This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

Resolved! How to REJECT instead of DROP?

Try as I might, I cannot find a way to do the equivalent of the venerable iptables target REJECT --with-icmp-ureachable or --with-tcp-reset for basic firewalling on a 4020.This is handy for bouncing internal clients quickly, whereas DROP is better to make things slower for adversaries who are scanning our nets from outside.For example. If I want...

Priyan by Not applicable
  • 19570 Views
  • 11 replies
  • 1 Likes

Dynamic DNS URL Redirect Control

Hello,Most of the "Dynamic DNS" sites are categorized as Computer and Internet Info (PANDB). On occasion a device will get infected because of a Dynamic DNS redirect to a malicious site. The initial URL connection is through one of the DDNS sites. Because we allow "Computer and Internet Info", the connection is allowed to the final (malicious...

MGoodnow by L4 Transporter
  • 3094 Views
  • 1 replies
  • 0 Likes

Resolved! Is there anything in the works for pulling User-ID data directly from a MS NPS server

User-ID integration with Microsoft AD is great, and works nicely, but we have the bulk of our users using RADIUS to authenticate wirelessly with 802.1x, and we're using a Microsoft NPS server to do that job. These users' devices are not necessarily (and often are not) Windows domain computers, so the LDAP lookups aren't providing the needed info...

V-Wire Mode with trunk

Hey Guys, i am about to deploy PaloAlto 5020 in a v-wire mode with trunk on them, does any one has any known issues that i may encounterhere is the topologyCurrent: switch ====(trunk)===== cisco firewallnew: switch======(trunk)=====PaloAlto (vwire)=====(trunk)====Cisco firewall.Any help would be appreciated.Regards,~Harry

Harshit by L3 Networker
  • 2488 Views
  • 2 replies
  • 0 Likes

VPN Global Protect

Hello everbodyConfigured on a global protect our customers and all this working well, just a little problem that we try,can not send icmp packets via hostname only via IP Address, on your local network can ping both via hostname as IP Address. I'm pointing to in the policy area of internal, where is my DNS servers and the reverse of it is worki...

Need to migrate checkpoint firewall config files to palo alto xml file.

Hi All,Kindly let me know the solution for the same....Stopped the services in checkpoint using cpstop command using CLI and and targeted the folder called upgrade_tools directoryRun the command called upgrade_export and named the new export file and output came with file called .tgz successfullyUnzipped the file called Upgrade31.export.tgz and ...

Krish by Not applicable
  • 4953 Views
  • 4 replies
  • 0 Likes

ike policy

What part of the configuration on the PA matching what is called the ike policy on the Cisco?

infotech by L4 Transporter
  • 10097 Views
  • 22 replies
  • 0 Likes

Custom Vulnerability Object to detect Failed WordPress Logins

I'm trying to stem the flood of wordpress brute force attacks coming into our network (we host a lot of WP sites). Detecting WP logins is relatively easy, by setting up a signature that looks for the regex wp\-login\.php in the http-req-uri-path context with the http-method = POST qualifier. I can now see all of the wp-login requests coming into...

Resolved! security-policy-match from the API

I'm trying to write a tool that will test security policy from a web portal. I cannot seem to get the command working properly, though. The URL I'm using on the firewall is this:https://host.local/api/?key=keyhere&type=op&cmd=<test><security-policy-match><source>192.168.2.1</source><destination>192.168.3.1&l...

txadmin by L0 Member
  • 4158 Views
  • 3 replies
  • 0 Likes

Resolved! Error when trying to restart management-server

My PA 2020 box has been a bit slow of late, and it also has failed on 2 commits so I thought I would drop onto CLI and do a debug software restart management-serveras this would usually pick things up when I have had the problem in the past.But when I do this command I get the following Process 'mgmtsrvr' executing RESTARTJul 31 12:06:35 Error: ...

JRussell by L3 Networker
  • 11849 Views
  • 4 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks