This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4449 Views
  • 0 replies
  • 0 Likes

VRRP with Cisco router LAN interface

My default branch configuration, the WAN router is the default route for the client devices on the LAN. Lets say 10.10.1.1/24My firewall is the default route of the WAN router, lets say 10.10.1.254/24.Cheap layer 2 switfh on the LAN, so no L3 routing option there.In the above setting, clients send all packets to WAN router, Internet traffic is ...

Move/clone/copy from FW Local Policies to existing Device Groups

Clone or move FW Local Policies to Device Groups Hello good afternoon, as always, thanks for the collaboration, time and good vibes. I have the following question. Due to bad practices some admins have made changes and added local policies. The Firewall in HA has its device-groups where there are a large number of policies, ie most, almo...

Metgatz by L4 Transporter
  • 4848 Views
  • 3 replies
  • 1 Likes

SAML for direct login on many firewalls

I got SAML working fine with Okta for Panorama. Very nice. Next, I have "many" firewalls which are managed by Panorama, and I find myself directly logging in to them frequently enough that it would be nice to have SAML for that too. (Context switching from Panorama to firewall would good enough to make me not care about direct login SAML but ...

Traffic hits on the ruler but does not show on the monitor

Hello,I have a problem in paloalto and is that I see that a particular rule increases hits but does not show the traffic in the logs, however, everything is configured to see it, if I see, the start and end of sessions but in the Fortigate in front of me I see much more traffic with that particular origin and destination. any help? Best regards.

Alpalo by L4 Transporter
  • 7089 Views
  • 1 replies
  • 1 Likes

Resolved! Looking for some advice on Licenses

Hello All, this is just a question to see the best approach, bear in mind this is not a tech question. OK in advance apologies for the next line. Our company is a gold partner for Cisco. However, we also support Palo Alto. I am a consultant for PA and noticed there are few products of which I do not have knowledge. As a partner, we could sell th...

Shadow by L2 Linker
  • 2649 Views
  • 2 replies
  • 0 Likes

Resolved! Dataplane issue

Hello i have 2 Palo Alto in HA Mode Active/Passive and yesterday the Active when down and i lost all the LACPs ,then i start to troubleshooting to see the cause and i found thiscould you tell me if is this bug issue or interface issue please ? 18/11/2019 16:09:23 ha ha2-link-change 0 general critical All HA2 links down18/11/2019 16:09:23 ha sess...

Resolved! Combined source & destination NAT in one rule

Can you perform source AND destination address translation on a single packet? I know NAT rule processing is first rule match so more specifically, can I have a single NAT rule that defines a source and destination translation?

plago by Not applicable
  • 7648 Views
  • 6 replies
  • 0 Likes

Resolved! Not recognizing standard ports like smtp. Instead showing as Not-Applicable and blocking

Having an issue with a PA-820 that isn't recognizing standard ports and instead flagging them as unknown and blocking them as Not-Applicable even though there is a policy with service ports specified allowing them through i.e. on-prem Exchange Server. It's blocking smtp on port 25 but allowing owa/ecp on ssl port 443 with no issues. I can get t...

Can Policy-based forwarding be used for routing the firewall connection for updates?

We've got a firewall that doesn't have a management interface connection. The default route for the firewall is configured across a tunnel interface. The service route has been been configured to use the outside interface- there's no option to use the tunnel interface.I'm trying to get Policy-based forwarding working so traffic sourced from the...

Problem with the access to the VPN Globalprotect on Android phone

Hello, I've been facing problems accessing the VPN since Wednesday afternoon from the application on my Android phone. I can't connect to the VPN network. would it be possible to tell me what's going on? I get an error message when I try to connect : GlobalProtect: Connection Failed. The network is unreachable or the portal is unresponsive. Chec...

Firewall rules for IPv6 targets

We are trying to implement IPv6 in our network, and as part of this deployment all our network resources should run on dual-stack (IPv4 & IPv6). Address objects Types in our firewall policy rules have been written based on IP (IP Netmask and IP Range), not with FQDN. (Option 1) To make the same firewall policy rule be used (for Ipv4 and IPv6...

Dereje by L1 Bithead
  • 5086 Views
  • 4 replies
  • 0 Likes

Radius authentication not working

We have configured Radius on our VM Palo but its not working. Provided screenshots of configuration we have on the FW and output of test command. Routing is defiantly in place as we can ping Radius server, however no traffic on 1812 reaching PacketFence Radius server. When done tcp dump - I can clearly see it's capturing pings but nothing for po...

URL Filtering log with action allow

Hi Folks, It seems my whole life is a lie... Apparently PAN FW will generate URL log for category with action set to allow. Yep, and the funnier thing is that you don't even need URL filtering profile applied on the rule. Someone may say I am crazy or I don't understand how PAN FWs work, probably both is true...But how would you explain the fo...

Astardzhiev_0-1674467140717.png
Astardzhiev_1-1674467723328.png
Astardzhiev_2-1674468007848.png
  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks