose the visibility of application which is the reason we use PA in the first place. So, use as much ...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks