This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

Expedition migration: Old paloalto NGFW (Panorama managed) to New one

Hi all, i'm trying to figure what are the correct steps to migrate:Paloalto Cluster 3060 (9.1) Managed by Panorama (10.1) to a new Paloalto cluster 3410 (To be managed by Panorama). This is my starting idea1) Setup the 2 nodes in 1 HA Cluster (Setup only: FW mgt interface, HA, Panorama server ip)2) Import cluster to panorama3) Import Panorama in...

robertocol_0-1708701205451.png

CAPTIVE PORTAL TIME-OUT

SETUP: PALO ALTO connected to ACTIVE DIRECTORY for groupsCAPTIVE PORTAL ACTIVATED idle time-out 500minutestimer: 600minutesCLI> show user ip-user-mapping ip x.x.x.xSCENARIO 1: user log in to PC > mmp1234CLI> show user ip-user-mapping ip 1.2.3.4.Ip address: 1.2.3.4User: mmp1234From: UIAidle-timer:3000s (3k)SCENARIO 2: after logging in to...

Resolved! physical m500s to VM panOS

I'm wanting to migration from physical m500s to VM panOS. Are we able to connect a physical to VM and have HA be sync'd? Otherwise would the recommendation be to setup new VMs has with ha, have the the FWs re-point to the new VM panorama's for management

PA-5020 product HW and SW EOL dose it effecting configuration of new policy after 30/1/2024 can't commit

hello, i've some question about PA-5020 product which is HW and SW (8.0.1) already EOL, is it the cause that i can't configure policy after EOL ? but the running policy still applicable. here is come information about what happen to me everything i tried to commit doesn't appear in the commit window, Need helpthx in advance.

DGSSupport_0-1708915030438.png

Credential Theft Protection and SSL Errors

I am currenlty doing a proof-of-concept test for the Credential Theft Protection feature. SSL decryption is configured and working. I can get the system to re-direct to the Anti Phishing Continue Page. However, that page uses the SSL cert associated with the Management SSL/TLS Service Profile. The browser will show the URL block page as https://...

Resolved! Device Certificate OTP stuck in progress

Hi, so i have a panorama vm on 10.1.10-h2 managing 4 NGFWs on VMs in azure. need to install device certs. in CSP i did the OTP and install for the panorama first and this went to plan. cert installed and happy. then I did the OTP process for the managed devices, i went into 'panorama/managed devices/summary' and select the FWs, then generate OTP...

PA_nts by L4 Transporter
  • 3841 Views
  • 2 replies
  • 0 Likes

Throughput means through show system statics session.

Hello all, I checked the throughput information of CLI > show system statistics session as part of a way to check real-time traffic volume in Paloalto during migration work.There was an inquiry from the customer about exactly what the throughput figure identified through the Paloalto command means.When you send 30 Mbps from a third-party netw...

Resolved! PAN-OS Certificate Expirations Clarification

With all the recent certificate update requests over the past couple months, the documents have become a bit confusing. Previously the below article stated version 10.1.11-h4 was a fix but now the article (updated 2/22/24) says version 10.1.11-h5 is the fix. I recently upgraded our 820 and 3220 firewalls to 10.1.11-h4 and now I'm showing the r...

allowing MS product activation and denying web access

I have a network that I want to allow MS product activation to work but web browsing and other internet activity to be denied.I have two main security policies that apply just to this network although DNS and ntp is also allowed:The first one is an application filter that allows all applications you get when you click on "software-updates". And...

kjh by Not applicable
  • 16846 Views
  • 3 replies
  • 0 Likes

Resolved! QoS Policing on one of interface.

I want to establish a 600Mb egress rate limit on a specific interface. Is this the correct procedure to implement and enforce the policy? Since I'm new to setting up QoS on Palo Alto devices, I would appreciate some guidance. Additionally, I'm curious if applying this QoS change will cause any service downtime. In Cisco systems, applying a servi...

JasonKu_0-1708801333211.png
JasonKu_1-1708801379846.png
Jason.Ku by L1 Bithead
  • 1587 Views
  • 1 replies
  • 0 Likes

Resolved! VPN Global Protect Portal - two VR and one VR environments

VPN Global Protect Portal - two VR and one VR environments Hello, good afternoon. As always, thanks for the help, the support, your time and collaboration always. I tell you I have the following case, which has me very restless, since I always try to understand what and why of what I implement and configure, I do not like to leave things tha...

Metgatz by L4 Transporter
  • 5612 Views
  • 2 replies
  • 0 Likes

Layer 2 subinterfaces w/ Vlan interface for routing.....

Say I want to connect this port to a switch downstream (trunk), with clients hanging off of switch on access ports and use vlan interfaces for routing. Switch is set to trunk allowing relevant vlans, the firewall interface is subinterfaced (layer2) with the respective tag and vlan assigned. This is not working. DHCP does not work at all. Can som...

VK9H13 by L2 Linker
  • 1946 Views
  • 1 replies
  • 1 Likes

Resolved! SSL decryption Certificate expired

Hi Team,We have PA self signed certificate in the firewall being used for SSL Decryption, the certificate is about to expireFrom GUI we can able to renew for another one year but our concernWill it automatically replace the existing certificate in end machineOr do we need to push the new certificate to end machines to take effectOr no action req...

VishnuPS by L3 Networker
  • 6119 Views
  • 3 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks