This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4473 Views
  • 0 replies
  • 0 Likes

RFC1918

Basic trust to untrust policy I see internal address sending snmp to addresses like 10.0.0.1, 192.168.1.x. Do people create a policy to block internal traffic going to RFC1918 on the untrusted interface?

Using Radius Authentication Peap-MSCHAPv2 for PA Management Interface Error: 400

Hi Guys, I was trying to add Peap-MSchapV2 for our Radius Authentication for Management Interface. I configured Radius Server Profile with PAP with Windows NPS, seems everything is working fine. And then I generate a new Certificate Signing request and signed by Organisations CA server, and downloaded the intermediate certificate etc and u...

MangLai by L1 Bithead
  • 3912 Views
  • 2 replies
  • 0 Likes

How to set 2FA to local superuser

Prerequisites Currently, user has two admin accounts. Default local admin account(Superuser) New local admin account synchronized with Cisco Duo(Superuser) End user has to consider how to treat “Default local admin account”. As a result of consideration, the following items are the options to deal with it: Option1: To make “Default local admi...

Config Change Tracking

Looking for suggestions of how others track config changes: who made the change and what changed; similar to config audit but for every change made over time. The goal is training and accountability. I’m aware of Rancid, which may or may not work as it’s intended for Cisco configs, and looks to only provide diff output. Syslog is an option but...

MS-SQL Issues with 8656-7766 Dynamic Update? Citrix-Director seems to have broken it

So, this morning, all going swell. P1. Hm, okay. Looks like an application issue, SQL related. Nothing on the firewall or policies were touched. The policy is using Layer 7 App-ID MS-SQL to get a server to communicate with the MSSQL server over TCP-1433. At the end of the day I had an idea to remove protect profiles and drop from Layer7 to L...

SpiroKU by L1 Bithead
  • 3588 Views
  • 3 replies
  • 0 Likes

No "Apps Seen" / Policy Optimizer data on Panorama

Hi, We have a new deployment of Panorama using Datalake storage. Log data from the firewalls is successfully coming through to Panorama, however, there is no "Apps Seen" or info shown for apps under Policy Optimizer. Rule Usage data is available, and the app data is shown correctly on the local firewalls. Setup > Management > Policy Ruleba...

SARowe_NZ by L3 Networker
  • 5448 Views
  • 4 replies
  • 0 Likes

Management interface dropping packets

Hi, My monitoring system is detecting packet loss on my panorama device. When pinging the DG there is no packet loss. When checked the interface stats on the cli I can see the below. admin@MANPANORAMA01(primary-active)> show interface management -------------------------------------------------------------------------------Name: Management ...

Is the IP on any EDL?

Is there any place that I can put in an IP address and see if it is on an external dynamic list somewhere? Going to this site:https://docs.paloaltonetworks.com/resources/edl-hosting-service and clicking around hoping to hit the right one (such as Azure > Public Cloud) and then having to go through each cider is brutal and time consuming.

How to implement BGP and eBGP on Palo

Hi, I am migrating WatchGuard to Palo and there seems to be a lot more configuration options on the Palo. WatchGuard configuration is below. What is the best way to configure this within Palo? Where is the option to set default-originate? router bgp 64801bgp router-id 169.254.3.3timers bgp 4 12neighbor 10.200.34.2 remote-as 64601neighbor 10...

Resolved! Internet/Download speed is less or frozen when traffic is passing through 440 FW

Hi Guys. Recently we changed the slow internet provider to a faster one with 100/100 (up/down load). It was changed on the same interface of the FW. ( Eth1/2- same for the old and the new service provider) Ever since the change, the download is intermittent or the download freezes. Below is the detail session view of the session when the downloa...

paragkarki143_0-1670208301352.png
paragkarki143_1-1670208709298.png
Pras by L4 Transporter
  • 8518 Views
  • 5 replies
  • 0 Likes

What expression to use to block/permit an entire website?

I'm having trouble figuring out what expression to use(in a Custom URL Category) to match any variation of HTTP requests for an entire website. For example, I want a single expression to be able to match/block/permit the following HTTP requests... example.com/ example.com/path abc.example.com/ abc.example.com/path xyz.abc.example.com/ xyc.abc....

jambulo by L4 Transporter
  • 1603 Views
  • 1 replies
  • 0 Likes

Resolved! Unable to access KB, Support Cases, etc.

I get SSO errors whenever I try to go to any PaloAlto site besides Live and support.paloaltonetworks.com. I went to open a ticket to have the problem solved, but I am unable to do so due to an SSO error. How am I supposed to go about getting support for this?

mchurch_0-1671214775422.png
mchurch by L0 Member
  • 1716 Views
  • 1 replies
  • 0 Likes

A new comment has been added on a case [Case#: 02407876] - Unable to log into Support Portal

Dear Sir, Asper our dictation we install two Palo alto PA440 box in CESC office and for registration we create a account username: ********* and Password: *********** and it create successfully. But when we try to support portal by using the account details it display (UnAuthorized Access /Your membership has expired or has not been approved, p...

cesc_da by L0 Member
  • 1667 Views
  • 1 replies
  • 0 Likes
  • 24380 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks