This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Certificate

Hi Team, I have four DC and each DC has HA PA firewall. I have generate CSR from one DC firewall. After i received a sign in certificate from the one i Generate CSR. will that certificate be used in different DC firewall. Its a GP certificate.

Resolved! Dynamically update Microsoft Office URLs and IPs

Does anyone have any suggestions to dynamically update Microsoft Office 365 (including Sharepoint and Teams) URLs and IPs? Having to update a list of IPs and URLs is impractical and time consuming. Microsoft keeps updating their backend infrastructure through various CDNs, and having to update this has been time-consuming and tedious. How are ot...

Benzito by L1 Bithead
  • 13891 Views
  • 4 replies
  • 0 Likes

Resolved! Can only access DMZ server using private address, U-turn NAT not working

Configuring a new PA-850, new to this so go easy on me. I have three zones, internal, outside, DMZ. DMZ webserver Private IP = 192.168.2.16 Public IP = 212.12.34.56 I have created two NAT rules as follows: internal u-turn to DMZ source zone = internal dest zone = outside dest address = 212.12.34.56 dest translated address = 192.168.2.16 ...

WilliamD by L1 Bithead
  • 4035 Views
  • 2 replies
  • 0 Likes

Ping request traffic blocked by app id ICMP type 8

All of sudden ping request traffic got blocked by application filter ID ICMP type 8. It was permitting by app ID "ping", suddenly the request is detected as "ICMP type 8" in the logs and blocked. This is for all the traffic which was permitting through "ping" APP ID. Was there any update in signature?

Best guides for new Firewall Deployment

I am deploying a new firewall for a PoC however I am having some issues. I have deployed and activated the server on Azure, I am using VM-Series. However despite on the Azure side there being no restrictions, there server is not able to connect to the internet for updates. I must be missing something basic in understand/setup so any pointers wou...

Nhussain by L1 Bithead
  • 4211 Views
  • 5 replies
  • 1 Likes

Get a new firewall?

I presently use a UDMP, and while I'm kind of satisfied with it, I'd like to learn a lot more about networking and be able to use firewalls much more effectively. Hosting my controller won't be a problem because I have several servers. We utilise Palo Alto firewalls in our cyber security department, and they are, to put it mildly, fascinating. I...

Resolved! HIPs check for Client Side Certificate

Is it possible to use HIPs to verify the presence of a Client Side Certificate such as GlobalProtect cert for a computer and also check for cert on a mobile device? If the device has the cert then we would allow it through a firewall policy.

CZellars by L1 Bithead
  • 8597 Views
  • 8 replies
  • 1 Likes

PA-VM 10.0.4 Trial, gets shutdown after a minute.

Hi All, I have received a download link from Palo Alto and downloaded the OVA eval file, after importing the device to the VmWare, it becomes online but after 1-2 minutes gets shutdown. Please let me know how can I resolve the issue. Thanks

pan-shutdown.PNG
verg61 by L1 Bithead
  • 9718 Views
  • 6 replies
  • 1 Likes

when upgrade 5260 to 9.1 and further intefaces are marked "POWER DOWN"

We tried to upgrade our 5260 firewalls (in active active scenario) from 9.0.16-h2 to 9.1 and further the interface don't come up ethernet1/5 68 ukn/ukn/down(power-down) 00:86:9c:60:xx:xx ethernet1/6 69 ukn/ukn/down(power-down) 00:86:9c:60:xx:xx ethernet1/7 70 ukn/ukn/down(power-down) 00:86:9c:60:xx:xx ethernet1/8 71 ukn/ukn/down(power-down) 00:8...

How to Import and Export Address and Address Objects PAN OS 10.1.2

Can anyone advise me on how to import multiple ip addresses in bulk into the firewall? Currently using PAN OS 10.1.2. We have acquired a new location and we have almost 400 objects, ranges, and FQDNs that will need to be imported into our environment. We are also using multiple group consisting of PA5200s, 3200s, and 220s. I would like to be ...

BGP neighbor drop

Hello, Model: PA-5260Version: 9.1.7The device has lost the connection against all the BGP neighbors that are connected through interface ae3. The swtich where the interfaces connect has also lost the connection against the BGP neighbors and also does not show in the logs any failure of the interfaces. Checking the qtrace_routed.log file I have...

Alpalo by L4 Transporter
  • 3658 Views
  • 3 replies
  • 0 Likes

Escalate URL categorisation change

Hello, I was wondering if there is any process for escalating a URL filter change? I have come across a website today called krudplug.net that was categorised as streaming media. This website contains video footage of pornography, extreme violence and injury detail including murders and people being killed in accidents. I blocked the website and...

Resolved! Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

I've just upgraded to 10.1.4-h4 from 9.x code and have noticed that the traffic logs take at least 30 seconds or longer to load. On the previous code it was only a couple of seconds. Mgmnt pane cpu is very low 5%. Anyone have similar problems and fixes?Thank you.

roma by L2 Linker
  • 10912 Views
  • 9 replies
  • 0 Likes

Recommendation Version PA-5220

Hello Everyone!I want to ask about recommendation version for my PAN-OS.Now, my PAN-OS using version 10.1.5-h1, type Palo Alto-5220.Can anyone give me a recommendation to upgrade my PAN OS?

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks