This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Issues without using Proxy IDs on IPSEC tunnel

We are running into issues with VPN when we chose not to use PROXY ids between two PA firewalls. We see it works fine when we add the proxy ids, but we shouldn't need to if both of them are Palo Alto, isn't it? We see phase 2 keeps failing and the tunnel would not come up. "IKE phase-2 negotiation failed when processing proxy ID. Cannot find mat...

GLOBALPROTECT split navigation

Hi everyone. Currently I have a request. When vpn user is accessing throught globalprotect is necessary that fullfill two thing: If device is corporate (domain) he can use internet resource enterprise internet. But, when device is personal he must navigate with their own personal internet resources. Can I reach this with HIP profile and split...

apazmino by L1 Bithead
  • 2020 Views
  • 3 replies
  • 0 Likes

VPN Proxies

I have a VPN tunnel, which is up and running. I have two proxyIDs in the tunnel with the same local address but different remote addresses. I can only get one proxy to connect. For example, I currently have proxyID1 connected and can ping the other side. In the CLI, if I type test VPN ipsec-sa tunnel tunnel-name-proxyID2. It does not come up. I ...

perton by L0 Member
  • 1365 Views
  • 2 replies
  • 0 Likes

TS User-ID and FSSO in the same server

Good morning, reviewing the documentation of palo alto and fortinet informs me that they use the same internal ports for the fsso and for the user-id and to rule it out completely I wanted to know if you could configure the fsso and the user-id in the same server and that they are working simultaneously.

review cached URL continue challenge entries

Hi Guys, according to below article URL entries is cached for users per category.is it possible to check cached entries per user/URL/category to see current state? Continue Action in URL filtering not working as expected Thanks,

jogyulas by L0 Member
  • 1338 Views
  • 1 replies
  • 0 Likes

Palo alto panorama - Any advice on how we can deal with old logs?

We would like to migrate logs from M100 to M200 – Could you please advise how to proceed? M100 has 4x2 disks M200 has 2x2 disks M-100 appliance to an M-200 or M-600 appliance- I understood this from the below URL. Kindly correct if any change Log migration is not supported. The M-100 appliance logging disk form factor is not supported on the M...

Blocked traffic log has no url logged

I want to look at the url address of a data packet that was blocked by a deny rule. I had url filtering applied on the rule but the denied traffic log shows the url category but not the url address. Please advise me in logging url address for denied traffic. TIA

LACP Aggregate Group with Subinterface

Hi everyone, I'm trying to set-up a Subinterface on a Aggregate group with LACP on a PA-3020 and a DELL 6248 switch in a test envoirment. If I assign an IP on the default VLAN to the Aggregate Group everything works but I can't seem to get the Subinterface to work, I've tested a Subinterface on a standard interface which also worked. Below is th...

Resolved! TS-Agent CANNOT redistribute user-ip-port mappings

I wanted to put this out in the forum to to save someone time and answer the question on the use case of TS-Agents participating in user-id redistribution. In a long trouble-shooting period and TAC engagement, it was confirmed that you cannot redistribute user-id mappings obtained from a Terminal Services (TS) agent.We have submitted a FR for th...

Resolved! Configuring DNAT on PA-820

Hi All. I'm running into a bit of difficulty for setting up a DNAT configuration on my PA-820. Essentially what I want to do is remotely access an iMac workstation from outside the LAN. However, I don't want to advertise port 5900 I want to setup port translation from 2485 to 5900 to a particular host on the LAN. I've created a DNAT rule as fo...

KGH0511 by L1 Bithead
  • 5156 Views
  • 8 replies
  • 0 Likes

Using wildcards in a query on the traffic log and in custom reports

I was wondering if wildcards are supported on the reporting interface of the Panorama?Actually I would like to run a very specific query on the traffic log. In the normal traffic log we see all the traffic of all our users.I would like to report on the traffic patterns based on a certain kind of domain users. Therefor I need to be able to single...

Choosing the Right Cloud Delivered Security Service for E-commerce Platform

I've been researching various cloud delivered security services for our e-commerce platform, and I'm a bit overwhelmed by the options available in the market. Our main concern is ensuring the safety of customer data, Nexus-iceland portal app especially during transactions, as well as protecting against DDoS attacks. I'm leaning towards a managed...

Unable to get support

We cant go online to submit a support case because no products come up when entering any of our devices. Called support and entered our serial number but it will not take because we must submit a case online first. Called back and this time tried to submit a administrative case thinking I could get someone to help, nope Called back and chose d...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks