This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4221 Views
  • 0 replies
  • 0 Likes

Get a new firewall?

I presently use a UDMP, and while I'm kind of satisfied with it, I'd like to learn a lot more about networking and be able to use firewalls much more effectively. Hosting my controller won't be a problem because I have several servers. We utilise Palo Alto firewalls in our cyber security department, and they are, to put it mildly, fascinating. I...

Resolved! HIPs check for Client Side Certificate

Is it possible to use HIPs to verify the presence of a Client Side Certificate such as GlobalProtect cert for a computer and also check for cert on a mobile device? If the device has the cert then we would allow it through a firewall policy.

CZellars by L1 Bithead
  • 8758 Views
  • 8 replies
  • 1 Likes

PA-VM 10.0.4 Trial, gets shutdown after a minute.

Hi All, I have received a download link from Palo Alto and downloaded the OVA eval file, after importing the device to the VmWare, it becomes online but after 1-2 minutes gets shutdown. Please let me know how can I resolve the issue. Thanks

pan-shutdown.PNG
verg61 by L1 Bithead
  • 9807 Views
  • 6 replies
  • 1 Likes

when upgrade 5260 to 9.1 and further intefaces are marked "POWER DOWN"

We tried to upgrade our 5260 firewalls (in active active scenario) from 9.0.16-h2 to 9.1 and further the interface don't come up ethernet1/5 68 ukn/ukn/down(power-down) 00:86:9c:60:xx:xx ethernet1/6 69 ukn/ukn/down(power-down) 00:86:9c:60:xx:xx ethernet1/7 70 ukn/ukn/down(power-down) 00:86:9c:60:xx:xx ethernet1/8 71 ukn/ukn/down(power-down) 00:8...

How to Import and Export Address and Address Objects PAN OS 10.1.2

Can anyone advise me on how to import multiple ip addresses in bulk into the firewall? Currently using PAN OS 10.1.2. We have acquired a new location and we have almost 400 objects, ranges, and FQDNs that will need to be imported into our environment. We are also using multiple group consisting of PA5200s, 3200s, and 220s. I would like to be ...

BGP neighbor drop

Hello, Model: PA-5260Version: 9.1.7The device has lost the connection against all the BGP neighbors that are connected through interface ae3. The swtich where the interfaces connect has also lost the connection against the BGP neighbors and also does not show in the logs any failure of the interfaces. Checking the qtrace_routed.log file I have...

Alpalo by L4 Transporter
  • 3715 Views
  • 3 replies
  • 0 Likes

Escalate URL categorisation change

Hello, I was wondering if there is any process for escalating a URL filter change? I have come across a website today called krudplug.net that was categorised as streaming media. This website contains video footage of pornography, extreme violence and injury detail including murders and people being killed in accidents. I blocked the website and...

Resolved! Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

I've just upgraded to 10.1.4-h4 from 9.x code and have noticed that the traffic logs take at least 30 seconds or longer to load. On the previous code it was only a couple of seconds. Mgmnt pane cpu is very low 5%. Anyone have similar problems and fixes?Thank you.

roma by L2 Linker
  • 11059 Views
  • 9 replies
  • 0 Likes

Recommendation Version PA-5220

Hello Everyone!I want to ask about recommendation version for my PAN-OS.Now, my PAN-OS using version 10.1.5-h1, type Palo Alto-5220.Can anyone give me a recommendation to upgrade my PAN OS?

Block IE

Will blocking Internet Explorer from internet access also block MS Edge in IE mode? If so, is there a way to allow Edge in IE mode but still block Internet Explorer?

alowranc by L0 Member
  • 2494 Views
  • 2 replies
  • 0 Likes

URL category change request rejected

Hello Community!We need to change a URL that is tagged under Computer and Internet while it is dedicated to Health ad Medicine and should be tagged accordingly. Our vendor can't access our site as their firewall is blocking anything that is not under Health and Medicine. I have followed the process to make a Category change request (as per exist...

JoseeM by L0 Member
  • 3217 Views
  • 3 replies
  • 0 Likes

Resolved! IPsec Tunnel with Loopback and NAT

Hi I have 2 questions. 1. I want to create an IPSec tunnel, using a loopback interface. This removes a dependency on the main interface ip. ie if the loopback ip is :3.4.5.2, and the main internet ip is changed from 3.4.5.1 to 3.4.5.30, this then doesn't impact the IPSec tunnel. After the IPSec tunnel is online. 2. I want to NAT the communic...

CherieWatts_3-1662410895804.png

Resolved! App-ID Windows-Remote-Managment showing as Web-Browsing

We recently upgraded to 10.1.5-h1 and it appears after the upgrade the Windows-Remote-Managment traffic over tcp5985 is now being identified as Web-browsing. This is causing that traffic to drop. We checked dynamic updates and presently leveraging the latest update released on 5/16. Seeing if this is a growing issue?

unable to renew device certificate

Hi everyone, i'm having an issue regarding the device certificate on a pa-440 panos 10.1.6-h3 at the moment i am getting a a message device certificate not found. but u don't have any options to get a new one in the GUI. is there a way to trigger the check for a certificate in the CLI ?

Devicecert PA 440.jpg

Shadow Rule warning

Hello When apllying a rules in PA I get the warning message re shadow rule.I have two rules where rule 1 allows SSL between source and dest on standard SSL port rule 2 allows SSL between the (same) source and dest on a non standard SSL port I get a warning about rule 1 shadowing rule 2 How can I combine ther two rules so that I do not get that...

RC-BHF by L2 Linker
  • 6718 Views
  • 6 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks