This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Panorama: migrating between a failed and replacement device

Hi all,I am running Panorama with two PA-5020s which belong to one device group. The policy for this group applies to both or either firewalls, depending on zones (basically, this is a non-HA pair on two Internet links). One of the 5020s has gone into castors-up mode and is being RMA'd; a replacement is due tomorrow.As Panorama seems to refer to...

notes01 by L2 Linker
  • 4103 Views
  • 3 replies
  • 0 Likes

How Long to Update Firewall from Panorama

I changed a zone in a policy from Panorama but the change doesn't show when in the context for the particular device. Did I miss something? How long for that change to show up?

Weese by Not applicable
  • 4450 Views
  • 4 replies
  • 0 Likes

partial commits causing allowed RTP flows to change to discarding?

We are seeing a strange issue with our 4020s (running 4.1.8h2 right now) where, as far as we can tell, partial commits are at times causing some kind of HA event that, at times, causes some already-established RTP streams that are allowed by the policy to change from allowed to a discarding state. This causes our Polycom videoconference systems ...

How to skip CaptivePortal for one device?

HelloAs you can see on this forum I have some configurations problems with CP.In the zone where I have CP enabled I have Minolta BizHub c220 device (with static IP 192.168.3.251). This device has scan to email features. After I enabled CP for this zone of course noone email go to user.I checked almost every thread on this forum, but I didn't get...

_slv_ by L4 Transporter
  • 4747 Views
  • 6 replies
  • 0 Likes

Resolved! Captive Portal

has anyone got configuration for captive portal on and incoming untrusted public ip nat to private internal address.i need to authenticate incoming connections before they reach the internal server address.under captive portal I have the source as the public nat address and the destination as the internal server address and it does seem to work...

djrodb by L3 Networker
  • 14128 Views
  • 10 replies
  • 0 Likes

Resolved! problem with groups in user-id mapping

hi,i have a problem with using groups (from windows active directory) in security rules.on our windows active directory i have created a new group fw_finance. we use the PAN user-id agent to get the mapping from ip to user. i mapped this group on our PA-500 (user identification - group mapping settings). than i created a new security rule, that ...

assona by L0 Member
  • 12031 Views
  • 6 replies
  • 1 Likes

DNS Proxy

Can i use the DNS proxy feature for all external queries for our public sites?external user queries for www.mydomain.com - instead of our DNS servers replying, could we have the PA do it instead?So we can list out all our public domains and only those will respond?

rskler by Not applicable
  • 2384 Views
  • 2 replies
  • 0 Likes

Active/Passive - Failed to check Antivirus content upgrade info due to generic communication error

I am getting a daily notification that states that Failed to check Antivirus content upgrade info due to generic communication error . I have a HA Active/Passive set up on my network. The Active is connecting to updates.paloaltonetworks.com fine and is getting the most recent verison, and there is a Green Dot that connection is okay from the Ma...

Tunnel between PaloAlto and PaloAlto

Hello,i'm trying to get this constellation running:Two PA 200 behind a DSL-Home-Router and a firewall with a fixed public IP at the passive site.This image is just an example how it looks like....First i want to get the active site ("PA-Active"; PA 200; Version 5.0.6) running...I configured the IKE Gateway, Tunnel interface and also the IPSec Tu...

Hithead by L4 Transporter
  • 8587 Views
  • 16 replies
  • 0 Likes

Site to Site VPN from PA 200 to Juniper 5GT

Hi all,Anyone have a guide on how to set site to site vpn between PA200 and Juniper 5GT?. I tried a luck but now enable to establish a connection. In Juniper the tunnel i created the status is ready.A little help please.thanks,Jun

JunNOC by Not applicable
  • 3321 Views
  • 3 replies
  • 0 Likes

Scheduled Log Export : Path

Hello Guys,Just a quick question, I tried to dig in the forums but i can't find the right answer. the guide isn't helping too.I would just like to know the configuration in adding the Path in the Schedule Log Export.What I understand in the Path is I will just have to add the path on where the file will be saved. (am i right?)so for example the ...

DHCP server and descriptions for reserved addresses

HelloI'm using dhcp server on PAN for few small LAN. I'd would like to have ability to put label for reserved addresses. I beleave that it's usable for most of us but impossible in 5.0.5 PAN.Did someone asked for such FR?With regardsSlawek

_slv_ by L4 Transporter
  • 6879 Views
  • 6 replies
  • 0 Likes

Resolved! Can you set policy based forwarding in a virtual wire deployment?

I have our PA firewall set in virtual wire deployment. Can i set PBF's so I can do things like route things like audio-streaming to a cable modem that we have attached to the firewall? I've tried and when trying to set the zone/interface it doesn't list the vwire interfaces as options.

Netwerx by L2 Linker
  • 4851 Views
  • 4 replies
  • 0 Likes

Resolved! Unable to ping the ip address assigned to untrust interface.

Anyone can help on this issue? I just set up a new PA 200 device. My problem is i am not able to reach the ip address from outside which i assigned to my Untrust interface. Outbound traffic is ok. I have full access to the internet from internal LAN.

JunNOC by Not applicable
  • 3642 Views
  • 3 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks