This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4445 Views
  • 0 replies
  • 0 Likes

FQDN Object in Policy - not working but FQDN seems to resolve properly

I've never had the opportunity to use or need to use an FQDN in a security policy before but my first attempt to do so does not seem to be working. I'm trying to use an FQDN to restrict IPSEC/IKE traffic from a Virtual Network Gateway (VNG) in Azure. The public IP has to be dynamically assigned and we tear down the VNG and put it back in place ...

PanOS 10.1: DHCP server missing hostnames / descriptions

PA220 running PanOS 10.1 managed via Panorama 10.1. Prior to PanOS 5.something, you could not add a description to an IP reservation in the DHCP server configuration. Later in 5.something, a description field was added. This works. You can add a description and see that description when looking at the DHCP Server configuration in Panorama o...

fjwcash by L4 Transporter
  • 1878 Views
  • 1 replies
  • 1 Likes

Resolved! DHCP feed to Cortex XDR

Dear all, I have troubles to feed our DHCP logs into Cortex XDR. I watched this Video: https://www.youtube.com/watch?v=rxmn1sYzIlY and for the installation I used this manual: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Windows-DHCP-using-Elasticsearch-Filebeat?tocId=1oUsTnJzhhrKS...

PeterSchlageter_0-1696938683614.png
PeterMS by L1 Bithead
  • 4175 Views
  • 4 replies
  • 0 Likes

Removing a device from Panorama - what happens to shared objects?

I want to remove a device from Panorama and have it continue to work independently. I have a lot of shared objects - addresses, address groups, URL categories and schedules. What will happen to those objects when I remove the device using this procedure: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cmd6CAC will ...

indypl by L0 Member
  • 1469 Views
  • 1 replies
  • 0 Likes

Resolved! The Serial # no is showing as unknown!

Hello experts! In my Palo Alto web interface, the Serial# is showing as unknown, and I know that unknown means the firewall is not licensed. To view traffic logs on the firewall, you must install a valid capacity license. How can I have my firewall licensed? I have deployed the Palo Alto VM series firewall from the Azure marketplace. and the ...

NidhiNC01_0-1698722519479.png

Creating user-ip mappings from the command line.

Is it possible to authenticate machines to Captive portal from the command line? We have several linux machines who don't have access to the web browse only command line. Can these be authenticated through curl or any other command line tool?

Using PAN as a DHCP Server - MAC Addresses are Case Sensitive

Hi everyone, I'm having an issue trying to tell our account representative that PAN should treat upper-case or lower-case (or even mixed) MAC addresses as one entry. I say this because I had an entry in our PAN DHCP Server all in lower-case (entered manually); later, I copied a MAC address into the system was wondering why the device didn't p...

Resolved! DNS Security Filtering

DNS Security Filtering - baymanager.fullswingapps.com - has been classified as "phishing" and is currently being blocked by the DNS security filter on our PA firewall. This is a website for managing Full Swing Golf Pro simulator customer sessions on our equipment. How do we request a classification change for PAN DNS Security? Thanks.

IPSec Tunnel data flow

Hi All, I recently established an IPSec tunnel between our Palo Alto firewall and a Fortigate device. The connection appears to be functioning properly, as indicated by a green status. However, I've noticed that instead of utilizing the IPSec tunnel, data is being transferred through the WAN interface. Can anyone provide assistance with this i...

BRaj23 by L0 Member
  • 902 Views
  • 1 replies
  • 0 Likes

Resolved! Palo Alto Proxy IDs Bidirectional?

Hi everyone, I am a bit confused about proxy IDs when it comes to tunnel negotiation. Lets say I have a tunnel I am building with a vendor. My encryption domain will be 192.168.1.0/24 and my vendor will have 192.168.2.0/24. So lets also say the vendor has an ASA so I will add this proxy id to my phase 2 config: Source 192.168.1.0/24 Destination ...

PAN-186584

Happy Friday, Have anyone experimented similar behavior reported under PAN-186584 on VM-Series? #PAN-186584

Pre go-live Health checks for auto deployed VMs in AWS

Not sure how to post in the automation section anymore as it now has been moved to read only. Anyways.. need some insight please. so we recently did a POC to use Terrarorm to autoscale / deploy VMs in AWS cloud. all good and working. However we need to do a use case for health checks to verify a VM is setup correctly before it goes into produc...

PA_nts by L4 Transporter
  • 1404 Views
  • 2 replies
  • 0 Likes

Resolved! Why cant a URL be used directly in a policy?

Hi, I understand that to block an individual URL it has to be in a custom category before it can be used in a policy as a destination. For my own education and curiosity, my question is why must it be in a category? What is the processing logic in the firewall that makes this a requirement?

ABurger by L0 Member
  • 1793 Views
  • 2 replies
  • 0 Likes
  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks