This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4464 Views
  • 0 replies
  • 0 Likes

PA 5220 (PAN OS 8.1.10) Active / Active not synching tftp traffic in asymmetric routing scenario

Hi Experts,I have the following scenario: a pair of PA 5220 (running pan os 8.1.10) in an ACTIVE / ACTIVE Setup (session owner 1st Packter - session setup 1st Packet) -We have been running Active / Active since roughtly 2 Years now without any significant problems. However tftp (PXE Boot) session in an asymmetric scenario do not get properly syn...

SSO Error when Accessing KB or Supportcases Portal

Hello all, Recently (these two weeks) I have encountered SSO Error when browsing to KB & Support Case pages which I don't have such issue before. https://knowledgebase.paloaltonetworks.com/ https://supportcases.paloaltonetworks.com/_nc_external/identity/saml/SamlError Tried with Chrome and Edge, clear the cache which showed the same...

SeanDeHarris_0-1657263836839.png

Captive portal SSL decryption policy requirement

Hi, PAN has the following document [1] which says you need to have SSL decryption in order to redirect SSL pages to captive portal.To me it doesn't seem to be accurate. Response page [2] workaround seems to be doing the same i.e without having an SSL decryption policy, I see that SSL pages are redirected to captive portal properly. What am I mis...

CRL Distribution Point (CDP) Config

Is there a place in the PAN-OS to configure the CDP address or does it only learn it from the certificate? We have a new CDP we are testing and have added it's IP to our cert but the firewall is not attempting to contact it, only the second one. Is there a way to force it to connect to the new CDP?

LEEF Format

Dear Team, Appreciate your feedback as we facing challenges with LEEF format when we configure a Syslog server with a custom log to allow integration with the Qradar SIM solution. We use the same format as mentioned on the IBM website below, https://www.ibm.com/docs/en/dsm?topic=panps-creating-syslog-destination-your-palo-alto-pa-series-devi...

Dual ISP Global Protect Redundancy

Hi Team, I hope ye all are well. We recently worked a case for a customer that had dual ISP configuration and wanted the Palo Alto Networks device to provide redundancy for the Global Protect Portal and Gateways in the event one ISP went down. We came up with a handy way of providing this using NAT rules and a loopback and I am posting this to ...

interfaces.PNG
loopback.PNG
natRules.PNG
VirtualRouters.PNG

ESA | ELA When license price is increasing

Dears, If we get an ESA / ELA let's say for 3 years, we pay the hardware, and then we would pay an initial price for support and licenses. Next, If the list price of support and /or licenses increase during these 3 years, and then we buy more hardware to include under ESA/ELA, what is the support and license that apply to the new hardware? Is it...

ftesta77 by L0 Member
  • 2611 Views
  • 1 replies
  • 0 Likes

Where can I find my Customer ID or Sales Order Number to register an account?

I am trying to setup an account to create a case. I have my serial number, but not the customer ID or sales order. Since one of these are required in the registration process, I am not able to open a case. I do have access to my paloalto unit online in case I can find anything there or register with information associated with what I can pull...

BJackson by L0 Member
  • 13038 Views
  • 4 replies
  • 1 Likes

Error Handling in Custom Playbooks

Hello all, To handle with different types of playbooks and tasks, is there any implementation method or best practice guide to identify errors in playbooks. If a task or subplaybook stucks in main playbook I want to get informed about it and handle with it. If you have any sort of guide or advice I am open to hear it. Best regards

UmutAK by L1 Bithead
  • 1663 Views
  • 1 replies
  • 0 Likes

Nuevas ISO 27001, 27005 y 27005

Como las nuevas versiones de las los estándares ISO 27000 se integran en la realidad de la seguridad de la información, y como se llevaría mejor su implementación? #ISO27000 #ISO27001 #ISO27002 #ISO27005

Resolved! DNS security question

I have a question about DNS security and what exactly it does. For example, if I configure all DNS security domains to "sinkhole" but we already have our URL filtering profile blocking all of these domains already is configuring DNS security redundant?

Claw4609 by L5 Sessionator
  • 3495 Views
  • 4 replies
  • 0 Likes

Resolved! Help with DNS?

Hello Live Community. I am in a bind. I have all of our clients on networks using DHCP from our Palo Alto and pointing to Googles servers for DNS. Very quick and slick. unfortunately I need all computers, tablets, phones, etc... to see a server inside our Palo Alto. Is there any way to do this without compromising the DNS settings, or speed? ...

JCMoritz by L0 Member
  • 2378 Views
  • 3 replies
  • 0 Likes

Block SSH traffic

We are using PA 5250 firewalls. We are not using decryption on it. Now, we want to filter the ssh traffic satisfying all these 2 conditions: C1) Allow access to *.mywebsite.com for ssh traffic AND allow file download upload C2) Allow access to abc.xzy.zom and jkl.efg.com for ssh traffic AND NOT allow file transfers Because we are not using...

PAFWNoob by L1 Bithead
  • 2483 Views
  • 1 replies
  • 0 Likes

description update in security rules via Panorama CLI

Hi Team, i was trying to update description on existing multiple security rules via Panorama cli. but found that if i add description via cli it just simply replace the whole existing description. So, is there any way to add/update the description without removing the existing description on rules. Thanks Virender Singh

vsingh31 by L1 Bithead
  • 1901 Views
  • 1 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks