This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4246 Views
  • 0 replies
  • 0 Likes

Dynamic Roles vs. Role-based Panorama

Hi everyoneSo I was just wondering if anyone else has noticed a discrepancy between role-based and dynamic roles on their Panorama. I notice that "botnet" and "session browser" are not drop downs for my role-based admin role. That is fine since https://live.paloaltonetworks.com/docs/DOC-4172 goes to show they should not be there. However, when I...

jprice2 by Not applicable
  • 2553 Views
  • 1 replies
  • 0 Likes

Cisco to PA Access List Migration

Hello,I am in process of prepping a Palo Alto 5050 to replace a Cisco FWSM. I am doing most of the configuation on the PA by hand, but I was wondering if anyone knows how to best go about importing over 5000 Cisco access list lines into the Palo Alto, short of entering each one by hand? I understand that once they are in there there will need to...

mwhitlow by L0 Member
  • 4428 Views
  • 7 replies
  • 0 Likes

A lot of traffic on port 443 (https) to ip 65.52.98.231

Hello,I have a lot connections from my firewall to public IP addresses 65.52.98.231 port 443.Our SIEM correlated events and generating the following offense: Event Name: Excessive Firewall Accepts From Multiple Sources to a Single Destination Low Level Category: Firewall Permit Event Description: Excessive Firewall Accepts were...

SOC_CSG by L4 Transporter
  • 6549 Views
  • 3 replies
  • 1 Likes

Resolved! DCHP GLOBALPROTCTECT

Hi there. I wonder if it is possible to match an IP address with a MAC Address, this can be done in the normal DHCP in a public interface, but not if one GlobalProtect in DHCP can be made.

Axca by L0 Member
  • 4015 Views
  • 3 replies
  • 0 Likes

Resolved! SSL Offloading 'Forward Trust' grayed out

Hi,I have created a certificate from my local CA and also have imported the CSR from PA to the local CA, created the identity certificate, all is well, but it seems I am not able to "Check Box" the "Forward Trust Certificate" on the PA.This it seems is a necessary step while configuring SSL offloading.Any clues on what needs to be done ....Plea...

rz185016 by Not applicable
  • 7347 Views
  • 5 replies
  • 0 Likes

Resolved! Administrator Authentication with ldap

Trying to create role based user account for monitoring the firewall. I tried to use ldap authentication. However it seems there is some issue with using ldapI am facing this error after trying to authentication with correct credentials and below are the logsAlthough it shows authenticated, but still the invalid username and / or password on the...

Westcon2 by L3 Networker
  • 9042 Views
  • 15 replies
  • 0 Likes

unable to create final .xml file using -Migration tool

Trying to migrate the configuration of fortinet and juniper, after loading configuration and when going to create final .xml file there were some errors. like mask and service port. After changing all object with correct port number and subnet masks still unable to create final .xml file and also not showing the nat policies in migration tool.

Resolved! About custom report with no matched data

Hi guys,My customer configured the Custom Report with enabled schedule so PAN automatically generated Custom Report and sending a Report to Customer Email address. It's a good work for us.Customer don't want the report that no data contained caused no matched data but PAN has sent a report that not to contained any matched data to customer email...

Resolved! Is there a way to limit the number of logged in administrators?

This came up as a question during a class and to my knowledge there is not a way to limit the number of logged in administrators, however the student asking presented a reasonable case; In a service provider or large enterprise environment during a network event multiple administrators log into the firewall and begin looking at filtered logs. ...

gelgin by L2 Linker
  • 3950 Views
  • 3 replies
  • 0 Likes

Resolved! Tips on configuring a secondary internet connection using Verizon Cradlepoint 4G router (ARC750B)

We are a small shop and have a single PA-200 with one internet connection. We would like to add a backup internet connection using a Cradlepoint 4G router. What is the best way to configure this and how do we control the fail over or manually changing to the 4G connection if the primary is down? The Cradlepoint seems to have built-in failover ca...

Resolved! Configuration of Palo Alto's in a NIST SP 800-70 Environment (mostly IPv6 blocking related)

Recently as part of our PA-3200 deployment been going through the joys of implementing NIST SP 800-70 configuration controls which in this case means the DoD STIG's (specifically Firewall and IDS STIG, v8 r17) and running into a problem which I noticed during my demo but didn't think much about it until now is a distinct lack of vulnerability ru...

PeterT by L2 Linker
  • 9614 Views
  • 9 replies
  • 0 Likes

Active tunnel

I have created site to site vpn tunnels from a palo alto 3020 to ASA 5505 firewalls. The show green and active through the CLI and the web console. But when I try to ping a server on the other side of the tunnel I get no reply, is the tunnel up? Is it really passing traffic?

infotech by L4 Transporter
  • 12902 Views
  • 28 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks