This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Destination NAT to address not in same subnet

Hello,I had a quick question about destination NATing to an address not in the same subnet as an interface on the Palo Alto. For example, let's say I have a site-to-site VPN and I am using destination NAT on one side of the tunnel. When traffic comes from one side of the tunnel to the other, destination NAT is performed. One side uses 10.124.4.5...

Accessing web systems using main office's IP trough IPSec tunnel

Hello.We have a few IPsec S-2-S tunnels with different devices on other side and all works nice, but in one of them is required, that users on other side can use internet resources (to get this sides WAN IP address and access few web systems that with restricted usage by IP's) trough main office. What would be the correct or at least theoretical...

JanisM by L2 Linker
  • 4966 Views
  • 6 replies
  • 0 Likes

Resolved! Forefront UAG Direct Access

I was wondering if anyone has deployed Microsoft Direct Access or Forefront UAG behind a Palo Alto firewall, and could share their experiences. Direct Access requires 2 consecutive public IPv4 addresses (no NAT), and we are trying to figure out the best way to route this through a PA-2020 that currently has layer 3 interfaces configured, with a...

Problem with IPSec tunnel monitor

Hello,We have an issue with one IPSec site-to-site tunnel. The PAN usually doesn't recognize when a tunnel is down. We can correct this by setting up monitors on all tunnels with a "wait-recover" action after 3 subsequent failures. This works for all tunnels except one:<please see tunnel config in attachments - for an unknown reason I cannot ...

oschuler by L4 Transporter
  • 4992 Views
  • 2 replies
  • 0 Likes

Resolved! Viewing all URLs visited by a user

Hi thereI'm trying to track down an incident here and I'd like to get a report on a particular user for all URL activity. I've set up a custom report using the URL Log, with a time frame of the last 12 hours and added the username in via the query builder but all I get is 5 URLs which I know isn't right. I've also done a user activity report but...

Panorama commit devices with different results

Hi,We have a device group in Panorama with 4 devices members. When we've committed changes sometimes devices had the result "Commit succeeded with warnings", because we have some dependence warnings, but one of them has the result Commit Succeeded". If we realize other commit the result changes, but sometimes one of them is succeeded and the oth...

Captive Portal authentication as a replacement for Checkpoint Client Auth

Hello,We're in the process of replacing a number of checkpoint firewalls with Palo Altos and we're looking at ways in which we can replace the current Client-Auth setup on Checkpoint where you telnet to the firewall directly, authenticate, and it then allows you access to the applications you require.Obviously the solution is the captive portal ...

session browser source=0.0.0.0?

seeing a lot of sessions in the session-browser with a source ip of 0.0.0.0 (in the internal "trust" zone) - these tend to be UDP protocols, RTP, bittorrent, skype etc and the session browser shows them not matching any rule or having any bytes. Are these sessions in the process of being setup?

Test commnad on the nat policies

Hello,I did an upgrade from a 500 model to a 3020 model. All the configurations work just fine. The problem that I see is that I cannot test the nat-policy rules. I have the following configuration:..snat-all-LANs { from inside; source [ 172.30.0.0/15 192.168.0.0/16 ]; to outside; to-interface ; destination an...

Original MAC Address of each interface on device

I have two Palo Alto devices and running HA.When i run command on Active and passive device: > show interface hardware It only show the same MAC Address value of all interface.I want to know original (physical) MAC Address of each interface on each devicePlease help methanks so much

What does not get uploaded in Config that needs changed via CLI?

We have a PA-500 that has a bad hard drive in it. We copied the config from the bad device and transferred it to the new RMA device they have sent us. on the GUI all the settings have transferred over just fine and nothing looks different. But when the device is in place we have network issues and it is looking like packets are being dropped (so...

Resolved! NAT based on URL or FQDN

Hi, I want to make a NAT based on a URL or FQDN.I only have one public IP but several URL that I want to NAT to different inside servers.I have this working on a ISA and want to do the same in the PA.I have a PA 500 with 5.0.8.

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks