This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Problem with new internet connection

I've just changed my internet connection to a new one.Now I've reconfigured everything with the new address.The issue is that I can surf the web from inside to outside but the NAT to my internal server is someway blocked.What I can see in logs is:I really don't know how to solve this issue.The routing table is correct, but it seems that somethin...

Resolved! VPN tunnel moving from Palto-ASA to Palto-Palto

I'm running PANOS 4.0.x and have a tunnel with a Cisco ASA peer. I had to create multiple IPSEC tunnels to work around the Proxy ID limitation of 10 per tunnel interface. This Cisco peer will be moving to a Palo Alto box running 5.0.x. If the far end Palto running 5.0.x just matches my Proxy ID's, then I should be good correct? And that 5.0....

iguarino by L0 Member
  • 3528 Views
  • 3 replies
  • 0 Likes

LDAP and GlobalProtect

Hi,I am trying to set up Globalprotect.Would like to restrict the user to a group, but I can not get this to work.In Authentication profile i have the VPN-group in allow list.When I logon with a user in this group the log tell me that i have incorrect username or password.Have also included the group under "group mapping setting".Have tried the ...

klumpen by L1 Bithead
  • 4926 Views
  • 3 replies
  • 0 Likes

Wildfire - URL Truncated

Hi, it seems that the URL in WildFire Report Details is truncated. Would like to know this is as per design or a bug? We would like to download the malware to submit to our AV vendor for signature.

Chang by Not applicable
  • 4973 Views
  • 7 replies
  • 0 Likes

SSL VPN with Global Protect Agent 1.2.0 on different port

Hello there,on a PA-500 we're running our Global Protect portal and gateway on port 8443 according to https://live.paloaltonetworks.com/docs/DOC-3457 .This worked well up to agent version 1.7.0. Since version 1.2.0 the agent ignores to port configuration and always tries to connect to port 443.I've seen numerous log entries on the webserver runn...

Resolved! Threat monitoring ( empty reports )

Hello All, Currently we have a daily Threat monitoring report sent out.If the report is empty (which it often is) it somewhat defeats the object as someone has to open it and read it only to find no issue.Is there a way to run it more on an exception basis i.e. only send an email if a threat has been detected ?I’ve read the security profiles sec...

dsp_DI by Not applicable
  • 2834 Views
  • 1 replies
  • 0 Likes

Limits of VWIRE?

One can find in the datasheets various limits regarding VSYS (where some models wants an additional license) but what about VWIRE?Are there any limits regarding number of VWIREs one can use for each model (I assume the VM-models doesnt support VWIRE at all)?Also, are there any drawbacks of putting various VWIREs into the same zone (or is this ev...

mikand by L6 Presenter
  • 5088 Views
  • 4 replies
  • 0 Likes

BGP config PAN-OS 5

Hello,I was working on a BGP configuration on a PA 500 running PAN-OS 5. It is an internet connection plugged directly into the firewall. (Its an ethernet hand-off). I couldn't find any docs for v5 so I just hacked my way through it. Is there any step by step guide for this? I found one for v4 but it looks a lot different. Also the access rule I...

DougB by L0 Member
  • 2139 Views
  • 1 replies
  • 0 Likes

Resolved! 5050 and 5020 HA Setup

Is it possible to have HA successfully setup between two different platforms? In my case I have a customer with a 5020 and a 5050. I know the documentation states that it must be the same platform, but was curious if anyone has ever tried doing this. Thank you,-Louis

Resolved! Wildfire file exceptions

Hey everyone, sorry if this was posted before and missed it in searching.I am receiving an enormous number of alerts from Wildfire, due to an internal application that our desktop engineering created. Its more or less is just an exe that creates short cuts to our internal HR portal, which Wildfire believes to be malware.What I am looking for is...

jholmes by L1 Bithead
  • 8117 Views
  • 3 replies
  • 0 Likes

Resolved! Firewall Policy Management: Tufin cannot detect PAN interfaces

Hello Everybody,I am running a PoC with Tufin SecureTrack and have some problems with PAN firewalls (PA-500 and PA-2020 running PANOS 4.1.7, PA-5050 running 4.1.12).In a nutshell sounds like Tufin detects only the interfaces that in PAN XML configuration file are listed within the default vsys: <vsys> <entry name="vsys1">... ...

Bucche by L2 Linker
  • 4110 Views
  • 1 replies
  • 1 Likes

Same model for HA to functional properly?

I understand that both firewalls should have the same feature licensing for proper failover, but has anyone implemented HA successfully using two different models? 5050 and 5020 for example? I know in the documentation it states both models must be the same.

Getting device hostname from PANOS DHCP

Hi,I'm currently using the PANOS DHCP server to serve DHCP requests to our guest network, as it's seperated on it's own VLAN. I don't want any traffic from our guest network to reach our domain controllers, which serves as DHCP for our other VLAN's.There is just a couple of features that I feel like I'm missing, and I was wondering if this actua...

arvesynd by L3 Networker
  • 4359 Views
  • 2 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks