This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4133 Views
  • 0 replies
  • 0 Likes

pan-os-python Panorama set_ha_peers() method not working

The document I'm referring to - https://pan-os-python.readthedocs.io/en/latest/howto.html > High Availability Pairs I've been working with the pan-os-python SDK, specifically with a Panorama High Availability (HA) pair. I'm following the documentation that guides on using specific methods with 'firewall pairs'. The primary advantage, as des...

vsurresh by L1 Bithead
  • 1748 Views
  • 1 replies
  • 0 Likes

How to Configure IPSec VPN Tunnel when a peer is behind a router without a static public IP

EnvironmentPaloAlto Next-Gen FirewallIPSec VPN TunnelTopologyPA1 ----- Router ----- PA2 Public IP of PA1 : 10.50.50.50Public IP of Router : Dynamic IPInternal IP of Router : 10.20.20.1Private IP of PA2 : 10.20.20.20 PA2 Private IP is natted by Router with Dynamic IP of Router itself 10.20.20.1 is the Default Gateway of PA2. This is my IKE Ga...

Iandrea by L0 Member
  • 2556 Views
  • 1 replies
  • 0 Likes

Resolved! IPV6 how to protect the hosts

Hi everyone, I learn the palo alto firewalls as I configure them. I have a PA firewall with 3 vlans, with management allowed over main vlan. My ISP provided the Ipv6/48 block and I have manage to redistribute it over the networks it works great. However considering eveyr ipv6 address is routable and I naturally have no NAT means that the dev...

nevolex by L3 Networker
  • 2345 Views
  • 1 replies
  • 0 Likes

Certificate-Based Administrator Authentication to the Web not work on Passive node cluster

Hello team, I am configuring a new deployment, " Configure Certificate-Based Administrator Authentication to the Web Interface" https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage-firewall-administrators/configure-administrative-accounts-and-authentication/configure-certificate-based-administrator-authenti...

Alpalo by L4 Transporter
  • 1708 Views
  • 3 replies
  • 0 Likes

PA-7000 Series PANOS-10.1

Hello, We have a PA-7050 firewall that we are looking to upgrade from 9.1.15 to 10.1.10-h2. We are following the upgrade path provided by Palo Alto however when we upgrade to the recommended 10.0 release or the 10.1 release the entire firewall configuration is wiped. We have mentioned this to PA support but they have only provided us wit...

Owen1 by L0 Member
  • 823 Views
  • 1 replies
  • 0 Likes

Sending logs to SIEM one file per type

I am an administrator of a SIEM, for this I have usually asked the paloalto administrator to send me the logs via Syslog using port 514 to the IP of the server I administer. After informing me that the process has been done, I check a specific route of my server where I can verify that the logs are indeed arriving in a file called user.log. ...

Error: failed to handle CUSTOM_UPDATE

HEllo, I am using 5220 series firewall in 2 different DC. versions 9.0.9 and 9.1.6. When I commit on both firewalls, I get a custom_update error. After check now the dynamic updates, I commit again and the problem goes away.Any suggestion,Thank you Kindly,

Resolved! Using HA without a virtual mac possible?

Hello, as the title says: I want to implement an HA active-passive setup on a virtualization platform that doesn't support MAC address changes on the VM side. Therefore, a newly generated virtual MAC is unfortunately not an option. So, is there a way to disable virtual MAC for HA? Thanks Tim

User-ID with OpenLDAP

Hi,I'm looking for a guide or guidelines on how to set-up User Identification with OpenLDAP. I've already set-up User-ID with Active Directory for an other customer but I fail to see how this is doable on a non-Windows machine (no PAN agent).Any help appreciated.Regards,Raphaël

Resolved! Palo Alto 2FA integration with OKTA not showing domain in username

Hello everyone, We have successfully deployed the 2FA authentication for GP Portal and GP Gateway with OKTA SAML. In Okta we have the active directory integration for the user-mapping at the okta instance. The login and 2FA is working fine but when the users log's in, they are displayed at the monitor sometimes with the domain (domain\usern...

Resolved! Internet and internal network sepration via virtual router

Hello, I am new to Palo Alto. I have basic question. Traditional setup I worked on my last project was as below, VRF on cisco router for - Internet -0 bgp - Production - bgp - DMZ - bgp FW connects to all 3 VRF. Route between VRF is via FW. FW harden the access. New project with PA and L2 switch for the same setup. My idea is ...

gondolf by L1 Bithead
  • 3786 Views
  • 4 replies
  • 0 Likes

cluster PA-5020 migrating to PA-1410

Hi Experts, We are migrating from Cluster PA-5020 to PA-1410, I have some queries below if you guys can help me out please. 1. For platform migration(PA-5020 to PA-1410), we can just upload configuration files on the new PA-1410, just recheck physical ports configuration and it will work please confirm. 2. Expedition tools are not necessary in P...

SNMP response on two interfaces? Possible?

I'm configuring NetFlow on our PA-5200. I'm collecting the data in What's Up Gold. WUG has a limitations (it appears) that the NetFlow IP that I use for the IP address also has to be respond via SNMP on the same address. However, the PA-5200 cannot send NetFlow traffic out its MGMT interface so I'm using our inside trusted interface to send Ne...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks