This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

Cisco IPSEC VPN client connecting to PAN 4.1

Hi folks,there were no way to establish a ipsec connection between a Cisco VPN client and PAN. I was "inspired" by the globalprotect guide but wasn't enought.At the cisco vpn client side, I had configured just the ip address, the group and pwd, and nat-t. At the PAN side, I had configured the globalprotect portal, the gateway(using the third-par...

robclav by Not applicable
  • 7733 Views
  • 7 replies
  • 0 Likes

Static route on Management Interface

Hi all,how can I define an additional static route on the Management Interface?I have a setup with a customer were the communication from the management interface to two specific IP addresses has to be routed over another next-hop which is not the default gateway of the management interface. Therefore I need to define a static route on the manag...

Resolved! TAP Mode and IPv6

Hello Everyone,Is it possible to monitor mirrored IPv6 traffic in TAP mode? I have a PA-500 and it has been enabled for IPv6 firewalling. Apart from checking this option, is there anything else that has to be done to monitor IPv6 traffic? If it is possible, will I being seeing the IPv6 traffic under Source and Destination columns?Many Thanks,...

Resolved! External CA Management Certificate

HelloIs it possible to use an external certificate from our corporate CA for the SSL Management Interface of the firewall?I have already Imported it, and the corporate root certificate, but I don't know how to change the management interface configuration, which is using a certificate issued by the own Palo Alto Firewall (version 4.1.10)Thank yo...

Resolved! Combining policies from different virtual systems

So we are migrating from ASAs to PA 5050's. We are trying to do it with as little interruption as possible so what we did is put the PAs inline behind the ASAs using vwire. Our thought is to build our 4 environments as separate virtual systems in order to get our rulebase built and verified then once it's verified we can migrate the 4 virtual ...

Brinkman by Not applicable
  • 2478 Views
  • 1 replies
  • 1 Likes

Resolved! Firewall Configuration Essentials 101 Exam Retake Help

The end of last year I took the Firewall Configuration Essentials 101 v.4.1 exam. I didn't pass so I've spent some time studying and playing with Palo Altos. I returned to retake the exam and it doesn't show up under pending evaluations and I request to take it again and it says I already requested it. My understanding is that we are given three...

Resolved! Blocking lists of IPs

I'd like to block a list of IP addresses based on the ZeuS IP Blocklist. What is the best/preferred method for doing this on the Palo Alto? Thanks

sconley by Not applicable
  • 8508 Views
  • 5 replies
  • 1 Likes

ACC shows Threat Hit with Severity as Medium while ThreatLogs shows Severity as Informational

Hi All,currently we have a Test-device from PaloAlto for evaluation (PA-5020, PANOS 5.0.2, AV-Sig 946-1309, App&Threats-Version 357-1692, URL-Filter 4044).Today I took a look at Threat Prevention Summary in ACC and saw a few Hits "Trojan-Ransom.foreign:madeleine.adclear.net" ID=4091550 with Severity "Medium".Then I was searching in ThreatLog...

Resolved! about control softether

Hi All,We would like to control softether with PA5020 which runs PanOS 4.1.10, but we can not find keyword "softether" in the applications.Anyone knows how to control softether in the PA fw?Thanks.Regards,Joy

Resolved! Manually trigger a logevent for a threat or a rule?

There is a test-command one can use in the CLI to identify which security policy a specific packet will hit.But is there also a command to issue a log-event?For example when you are about to manually configure triggers in your logserver to react on - otherwise im forced to send real traffic through the box and it will take some more time to acco...

mikand by L6 Presenter
  • 2662 Views
  • 2 replies
  • 0 Likes

Resolved! Need help with BGP in Active/Active HA

We have a pair of 5520's in Active/Active mode at a colocation facility. The colocation facility is handing off to us 2 separate LC fiber connections, each has it's own public /30 address but utilize the same AS number for our BGP. We have a /24 from the collocation facility that we can advertise on our PA HA pair. We want to stay Active/Acti...

Commit failure 4.1.10

After my Palo Alto 2050 in HA active/passive is up for about 1 week, I begin to get errors committing policies.Management server failed to send phase 1 abourt to client logrcvrManagement server failed to send phase 1 abourt to client sslvpnManagement server failed to send phase 1 abourt to client websrvrcommit failedThis gets worse as uptime inc...

EdwinD by L3 Networker
  • 6711 Views
  • 8 replies
  • 0 Likes

Resolved! The hunt is on - 0day for java 1.7u10

How many hours/days will it take for:1) Wildfire customers2) Regular customersto get protected by a threat-db update regarding the latest 0day exploit for java 1.7u10 (and possible java 1.6u38) as descibed in:Malware don't need Coffee: 0 day 1.7u10 spotted in the Wild - Disable Java Plugin NOW !http://labs.alienvault.com/labs/index.php/2013/new-...

mikand by L6 Presenter
  • 9117 Views
  • 14 replies
  • 2 Likes

Resolved! Upgrade Palo Alto version

Hi,I have 2 problems:1) I refresh the Software in my Palo Alto and i cant see the new versions 5.x. The last version that i can dowload is 4.1.11. Why i can refresh the new releases????? I attached a screenshot with the error and the succesfull connecting to staticupdates.paloaltonetworks.com2) I want to do an upgrade in this firewall from versi...

Resolved! Problem LDAP

Hi I have a problem with my firewall palo alto. I hope you can help meI had configured an LDAP server (Active Directory) in my Palo Alto. Also I had created two Atuhentication profile. One for VPN access and another for the administration of Palo Alto.But from yesterday that I made ​​a commit to add a new user to access the VPN "Authentication ...

  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks