General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Join the Fuel User Spark Event on March 19: Dealing with Threats !

 

Join us at the Fuel User Group Spark Event on March 19!

 

Get ready to ignite your cybersecurity knowledge and connect with industry experts at our upcoming Spark event hosted by the Fuel User Group. Whether you're a seasoned professional or just

...

kiwi_0-1709893724672.jpeg
kiwi by Community Team Member
  • 280 Views
  • 1 replies
  • 2 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3161 Views
  • 2 replies
  • 14 Likes

ECMP, interface, zone and security policy question

Hi guys

I am quite new to Palo Alto NGFW. We have on-prem PA-32xx on 11.0.3.

I am having trouble with static route ECMP for redundant IPSEC tunnels to AWS.

Previous guy configure both tunnel in different zone (lets say AWS1 zone and AWS2 zone) and th

...

Port forwarding

Hi,

I need same help with port forwarding (Im new in this)

I want to forward external port 5078 from static public IP address to port 5060 on local IP address 192.168.168.200

 

If possible help step by step thank you very much
 
Best
Danijel
 

NET123 by L1 Bithead
  • 275 Views
  • 3 replies
  • 0 Likes

Resolved! Device Administrators

Hello,

 

Can a "Device Administrator" unlock users in "Authentication Profile"?   Don't want to give user "Super User" unless there is no other choice.


Thanks

Rich

rcraxton by L1 Bithead
  • 394 Views
  • 6 replies
  • 0 Likes

User-id Agent Windows defender firewall issue

We have the PA User-ID agent installed and configured on a Windows 2019 DC.

 

The problem arises when I enable the "Domain Networks" defender firewall the agent losses the connection to the PA firewall under "Connected devices" in the agent view. Dis

...

Strachf by L1 Bithead
  • 914 Views
  • 2 replies
  • 0 Likes

Resolved! ECMP Strict Source Path

Hello.

 

In ECMP settings there is Strict Source Path option to enable. But I can't find any descriptin about this option anywhere. Anyone knows what exactly does this option do? 

santonic by L6 Presenter
  • 17219 Views
  • 9 replies
  • 2 Likes

PA-1410 HSCI compatable cables

Hello there,

We're upgrading from a pair of PA-3020 firewalls to new PA-1410s and require a DAC cable for the HSCI ports. However, we're unsure which vendor/brand offers compatible options.

Specifically, we're considering the following cables:

  • Cisco
...

AK74 by L2 Linker
  • 285 Views
  • 1 replies
  • 0 Likes

Resolved! Trouble routing from Guest zone to Internal Server

I'm not sure where to turn from here but my organization is trying to do a configuration we haven't set up before related to our student self-service system.

 

To try and summarize the issue, we have a guest-wireless zone that we need to allow anybod

...

cnorwich by L1 Bithead
  • 392 Views
  • 5 replies
  • 0 Likes

Resolved! Site to Site IPSEC Clarification

I'm moving from a Cisco ASA to a Palo Alto firewall for the first time. I've imported the config to Expedition and am prepping it for import to the firewall, but I noticed only the first of my crypto peers for each tunnel was imported to an IKE gatew

...

Palo Alto Search Filtering in Contains

Hello,

 

I write a basic python code for 'contains' filtering in in rule name search. And I want to share with community also community can give an advice for me.

 

The code: 

"""""""""""""""""""""""

def generate_output(numbers) :
    output_strings
...

tombombadil_0-1706780527481.png

Dual VPN failover confusion...

Hello everyone,

Can someone offer some clarity on my questions regarding these two Palo Alto kbs?

 

1. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POO0CAO&lang=en_US

 

In the screen shot, both primary and secondary tunne

...

VK9H13 by L1 Bithead
  • 557 Views
  • 8 replies
  • 0 Likes

Global Protect Asymmetric routing issue

Hey team hope someone can help me. I am pretty new to Palo and I am trying to setup Global Protect PreLogon in our corporate environment. I have managed to get it all working in the lab (awesome) now doing that in the live environment is different ba

...

Shadmin by L1 Bithead
  • 2852 Views
  • 4 replies
  • 0 Likes

Radius Group for GP authentication

Hi All,

We need to setup a specific user group in Radius should only access the GP. No other users should access GP. Currently authentication method set for GP is Radius and in the same radius we need a specific group of users only to authenticate.

M

...

Resolved! PAN-OS Uprage PATH to 11.0.2-h3

Confirming the Upgrade Path - Currently version 10.2.3-h2 upgrade to 11.0.2-h3 1.

Download 11.0 2. 

Download and install 11.0.2-h3  

 

Am I correct? do I need to reboot twice for this OS upgrade?

 

NGFW 

  • 24090 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels