This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4229 Views
  • 0 replies
  • 0 Likes

Resolved! PA-220 to PA-440 Migration Recommended Process

I need to migrate 2 stand alone PA-220s to PA-440s. The current PA-220s are running PAN-OS 10.2.4-h2. I would like to know the recommended process for doing this. Can I backup the configuration and system state and restore it on the PA-440? Do I use Expedition to migrate the current config to the new firewall? Thank you in advance

Import TXT or CSV to an Address Group?

I have a TXT file (I could also save it as a .CSV) of about 2000 known bad IP addresses I want to block traffic to/from. Is there a way to import this list into an Address Group? I see an option to download a dynamic list but I would then have to host the file somewhere externally and have the palo download it. Is there an easier way to do this?

j_della9 by L0 Member
  • 10841 Views
  • 4 replies
  • 1 Likes

NAT mapping public to private IP

Hello all, I have been updating our NAT policies within our PA-3220 to specify traffic translation mapping from our public addresses to private addresses. After committing the changes the traffic has only been routing to the catch all NAT rule at the bottom of our NAT policies. I am concerned that I did not configure everything correctly after...

IKEv2 IPv6 tunnel with dynamic endpoint from one IP

With IPv4 it is possible to build multiple IPSec tunnels from one interface IP with dynamic/unknown destinations and separate them based on the IKE peer IDs. That configuration is accepted by the firewall.As for IPv6, as soon as one source interface is used for multiple IPSec tunnel with dynamic peers, the following error is shown during commit:...

nikoo by L3 Networker
  • 2894 Views
  • 2 replies
  • 0 Likes

Release dates for PAN-OS

Hello all, Can anyone provide me the release dates for the following in regards to PAN-OS:10.0.410.0.510.0.610.0.710.0.810.0.910.0.1010.0.1110.0.12 Thank you

jsmoove by L0 Member
  • 1172 Views
  • 2 replies
  • 0 Likes

Reverse proxy for Exchange ActiveSync

We have a Palto Alto cluster and I want to use them as reverse proxy for our Exchange inbound trafic. We activated decryption for this trafic and we want to allow only ActiveSync trafic / application. It did not work with only allow ActiveSync application, we also had to create another rule to allow web-browsing to URL */microsoft-server-activ...

karsayor by L0 Member
  • 2366 Views
  • 2 replies
  • 0 Likes

Resolved! Monitor Logs - filtering with wildcard?

Are wildcards supported now when trying to filter logs in Monitor? I saw a post from 2015 asking about it and at the time the answer was "Wildcards are not supported in the traffic log filters." Was hoping that 9 years is enough time to implement that 🙂 https://live.paloaltonetworks.com/t5/general-topics/filtering-monitor-logs-wildcards/td-...

dlcrewse by L1 Bithead
  • 3166 Views
  • 2 replies
  • 0 Likes

Allow traffic mikrotik site to site.

Hi everyone. I just installed a firewall at an office. Office A is connected to office B via two site-to-site mikrotiks.Inside office A there is a server that records the presence of office B employees.After introducing the PA440 it stopped working..Currently the firewall is configured like this:Previously the router in office A was connected di...

AlessioS by L0 Member
  • 1065 Views
  • 1 replies
  • 0 Likes

Resolved! change default static route

Hi. ethernet 1/1 > DHCP ethernet 1/2 > Static i want to dst. 172.16.1.x next hop ethernet 1/1 ///// dst. 172.16..2.x next top ethernet 1/2 for change. not use pbf rule.

qmso475_0-1712801906455.png
qmso475 by L3 Networker
  • 1872 Views
  • 2 replies
  • 0 Likes

Query related to import export config

Hi Team, We are doing a migration of the firewall from the local VM firewall to another new firewall which managed by Panaroma. We have the below question for the import and export configuration. 1) Can we export a few configurations together, like only the security rule, NAT, and IPsec configurations, and import them to other firewalls? ...

Issue Reported in PANOS 10.2.7

the client has been dragging a problem since version 10.2.4 and still sees 10.2.7. Currently the client is on one of the affected versions, PANOS 10.2.7.This prevents users from being able to disconnect from Globalprotect via passcode or password, the client requires this functionality to be able to operate its remote users. by any chance that...

F.Pinar by L3 Networker
  • 3134 Views
  • 5 replies
  • 0 Likes

Alarm failed to start grpc connection with address urlcat.hawkeye.services-edge.paloaltonetworks.com:443

Hi, We are receiving this alarm: severity: high opaque: Failed to establish GRPC connection to UrlCat service: failed to start grpc connection with address urlcat.hawkeye.services-edge.paloaltonetworks.com:443, err context deadline exceeded We tried to disable the app id cloud engine following the next procedure but the alert is still show...

BigPalo by L4 Transporter
  • 5391 Views
  • 2 replies
  • 1 Likes

Application recognition "ms-teams-audio-video"

Hello, I run into behavior that I can't explain.We make teams available on the virtual desktops (web-based & desktop app)We only want to block the use of audio and video within the functionality of both teams options. Users are not allowed to use this (due to performance reasons) In our situation we have configured ssl/tls decryption.One...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks