This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4456 Views
  • 0 replies
  • 0 Likes

Resolved! ztp firewall upgrade a panorama

Hi. So Upgrade ZTP Firewall for Panorama. Panorama OS : 10.2.4 ZTP Firewall OS : 10.1.2 The ztp firewall is not licensed. It was set up by referring to the link, but no update has been made. https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-upgrade/upgrade-panorama/deploy-updates-to-firewalls-log-collectors-and-wildfire-appliances-usi...

qmso475 by L3 Networker
  • 2164 Views
  • 2 replies
  • 0 Likes

GlobalProtect on a Chromebook using HIP check.

Here's something interesting that I'm running into. I have a Chromebook managed by Google Admin Center. I have GP 6.0.6-8 installed on the Chromebook. I am doing a HIP check for Host-Id. The Chromebook connects and the HIP info is verified until the Chromebook is rebooted or logged out of. Then on the next connection attempt the vpn connection i...

rnicic by L0 Member
  • 2682 Views
  • 3 replies
  • 0 Likes

Chromebook using always on, asks to install a certificate.

We are trying to connect our Chromebooks to GlobalProtect using always on. The Chrombooks are managed by The Google Admin Console. We are pushing the certificate as described by google. On connect GP askes to install a certificate. If I cancel then it says the cert in not found or invalid. If I try to install a cert there is not anything on the ...

rnicic by L0 Member
  • 2176 Views
  • 1 replies
  • 0 Likes

Resolved! PA-450 PAN-OS Sofware missing from Updates > Software Updates

Hi We have 4 PA-450 that are new out of the box and we need to upgrade the software on them to a newer realease. When i login to the support portal and look under Updates i dont find anything related to PA-450 under the content type to select from? If there a way to get a copy of a specific release and upload it to the devices? The Firewalls...

AdamGB by L0 Member
  • 5698 Views
  • 4 replies
  • 0 Likes

The dreaded User-ID, Dynamic TAGS, XMLAPI and Multi-vsys

Hi Community, my first post so hopefully I am in the right area.I am running a multi-vsys setup with 5220's in Active-Active HA and using XMLAPI calls from Aruba ClearPass to send login/logout info as well as tags for use in dynamic object groups. It seems to be hit and miss with tags being registered for clients/IP addresses particularly on one...

gfirth77 by L0 Member
  • 3022 Views
  • 1 replies
  • 1 Likes

Zone protection for VM series

Hi everyone, I was looking for PA best practices for VM series' zone protection but only found documents that talked about physical PA. 1. Are physical and VM series zone protection the same? could you point me where the docs for these are? 2. Under zone protection profile, flood protection, and SYN, there are 2 options 'Random Early Drop' ...

tinhnho by L3 Networker
  • 4854 Views
  • 6 replies
  • 0 Likes

Logging of allowed URL attempts without allowing other traffic

Here is a simple example on what I am basically trying to do. We have two rules that allow access to certain domains. Rule 1 : Allow access to domainX.com Source: LANDestination: IP-Group Security Profile: URL Filtering (Base-URL-Filtering-Profile) Rule 2 : Allow access to domainY.com Source: LANDestination: Any Destination URL Category: D...

User868 by L1 Bithead
  • 1616 Views
  • 1 replies
  • 0 Likes

SSL decryption and AppID

Today we use "ssl" AppID in firewall rules. In case we would enable SSL decryption, is it needed to add the AppIDs of the decrypted traffic to the firewall rules, e.g. web-browsing, java, flash, or is the AppID staying "ssl" even when traffic is decrypted?

Anon1 by L4 Transporter
  • 15900 Views
  • 10 replies
  • 0 Likes

Resolved! Configure second DUO for PA firewall MFA

We have configured a DUO Proxy server for PA firewall MFA and it works. We also configured the second DUO proxy server for redundancy. However, we don't know how to configure PA firewall to failover to the second DUO in a case the primary DUO proxy server is down. Any help?

boblin by L2 Linker
  • 9998 Views
  • 16 replies
  • 0 Likes

10.0.4.vm.eval shutting down - vmware workstation

Anyone had luck running 10.0.4 vm eval on vmware workstation? It shuts down right after initial startup, before I get a chance to login in console. There's more than enough CPU/RAM/Storage. Network Adapters are configured properly. 10.0.0 vm works fine in the same workstation. However my 10.0.0 doesn't have eval license, so limited functionality...

PanOS 11.0.1 DHCPv6 issues after reboot

Hi everyone, I configured a PA440 as a DHCPv6 Client and a Fritzbox 3390 as the DHCPv6 Server (with IA_PD & IA_NA). I also configured an inherited interface. The configuration is the same as here: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/dhcpv6-client-with-prefix-delegation I experienced some ...

JanHend by L0 Member
  • 4137 Views
  • 2 replies
  • 0 Likes
  • 24377 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks