This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4231 Views
  • 0 replies
  • 0 Likes

MOST COMMON ERROR MESSAGES

In your experience, what are the most common mistakes you have had when implementing Cortex XDR in a company?, enable ports, basic configuration, etc. Cortex XDR

Resolved! Understanding Static NAT

Hi All, When it comes to Static NAT it will be one to one NAT in vendors like Checkpoint and Cisco ASA. I am bit confused with the NAT configuration in Palo Alto. Went through config guide and examples of NAT as well but still confused. We have a scenario as below. We have 3 zones - WAN, LAN and DMZ. Users want to reach DMZ interface from WAN an...

Resolved! Can log in PAN OS VM

I get this error when i try and log in OZ3-06-05 06 : 11.0Z5 -0700 Error :sysd_construct_sync_importer(sysd_sync .c : 360): sysd_sync_register() failed: (111) Unknown

mzedalis by L0 Member
  • 2839 Views
  • 1 replies
  • 0 Likes

file blocking profile not working for SFTP

Hii we are trying to access our internal storage using SFTP from internet. after applying file blocking profile we are able to access mentioned files but firewall not restrict the file. we found that file blocking is not happening. Please advise how to block files when using SFTP.

Resolved! unknown command during SSH script

by testing a ssh skript i get an "unknown command" error from the CLI user@host:~/> cat reset.sh ssh -t -t fw.domain.de << EOF set cli pager off show user ip-user-mapping all type CP debug user-id reset captive-portal ip-address 1.2.3.4 quit EOF user@host:~/> ./reset.sh Last login: Fri Jun 2 23:05:16 2023 from 10.10.10.11 set ...

mhuels by L3 Networker
  • 2650 Views
  • 1 replies
  • 0 Likes

Resolved! Running Security LifeCycle Review SLR for a NGFW

Hi All, I have access to the PA HUB and want to run a SLR review for a client's NGFW (i have a statsdump file) however it is asking me to activate this service and requires a cortex data lake instance of which i don't have one, is this still doable? also if i do activate - what does it entail if i want to run future SLRs for potentially other cl...

Ants by L1 Bithead
  • 3215 Views
  • 2 replies
  • 0 Likes

Certificates not appearing in XML running configuration

Dear colleagues, I am having trouble with the custom Nagios plugin check_paloalto, specifically with the "certificates" check. The rest of the checks are working fine. Basically, the "certificates" check leverages the API calls and parse the XML running configuration file to find the certificates. The issue is that my firewalls (which are ma...

GGarolla by L1 Bithead
  • 2187 Views
  • 2 replies
  • 0 Likes

Resolved! Unable to access bing copilot (Bing AI Chat) from Prisma Access Remote Network

Recently Microsoft launched the new AI powered Bing search engine with the integration of chatGPT and Edge browser. There is some issue with the Prisma Access and chatGPT and users are unable to access it from the RN and as well as from the Prisma Access VPN. This post describes how to access the Bing copilot from the remote network. If you ha...

Screenshot 2023-06-03 015800.png
Screenshot 2023-06-03 021843.png
taison by L0 Member
  • 7816 Views
  • 1 replies
  • 3 Likes

Resolved! Best practice for Active/Passive HA and OSPF

I configured Active/Passive HA in an environment where the firewalls connect to a core switch. There is an OSPF adjacency exists between the active Palo and the core switch. I'm curious what the best practice is for OSPF and HA. When tweaking the OSPF settings on the Palo, disabling OSPF graceful reset/strict LSA checking led to a vastly quicker...

inssider by L1 Bithead
  • 10753 Views
  • 2 replies
  • 0 Likes

Inquiries about PBF nexthop settings when the ISP is a DHCP Client

1. Issue: PBF does not operate normally when the public IP received from the line is a dynamic IP 2. Measures- If the circuit IP is a static IP, check the normal operation by inserting the gateway into the PBF – Nexthop setting- If the line IP is a dynamic IP, check the normal operation by inserting the gateway into the PBF – Nexthop setting At...

HilineISP_Tech_1-1685668963739.png

Understanding URL Filtering security profiles vs Rule Action

Hi!I have a pretty basic question that I couldn't find the answer to - am hoping that someone could help me understand this. Let's say I have a security rule: Rule 1: src=192.168.1.0/24, Dst=192.168.2.0/24, Svc=Any, Action=Allow, Security Profile=Antivirus, URL Filter (which blocks Gambling sites)Rule 2: src=192.168.1.100, Dst=192.168.2.100, S...

Resolved! IKEv2 tunnel does not restore after HA failover

I have an IKEv2 IPSec tunnel that does not automatically restore after an HA failover. Once the IKE-SA and IPSec-SA is manually cleared, the tunnel eventually restores. I have other IKEv2 tunnels that restore after several minutes with no intervention. The VPN is configured to a GRE router so the only application I'm seeing on the session is "...

Cortex XDR: How to block execution of some unwanted apps

Hello All, We have observed some unwanted applications( Any desk, WhatsApp) used by end users in customer environment. Is there any way apart from blocking the hash present in cortex console which will block the execution of such files. Thanks in advance. Regards, Sakshi Seth

When logging into the community can I turn off the email a code?

Whenever I want to log into the palo alto networks community, it asks to email a code to my email address. Sometimes I think it already did but nothing came, but in reality I never clicked the button to send the email. Is there a way to turn that off, or maybe do a push notification to Duo instead? This is why I use the r/paloaltonetworks subr...

ksauer507 by L3 Networker
  • 1267 Views
  • 1 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks