This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Traffic from one zone to another

Hello. We have two virtual wires called 'eduroam' and 'live'. There are two zones linked to eduroam, namely 'eduroam_tr' and 'eduroam_untr'. There are also two zones linked to 'live', called 'live_tr' and 'live_untr'. We would like to allow communication of machines residing in 'live_tr' zone between a machine residing in 'eduroam_tr' zone. Do I...

shilpaal by L1 Bithead
  • 2809 Views
  • 3 replies
  • 0 Likes

There are drop counters when performance test

Hello,I am doing performance test with Breaking Point about throughput , CPS.While testing, I have found drop counters as below.session_dup_pkt_drop 701 3 drop session resource Duplicate packet: Applies only for multi-DP plat form with hardware (Tiger) broadcasting pkt to all DPsWhat does this mean???KC Lee

Moving/importing logs after HD failure

Hi.Recently, owing to an unplanned abrupt shutdown of my active firewall, I ended up with a hard drive corruption which prevented it from booting up (thank $deity for HA pairs).Quite apart from PA's *ridiculously* bad response time to replace the hard drive (which is being/will be discussed with my support partner, trust me), I need to know if a...

darren_g by L4 Transporter
  • 5468 Views
  • 10 replies
  • 1 Likes

Layer 2 vs. Layer 3 Deployment

Hi!At the moment, I hover between a Layer 2 and Layer 3 Deployment of my PA.My setup is: | | | | Internet <-> IPSEC-router <-> DMZ <-> internal firewall | | | | My IPSec-router-cluster and ...

Dynamic Roles vs. Role-based Panorama

Hi everyoneSo I was just wondering if anyone else has noticed a discrepancy between role-based and dynamic roles on their Panorama. I notice that "botnet" and "session browser" are not drop downs for my role-based admin role. That is fine since https://live.paloaltonetworks.com/docs/DOC-4172 goes to show they should not be there. However, when I...

jprice2 by Not applicable
  • 2533 Views
  • 1 replies
  • 0 Likes

Cisco to PA Access List Migration

Hello,I am in process of prepping a Palo Alto 5050 to replace a Cisco FWSM. I am doing most of the configuation on the PA by hand, but I was wondering if anyone knows how to best go about importing over 5000 Cisco access list lines into the Palo Alto, short of entering each one by hand? I understand that once they are in there there will need to...

mwhitlow by L0 Member
  • 4361 Views
  • 7 replies
  • 0 Likes

A lot of traffic on port 443 (https) to ip 65.52.98.231

Hello,I have a lot connections from my firewall to public IP addresses 65.52.98.231 port 443.Our SIEM correlated events and generating the following offense: Event Name: Excessive Firewall Accepts From Multiple Sources to a Single Destination Low Level Category: Firewall Permit Event Description: Excessive Firewall Accepts were...

SOC_CSG by L4 Transporter
  • 6508 Views
  • 3 replies
  • 1 Likes

Resolved! DCHP GLOBALPROTCTECT

Hi there. I wonder if it is possible to match an IP address with a MAC Address, this can be done in the normal DHCP in a public interface, but not if one GlobalProtect in DHCP can be made.

Axca by L0 Member
  • 3964 Views
  • 3 replies
  • 0 Likes

Resolved! SSL Offloading 'Forward Trust' grayed out

Hi,I have created a certificate from my local CA and also have imported the CSR from PA to the local CA, created the identity certificate, all is well, but it seems I am not able to "Check Box" the "Forward Trust Certificate" on the PA.This it seems is a necessary step while configuring SSL offloading.Any clues on what needs to be done ....Plea...

rz185016 by Not applicable
  • 7284 Views
  • 5 replies
  • 0 Likes

Resolved! Administrator Authentication with ldap

Trying to create role based user account for monitoring the firewall. I tried to use ldap authentication. However it seems there is some issue with using ldapI am facing this error after trying to authentication with correct credentials and below are the logsAlthough it shows authenticated, but still the invalid username and / or password on the...

Westcon2 by L3 Networker
  • 8848 Views
  • 15 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks