General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 312 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 985 Views
  • 0 replies
  • 0 Likes

How to upgrade a Firewall out of support ?

Hello

 

We have an old PA220 for lab testing purposes. The firewall is currently running the 8.0.0 ver. We also have PA850 but in the support site I can only see the software download option for the PA850 and not for the PA220.

Can anyone tell me how

...

CAPTIVE PORTAL TIME-OUT

SETUP: PALO ALTO connected to ACTIVE DIRECTORY for groups
CAPTIVE PORTAL ACTIVATED 
idle time-out 500minutes
timer: 600minutes

CLI> show user ip-user-mapping ip x.x.x.x

SCENARIO 1: 
user log in to PC > mmp1234
CLI> show user ip-user-mapping ip 1.2.3.4.
Ip ad

...

Resolved! physical m500s to VM panOS

I'm wanting to migration from physical m500s to VM panOS.

Are we able to connect a physical to VM and have HA be sync'd?

Otherwise would the recommendation be to setup new VMs has with ha, have the the FWs re-point to the new VM panorama's for manage

...

Credential Theft Protection and SSL Errors

I am currenlty doing a proof-of-concept test for the Credential Theft Protection feature. SSL decryption is configured and working. I can get the system to re-direct to the Anti Phishing Continue Page. However, that page uses the SSL cert associated

...

Resolved! Device Certificate OTP stuck in progress

Hi,

so i have a panorama vm on 10.1.10-h2 managing 4 NGFWs on VMs in azure.

need to install device certs.

in CSP i did the OTP and install for the panorama first and this went to plan. cert installed and happy.

then I did the OTP process for the mana

...

PA_nts by L3 Networker
  • 2354 Views
  • 2 replies
  • 0 Likes

Throughput means through show system statics session.

Hello all,

I checked the throughput information of CLI > show system statistics session as part of a way to check real-time traffic volume in Paloalto during migration work.

There was an inquiry from the customer about exactly what the throughput figu

...

Resolved! PAN-OS Certificate Expirations Clarification

With all the recent certificate update requests over the past couple months, the documents have become a bit confusing. Previously the below article stated version 10.1.11-h4 was a fix but now the article (updated 2/22/24) says version 10.1.11-h5 is

...

allowing MS product activation and denying web access

I have a network that I want to allow MS product activation to work but web browsing and other internet activity to be denied.

I have two main security policies that apply just to this network although DNS and ntp is also allowed:

The first one is an a

...

kjh by Not applicable
  • 12208 Views
  • 3 replies
  • 0 Likes

Resolved! QoS Policing on one of interface.

I want to establish a 600Mb egress rate limit on a specific interface. Is this the correct procedure to implement and enforce the policy? Since I'm new to setting up QoS on Palo Alto devices, I would appreciate some guidance. Additionally, I'm curiou

...

JasonKu_0-1708801333211.png
JasonKu_1-1708801379846.png
Jason.Ku by L1 Bithead
  • 1040 Views
  • 1 replies
  • 0 Likes

Resolved! VPN Global Protect Portal - two VR and one VR environments

VPN Global Protect Portal - two VR and one VR environments

 

Hello, good afternoon.

As always, thanks for the help, the support, your time and collaboration always.

 

I tell you I have the following case, which has me very restless, since I always tr

...

Metgatz by L4 Transporter
  • 4569 Views
  • 2 replies
  • 0 Likes

Layer 2 subinterfaces w/ Vlan interface for routing.....

Say I want to connect this port to a switch downstream (trunk), with clients hanging off of switch on access ports and use vlan interfaces for routing. Switch is set to trunk allowing relevant vlans, the firewall interface is subinterfaced (layer2) w

...

VK9H13 by L2 Linker
  • 1270 Views
  • 1 replies
  • 1 Likes
  • 24040 Posts
  • 115 Subscriptions
Top Liked Authors
Labels