This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.

General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 489 Views
  • 0 replies
  • 2 Likes

SSL-Out Out Timer

Hi - does somewone know the command to show the current countdown timers for users who have accepted SSL interception?

I know there is one as I've run it in the past, but can't for the life of me find it.

Thanks

apackard by L4 Transporter
  • 1748 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama & HA Pair questions

I'm just getting started with  Pair of 5000's in Active/Passive and plan to manage them via Panorama. Should I be pushing policy to the 'primary' PA firewall or create a device group and push the policy to both?

Second question: We plan on bringing u

...

Jinx by L1 Bithead
  • 2436 Views
  • 2 replies
  • 0 Likes

DNS Proxy question

Hi All,

I'm working to configure the PAN (4.1.2) DNS proxy, hopefully to replace the legacy slave dns server.

But the adminsitrative guide is good enough to understand to configure it.

I'm having hard time getting it to work as desire.

Would I able to fo

...

ateo by Not applicable
  • 2860 Views
  • 2 replies
  • 0 Likes

Resolved! Timer to refresh FQDN object entries

Hi,

In the "PAN-OS Command Line Interface Reference Guide Release 4.0", we found the following options which specify the refresh times for "FQDN object entries".

+ fqdn-forcerefresh-time — Seconds for Periodic Timer to force refresh FQDN object entrie

...

Hub by L0 Member
  • 5235 Views
  • 4 replies
  • 0 Likes

PA 5000 Series QoS performance.

Hi there.

I have a question regarding of QoS performance of PA 5000 Series.

As my know, PA-4000 Series performance is up to 2G when using QoS.

how is the performance about PA5000 series??

does it has  same performance with PA 4000 series??

is it also

...

willstech by L3 Networker
  • 2436 Views
  • 1 replies
  • 0 Likes

Resolved! VPN Authetication with client certificate

Hi, if I configure VPN authentication with client certificate, it will be necesary to enter password?.

I don't know if with client certificate you don't need user and password as I've seen in other scenarios. Reading documentation from Palo Alto seems

...

ssancho by L2 Linker
  • 2464 Views
  • 2 replies
  • 0 Likes

Panorama in HA

Hi there!

I would like to know if someone is using the Management Panorama in HA (Primary and Secondary). I was looking for information about, but i could not find anything.

Thanks in advance!

Angel.

Resolved! User-ID Agent XML config and debug

Have successfully installed the UserAgent 4.1.2-2 and it is merrily discovering user authentication events.  It is VERY keen to tell me all of this in the UaDebug.log file.


How do you reduce the verbosity - there's a "file" somewhere but it's not givi

...

PA 2020 Active/Passive HA

I am configuring Active/Passive PA 2020 firewall for clustering . I have configured all the parameters for HA including the links(HA1 and HA2). Also the firewall are connected and both the HA interfaces are showing up. I am making One PA Firewall as

...

itsecll by L1 Bithead
  • 3974 Views
  • 6 replies
  • 0 Likes

address-group limitation

Hi @all,

we’re using a PA-5020 active-passive Firewall-Cluster.

We recently noticed that the address-groups are limited to 500 items per group. As we have a list of nearly 1500 items (ip-address and network-addresses) to manage, I want to ask whether

...

Wirecard by Not applicable
  • 2259 Views
  • 2 replies
  • 0 Likes

No username in source-user column of PA-500

Hi All

I have upgraded to  PANOS 4.1.2 and user-id-agent 4.1.2-2 in my lab, however when i complete config, and can not select any domain\username in the source user column, but i can sure the connection is ok by command >show user user-id-agent stati

...

Third party RADIUS + OTP + Captive Portal

Hi all,

We are implementing a Nordic-Edge Server that provides radius and otp services. Once you have enter the user/password credentials in VPN-SSL portal , you get another screen which prompts you for the OTP that is sent by SMS.

The auth is OK , but

...

Resolved! User-ID agent 4.1.0 service logon account permissions.

User-ID agent 3.1.0 ran quite happily on our Domain Controller under a regular domain user account (no group membership apart from the default Domain Users, and I guess "Ran as service" was granted automatically during the installation).

The new versi

...

ST1985 by L1 Bithead
  • 8542 Views
  • 7 replies
  • 0 Likes

Anyone tried REVERSE PROXY on PAN

Hi,

I was just wondering if anyone was successful in implementing Reverse Proxy solution on the PAN.  As far as i know, Palo Alto does not do Reverse Proxy, but was even told that there was work around for it.  Anyone who has been successful in acheiv

...

  • 23715 Posts
  • 110 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks