General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1220 Views
  • 0 replies
  • 0 Likes

CRL with no internet

Hello,

 

I have a 440 with no internet access. I could not find documentation on the proper way to update the CRL when my firewall does have access to the internet. Thanks for any help that I might be able to get with this. 

Resolved! NAT

Hi Team,

 

Is there any way to get a history of when NAT oversubscription dropped packets/sessions? Or can I only get realtime data on that?

vij by L1 Bithead
  • 1642 Views
  • 1 replies
  • 0 Likes

VPN Monitoring "tunel-status-down[up]"

Model: PA450

OS: 10.1.8

 

ipsec-tunnel is working well.

The corresponding logs are continuously occurring.

 

I don't know if it's because of the tunnel monitoring option.

 

qmso475_0-1679037170582.png
qmso475_1-1679037290218.png
qmso475 by L3 Networker
  • 2310 Views
  • 3 replies
  • 0 Likes

Resolved! Honeypot - block IPs

We are looking at creating a Honeypot Website. The idea is to set it up with a much more restricted vulnerability profile so when hackers are scanning for certain vulnerabilities in the low and informational category their IP is blocked. The question

...

craymond by L4 Transporter
  • 2332 Views
  • 2 replies
  • 0 Likes

Dual ISP VPN failover with single VR

Hi All, looking for some assistance to configure VPN failover for DR/BCP.

 

I've attached a basic diagram below

 

Currently, static route monitoring is set up on the outside interfaces of the firewalls at Site A, so if upstream from Site A ISP 1 fails Si

...

Screenshot 2022-06-28 at 15.52.22.png

Use Cases - Autotagging - Using Dynamic Groups

Hello Live Community, good afternoon, thanks for your time and comments.

 

About automating and anticipating some possible blockages and denials using Dynamic Groups - Autotag can you support me and comment me with some use cases ?

 

Also, if

...

Metgatz by L4 Transporter
  • 1586 Views
  • 1 replies
  • 0 Likes

Resolved! Prisma direct access to Azure

Hello,

I connect from home via Prisma to on-prem.  I have a few domain controllers setup for pre-logon etc.

- what if my domain controllers were all offline or the firewall was offline

- can i have a domain controller in Azure 

I have setup a site to

...

ohareka by L1 Bithead
  • 2660 Views
  • 3 replies
  • 0 Likes

Resolved! what does "SWITCH" in hardware architecture mean?

One of my customers is using PA-3020 and thinking about replace.

When I comparing following diagrams, I have one question.

 

PA-3020 has dedicated "signature matching", "security processing", and "network processing" as below

 

Compare to above, PA-

...

Image 004.png
Image 003.png
Image 001.png
Image 002.png
emr_1 by L5 Sessionator
  • 3973 Views
  • 3 replies
  • 2 Likes

PA850 10.0.8-h2 upgrade to latest

Hello,

 

We have a customer with PA-850 running 10.0.8-h2 and they want to upgrade to latest.

As this firewall is placed in totally isolated environment and the customer wont allow to connect internet on firewall.

This firewall is in HA peer mode. 

A

...

Resolved! Active / Active HA IPsec tunnel setup.

Hi,

 

We have an Active/ Active firewall between 2 datacenters.  We have configured a single tunnel on a floating IP that is Active in Datacenter A to a remote Partner.  Firewall in DC A is currently in Active Secondary State,  Firewall in DC B is cu

...

zGomez_1-1681909533187.png
zGomez by L3 Networker
  • 3910 Views
  • 1 replies
  • 0 Likes
  • 24173 Posts
  • 117 Subscriptions
Top Solution Authors
Top Liked Authors
Labels