This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4104 Views
  • 0 replies
  • 0 Likes

Broken capture in SASE workshop registration

I'm not sure of the best location for this. I'm trying to register for a SASE workshop (and I'm not sure if it's online or not, but that's another conversation), and I need to complete a captcha. Unfortunately, I can't see most of it (see the attached). I've tried Firefox, Chrome and Edge. Any idea how to report it?

Bill-C by L0 Member
  • 881 Views
  • 1 replies
  • 0 Likes

Resolved! Paloalto Images not available

Hello Gents,I noticed, Paloalto has removed access to the VM resources.I dont see "Updates" tab in the menu.Earlier I used to download KVM/QCOW2 from my personal account (Not Organizational Account).But now its not available, can anyone help me download?Appreciate your support.

ssgilani by L0 Member
  • 1109 Views
  • 1 replies
  • 0 Likes

Bulk changing target device in policy set

I have several policy sets which have between 500-900 rules each and are being re-used for a firewall migration. Each of the sets has the old 850 palo set as the target device. To save time on migration night I am looking to change the target to "any" . Is there a way to bulk change all rules within a policy to now use any instead of clicking in...

MAllen_0-1756208384619.png
M.Allen by L1 Bithead
  • 896 Views
  • 1 replies
  • 0 Likes

Commit Failed on Passive Paloalto-3250-admin-role -> AdminRole -> role -> device -> webui -> objects -> packet-broker-profile unexpected here

Hi , Please help , after installed dynamic update of antivirus on Active & Passive PaloAlto-3250, commited successfully on Active but not able to commit on passive.. after commit failed on passive try another way made appication & threat shaedule none in dynamic update but again commit failed, getting below messages. DetailsValidation Er...

S2S VPNs using Self-signed Certificates

What is the procedure for configuring Site-to-Site VPNs using self-signed certificates? For example, we need to establish a VPN between Firewall A and Firewall B. The documentation describes how to create a self-signed Root CA certificate, but it doesn’t explain the subsequent steps related to certificate handling, such as: creating the certif...

ET by L2 Linker
  • 1152 Views
  • 2 replies
  • 0 Likes

Resolved! How to configure a site to site VPN with Self signed certificate

Hello folks, This might be a newbie type of question so I appreciate your patience..... I need to create a site to site VPN using a self signed certificate. I'm happy to do the site to site VPN. But ........... I'm not sure how to use self signed certs for doing this. Does anyone have any procedure of how to do this using certificates? Are there...

Jedi_D by L2 Linker
  • 6639 Views
  • 4 replies
  • 0 Likes

Resolved! Creating CSR with SAN via API calls

Hi, I am trying to create CSR via API calls with subject alternate name for hostname and ip address, but I cannot find it in documentation. Simple creation of CSR works for mehttps://10.XX.XX.XX/api?type=op&cmd=<request><certificate><generate><certificate-name>apicert</certificate-name><name>testing</na...

nm2025 by L0 Member
  • 1722 Views
  • 2 replies
  • 0 Likes

Type: INNR in session id detail.

Hi team, What does INNR represents in type when looking at the session ID details.I know that this happens at child session, when parent session ID belongs to the HTTP/2 ID.If you guys have any idea about what INNR represents, let me know.

Mgmt Traffic over VPN

Hi All, I am looking to deploy a few (4) PA-440's into the field. What is the best way to configure my remote firewalls to send MGMT traffic 3.3.3.3/24 (using loopback) over a vpn to central firewall to pass along to panorama MGMT (10.10.10.10/24) to receive to traffic to manage them remotely. Thanks for the help.

jQuery vulnerability on management interface of PA-3220

Hello all, Our customer is currently using PA-3220 running PAN-OS 11.1.During their recent vulnerability scan, the following CVEs were reported that jQuery used on the Web management interface; CVE-2018-8046CVE-2007-6758 Questions:1. Do these vulnerabilities actually affect? Or false positive from their vulnerability scanner?2. What is the...

kawai818 by L0 Member
  • 644 Views
  • 2 replies
  • 0 Likes

spanning tree portfast for cisco to palo links

I am moving some palo interfaces to a new cisco switch. What is the recommended spanning tree configuration on both palo and cisco sides when connecting these devices? PA(config-if)# spanning-tree port type ?edge Consider the interface as edge port (enable portfast)network Consider the interface as inter-switch linknormal Consider the interfa...

M.Allen by L1 Bithead
  • 1103 Views
  • 1 replies
  • 0 Likes

wrong traffic matching rule

Hi this maybe a simple or dumb question, but I have a rule shown below that has specific sources defined. I thought the rule would only match on those host listed in the source, but when looking at the logs, I can see other source IP's are matching on this rule. Can anyone explain why the other source IP's that are not listed in this rule match ...

palo-rule.jpg
palo-logs.jpg
E.Hinkle by L0 Member
  • 896 Views
  • 1 replies
  • 0 Likes

Resolved! How to add switchport trunk allowed to AE interfaces?

I have a cisco switch which has a trunk to a PA device. On the switch it is configured switchport trunk allowed vlan 120,766,767. How do I add the corresponding configuration on the PA end? The AE2 int already has the .120, .766 and .767 sub interfaces. Does it need configuring to allow the same as the Cisco switch and by creating the sub interf...

M.Allen by L1 Bithead
  • 1830 Views
  • 3 replies
  • 0 Likes

Resolved! Proto in packet capture filter

What is proto in packet capture filter ? The manual only says:Proto—Specify the protocol to filterThe field only seems to accept numbers...

dieter_b by L4 Transporter
  • 8706 Views
  • 5 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks