This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Resolved! Show hit count in CLI

I was searching this forum and official documentation, but I can't find the following: Is there equivalent to Cisco ASA "show access-list acl_name" command in the PAN-OS CLI. I am looking for the command that will show hit count for every configured security rule. Also if the object groups are used either in source or destination address it woul...

Resolved! Point to site VPN on pan 0S 11+ (Client to remote VPN server)

I remember reading some where Palo Alto firewalls works like a client to access remote VPN servers eg I can setup the PALO to access a OpenVPN server and give access to user on my palo managed local network to access that remote resource, than user installing the OpenVPN application on their computer and connecting. Hope I'm making any sen...

din100 by L3 Networker
  • 2613 Views
  • 3 replies
  • 0 Likes

Impact of run tcpdump on every interface.

Hi, We need to execute tcpdump in PA-VM for a specific reason. We need to TCPdump data from firewalls for 15 minutes at various intervals; there is no specified source or destination. When we run tcpdump from every interface, we want to know if it has any effect? The current utilization Management CPU 15% Data Plane CPU 65% Session Count 2484 ...

Data From ACC Not shown for 15 minutes and 1 hours

Hallo All, I have issue after upgrade PANOS 11.1.0, The ACC can not shown data for 15 minutes or 1 hours. except both I mentioned, all time running well. We have restarted log-reciver and still not shown data 15 minutes or 1 hours. We have conclusion for update to 11.1.1 for fixing issue. After upgrade to 11.1.1, issue still same. ...

Panorama Log Collector Device Replacement

Hi There, One of the cluster's PA firewalls was faulty and replaced with the RMA unit. In the environment, we have a Panorama setup as a log collector. As the policy packages are not managed in Panorama, is modifying the faulty device serial number sufficient? I hope I need only to perform the below steps. https://knowledgebase.paloaltonetwo...

User ID agent going to non- AD servers

Hi,We have a userid_agent installed on our server, our security team noticed the excessive session denies between the userid agent server going to other non-AD servers in our azure firewall, can anyone help me confirm if this traffic from our userid agent server going to non-AD servers are legit traffics?

Daryl_Cruz_1-1706767342887.png

Custom Report not able to see last month report

Hi can anyone assist me with the document how to check what went wrong with the report as we generate report last month but only appears recent logs FYI, we have done generate report monthly previously without issue . we need to know where we want to check . PAN-OS 9.1.16-h3 Thank you

Global Protect to Manage 100+ FW VPNs

Does anyone have any good redirects to information about how to manage an enterprise of PA FW's using Global Protect? I'm under the impression that Global Protect is primarily just for use of remote clients. I thought there was a way to use Global Protect to manage a large volume of FW's VPNs. Anyone have any suggestions? In the meantime, I'll b...

GlobalProtect authentication with Azure SAML question for multiple portals.

Hi All, maybe more a question for Azure, will do more research but thought in the meantime id check with the livecommunity also. so trying to find out if this is possible.. not that familiar with Azure side of things. we have 1 Panorama that manages a number of NGFWs all in their own device groups/template stacks etc. FW_A has a gp portal ca...

PA_nts by L4 Transporter
  • 2672 Views
  • 3 replies
  • 0 Likes

Resolved! Dynamic Update License

Hello There, I'm currently testing a PA feature for deployment. I need to update the dynamic updates before I upgrade the PAN-OS to the desired version. If I'm not wrong, the license is required for the offline dynamic update installation. I hope an advanced threat protection license is sufficient for offline dynamic updates.Thank You in advance

Source NAT question

hello, Is it possible to make NAT source by specifying the source port on which I appear for the remote server? let me explain : I am located in an inside zone and I would like to go to a specific zone that we will call "partner"I would like to access a server at this partner by specifying my source port 5060. (not the destination port of the ...

CAMIEG by L1 Bithead
  • 2475 Views
  • 6 replies
  • 0 Likes

Urgent Updates: PAN-OS Expired Certificates

Hi everybody, We have trying to update or upload an update for our NGFW Palo Alto 220 on the November 2023 advisory. But when we logged to our Customer Support Portal and try do all the recommendations, we had trouble in the pre-last step which says: "Select the PAN-OS version and the corresponding hotfix for your NGFWs and Panorama" where we ca...

Buzachi by L0 Member
  • 1929 Views
  • 4 replies
  • 0 Likes

Resolved! Old 4020 box running 5.x code.

Team, We have a old 4020 box running the Palo Alto 5.x code. We are looking to upgrade this to 10.x and wanted to know the best path recommended for this upgrade. Thanks! N

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks