This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

User-ID Agent

hello.... Can a User-ID Agent connect to more than one firewall?if so, how do you set up the other ones?

Resolved! Active/Active & IPSec Trouble

After implementing HA Active/Active, we left S2S VPN tunnels alone. Ultimately no changes to IKE Gateways. The S2S terminate to a /30 address that is statically routed from the ISP to ethernet1/12 on the active-primary. Tunnel interfaces and their routes are identical on both primary and secondary, IKE Gateways are NOT synced as this is just ...

dshue by L2 Linker
  • 7973 Views
  • 4 replies
  • 0 Likes

Resolved! Port Channel to Cisco Switch

Hi,I have Palo Alto 3020/5020 firewalls and I would like to configure a port channel (ether channel) between these devices and a Cisco switch.I have configured an aggregate link on the Palo and added the interfaces. I have created the Port Channel on my Cisco but I am not seeing the AE interface coming up.Has anyone got a guide on how this can b...

sjy2013 by L0 Member
  • 27572 Views
  • 5 replies
  • 0 Likes

enforce safe search

I created a rule for URL and tick the enforce safe search. When it enabled, if I want to do the google search, I have to log in my account and pick lock safe search. Otherwise, it will block me. I think it is hard to use in my case, which is a school and have lots of students around 5-6 years. it is too hard for them to do register a google ac...

Bin by L1 Bithead
  • 1895 Views
  • 1 replies
  • 0 Likes

enforce safe search

I created a rule for URL and tick the enforce safe search. When it enabled, if I want to do the google search, I have to log in my account and pick lock safe search. Otherwise, it will block me. I think it is hard to use in my case, which is a school and have lots of students around 5-6 years. it is too hard for them to do register a google ac...

Bin by L1 Bithead
  • 2178 Views
  • 1 replies
  • 0 Likes

Test PA-200 parrallel to current firewall

I received a PA-200 device for review and testing. I like to set it up besides my current firewall and see what it can filter.Via SPAN Monitor on a Cisco switch I copy all traffic on the UNTRUST side to the PA-200. Now I get a lot of tcp-reject-non-syn drops.What is the correct way to configure the PA-200 to listen to all traffic on the UNTRUST ...

MdeLoos by L0 Member
  • 3908 Views
  • 3 replies
  • 0 Likes

Ampersand in API request

Hi, colleagues!I have a "Custom URL Category" and I try to add new URL from API request but if URL have ampersand(&) I have a error: <response status="error" code="18"><msg><line>Malformed Request</line></msg></response>PanOS: 5.0.8Original URL: example.com/proxy/index.php?hl=1111101001&q=789My API req...

faust by L1 Bithead
  • 5780 Views
  • 6 replies
  • 0 Likes

Can I see the user-id syslog agent's log?

I am using agentless syslog integration for user ID and it's working but for every login event I am seeing twice as many log messages received as auth success log messages and I want to know why. Is there a way to look at the logs received by the PA?>show user server-monitor state exi UDP Syslog Listener Service is enabled SSL ...

djr by L4 Transporter
  • 2497 Views
  • 2 replies
  • 0 Likes

About HA1 connection down in system critical log.

Hi. allI have a question about high availability with A-P mode.We found out critical system log in active device for HA1 connection down but not occurred split-brain. (system log : type ha / severity critical / event connect-change / description HA Group 1: HA1 Connection down.)Just HA 1 link is to go down and up within a few second.Configured H...

URL Blocking

How can I add some sites to the list of blocked URLs that PA downloads into my PA-500? I know I can block them manually in my PA, but I feel that the PA tech support staff should know about these sites. I will give you and example that my students found: Shyla Stylez - Official WebSite - FREE Pictures and Trailer Videos is NOT blocked by the...

Resolved! Active/Active Floating IP/Traffic Forwarding Problem

Hello All,I have a support case open with PAN but I thought I would query others smarter than I.2 x PAN-2020Recently enabled HA Active/ActiveBGP on External/Currently ONLY Static Inside to Active-Primary device (0.0.0.0/0 -> Active Primary)Session Owner = First Packet (only going to be Active-Primary right now do you static route)Session Setu...

dshue by L2 Linker
  • 5457 Views
  • 1 replies
  • 0 Likes

Internet logs, backup and review

Pardon if this is a repost but I am new and could not find anything similar.Right now our 3020 unit seems to only be getting 4 or 5 days worth of log information before it fills up. We would like to have access for the last 30 days if possible. Is there a way to backup the monitor logs and then be able to search them later if called upon? Oh,...

Whitelist rule - confusion on URL filtering...

We have a whitelist rule that allows out http/https as a service and "any" as the application.All the URL categories in the profile applied to that rule are set to "Block" and there are some URLs in the whitelist.The destination address is set to "any".Today we noticed someone hit that rule using SSH on port 443 and it was allowed out.I'm guessi...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks