This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

NAT Sanity Check

Hi Can I sanity check a NAT rule please. We have a small satellite office with a PA as the firewall. We only have /30 subnet so one IP for the router and one for the IP of the external NIC on the PA. We need to have a connection for a service to a telephone system that comes from external to the telephone. So because of the IP limitation n...

Global Protect internal host detection is not working, when user is in branch office connected via to site to site vpn.

Case:Global Protect VPN is enabled in HO PA220.BO also have PA220, HO and BO connected over site-to-site vpn, If user is connected to HO LAN, internal host detection works and identify it as Internal corporate network. And if user is connected to BO LAN, it just connects to GP VPN even though site to site vpn is active and internal host detectio...

Transferring PA (already registered) license to other PA (already registered) device

How do I transfer one of my PA-220 license which is already registered to other PA-220 registered as well ? I might be able to do that if I can make one available in spare and then move my already registered PA-220 license to the spare device. Appreciate if you can write down steps and paste some screenshots. Thanks

Resolved! 303184

I need help I ordered my voucher on Palo Alto Market since 10/11/2023 and I received it I have not yet had the exam in my Palo Pearson view account I have written to Pearson several times view which sends me to palo alotstore which never replies to my emails can anyone help me

Resolved! Unable to authenticate against ISE when using External ID Source

So I have an interesting issue. I have a Cisco ISE server in our environment doing TACACS+ authentication for all our network devices. ISE is tied to our Active Directory environment, and users in certain OU's are authenticated and authorized based on the AD group they're in. I tried configuring one of our PA-440's to authenticate against the IS...

cullums by L1 Bithead
  • 10021 Views
  • 3 replies
  • 0 Likes

Resolved! X-Forwarded-For (XFF) operation query

Hello, We are evaluating the implementation of X-Forwarded-For (XFF) functionality for logs. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/use-xff-values-for-ip-based-security-policy-and-logging However, this functionality was activated and affected the traffic, denying traffic...

Alpalo by L4 Transporter
  • 1872 Views
  • 1 replies
  • 0 Likes

How to allow all the traffic from TLS V1.2 and above on firewall

Hi friends, we have a customer who wants to block TLS version 1.0 and 1.1 and to allow all the traffic from TLS V1.2 and above on firewall. Is there any option on palo alto firewall. Customer requirement is that they need to block it from the interface / port level. customer is doing a scan using a third party app. Can we have any way to mitigat...

PAN-OS 10.1 no Wildfire Submissions logs in WebGUI

Hi, I made upgrade on PA-220 to PAN-OS 10.1.0. After that the Wildfire Submission logs are not loaded in WebGUI. I only see the rotating progress circle in the upper right corner.In CLI the Wildfire logs are visible >show log wildfireOf course I have opened a support case. Just asking if anybody has the same issue and came up with a solution ...

500 Server Error for Miner nodes

Hello all, I am currently receiving error messages on two miners within minemeld regarding the "Last Run" while trying to pull and carve out new IoCs. The message I get when hovering over the error is "500 Server Error: Internal Server Error " Can anyone advise as to how to proceed. I am also running the plugin web-based version of minem...

PA-220 internet issue

Hi, I bought recently a PA-220 for home as I am very new on Palo alto in order to learn. My current setup is the following : ISP router -------> PA-220 -------> Netgear router I've set the zones, virtual router etc, policy. I am following that article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFkCAK ...

netipwiz by L0 Member
  • 959 Views
  • 1 replies
  • 0 Likes

PA OS upgrade issue and question

I am attempting an upgrade of my HA pair OS from 9.1.4 to 9.1.16 and am receiving the attached on the HA widget. It says verify they are syncing in the upgrade doc but this doesn't look like it is? Any help would be appreciated. Thank you

Options to NAT Porxy Server

Background: 10000 or so clients connect to the Internet through a cluster of proxy servers. The proxy servers sit on the inside of the network and share a single outside NAT address. So all external web related requests come from the same outside NAT address. Problem: Cloud services using Akamai and Amazon will periodically block our proxy...

Resolved! 2 isps 1 for ipsec tunnel 1 for user internet advice on how to do this

Hi Guys hope this a quick one, I have 2 ISPs want to use 1 for the site to site tunnels and 1 for the user internet I have created 2 interfaces for 2 isps interface 1/1 with 2.2.2.2 next hop 2.2.2.1 (isp for internet access some site to site ) interface 1/2 with 3.3.3.3 next hop 3.3.3.1 ( only for some site to site they only allow this ips) ...

din100 by L3 Networker
  • 4200 Views
  • 6 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks