This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

Skybox unable to add Palo device due to (Host without primary interface) error

Have this error appearing only on Palo's with multiple Vsys. Devices without singular Vsys will import in to Skybox without any issue.Anyone using Skybox and seeing similar or know if there is a particular configuration point on the Vsys we may have missed ? We are in the process of deploying the Palo's in to a live environment so are quite ne...

gawainuk by Not applicable
  • 4010 Views
  • 2 replies
  • 0 Likes

Resolved! Schedules object

Hi,I have a question about the schedules object which is used in security policy.Is there any notification can remind the firewall administrator to cleanup the policy after the schedule object expiration?Thanks,Richard

Cannot get DMZ access to work

I have a PA 500, running 4.0.5 and I have two zones that are 'special' : PCI and DMZ. Both are setup identically but only one works. Here is how it is:Zones: Rest1 (Tunnel.1), DMZ (1/8), External (1/1, 1/7), Internal (1/1, tunnel, Tunnel.2), PCI (1/6) and WiFi (1/4). Both Trust and Untrust show up but only as Virtual-Wire, no zones or VS.VR1: Ha...

u7483 by Not applicable
  • 8012 Views
  • 7 replies
  • 0 Likes

Panorama Out Of Sync

I just installed Panorama to my existing deployment, the firewalls are connected to Panorama, but the shared policy is out of sync. How do I get Panorama to house the current configuration on the firewalls? Currently with no configuration on the Panorama, I assume pushing commit will wipe my firewalls, that is obviously not feasible.Thanks,Craig

PBF Monitor with tunnel Interface

Hi,I want to use PBF with IPSEC tunnel to handle failover.I have 2 tunnels with the same proxy id, so I need to route a network between one tunnel, and if this tunnel is down I need to automatically route to the second tunnel.But how to use monitoring in the PBF rule with a tunnel interface?I think I have to configure a IP on the tunnel interfac...

martin by L0 Member
  • 3131 Views
  • 1 replies
  • 0 Likes

Global Protect Licensing for Differing PA Models in a Network

There are specific, per device type, Global Protect licensing SKUs. If a customer/enterprise has multiple PAN device types on their network, is it necessary that each has it's own specific corresponding SKU type applied to it, or are they in fact interchangable? -Thanks

Chrisoph by Not applicable
  • 2385 Views
  • 2 replies
  • 0 Likes

Block App-id Youtube

Can anyonetell me step-by-step how to block youtube using an app-id? I have never used app-ids before and need a quick lesson. 🙂

dfrench by Not applicable
  • 3002 Views
  • 1 replies
  • 0 Likes

Resolved! don't understand the user identification difference between pan-agent of the and userid-agent.

I use PAN-OS 4.1.3 for test about user identification. I try to use pan-agent by set LDAP server profile and set mapping group already. Then I can use only user groups of AD (user name in group not show) in security policy but can't see user name in "source user" in traffic log. In case I use UserID-agent, I will use user name from AD in secur...

SSH Remote Command Execution for Config Files

Hey Guys,I was curious if there was a way to run a command remotely via SSH to the PAN Device to dump configs.I was thinking of a way to dump the output of "pa2050-1> show config running" to a flat file that I can hopefully do version checking on.However, when trying the following SSH command, it seems to not work and hangs the connection up:...

ikinnexi by Not applicable
  • 5419 Views
  • 1 replies
  • 0 Likes

Sizing PA Devices

I need to know if there is any report/graf in PA that shows the throughput peak, simultaneus session peak, in a custom time period. This would be great for sizing equipment after analizing the traffic of a costumer during some days. It will be very usefull to know how are you using your equipment and the grow prosibilities you have.I have been l...

DHCP Routing on PALO ALTO 2020

Hello,I'm about to try to route dhcp traffic dhcp over my palo alto, but it does not work. Is there an equivalent of "helper-address" known on some routers. My client and my dhcp server are not on the same network, my palo is on the midle betwen my dhcp client and the server. thank you

Resolved! Upgrading Panorama and firewalls from 3.1.8 to 4.1.3

Looking to upgrade our Panorama and mix of 500, 2000 and 4000 HA units from 3.1.8 to 4.1.3.We understand that we need to jump to 4.0 first, and then to 4.1.3 as there is no direct upgrade path.Here are some of the questions however:Can we upgrade Panorama 3.1.8 -> 4.0 -> 4.1.3, and then do the same to the firewalls at a later time? What's ...

KGC by L3 Networker
  • 4138 Views
  • 3 replies
  • 0 Likes

User-ID: Radius

Our students that use our wireless must authenticate to Cisco ACS using their domain credentials before gaining access to the network. How can I setup my User-ID agents to properly log the student wireless name and ip? Will this need to be a change on the domain controller, acs, or the pan-agent?Thanks for any advice!

u10723 by Not applicable
  • 3127 Views
  • 1 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks