This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4127 Views
  • 0 replies
  • 0 Likes

API query from panorama to get IPsec tunnel data

API query from panorama to get IPsec tunnel datatried the following queries:http(s)://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=<generated-key>https://IP//restapi/v10.0/Network/IPSecTunnelshttps://IP/api/?type=o...

DNS Resolution stops after ~10s after connecting with GlobalProtect

Hello...Many of my end users are now reporting that after approximately 10 minutes of logging to VPN using the GlobalProtect client they lose DHS resolution to internal and external resources. For example, when this happens. Users cannot access or even ping a server, by either its FQDN or by IP number. In addition, users also report they cannot ...

aimsnss by L1 Bithead
  • 15423 Views
  • 11 replies
  • 4 Likes

ACC is not loading post upgrading to 8.1.23

ACC is not displaying any data, it shows as "in progress". Recently Panorama and managed firewalls are upgraded to 8.1.23 post upgrade we ran into this issue. Tried restarting the management server but it didn't helped. Shall I try restarting the dataplane?Looking for the experts advise. Any suggestion and helps are highly appreciated.

Possible to remove/deactivate my vm-series license which the firewall is offline/unreachable?

My old vm firewall is no longer in used and not connected anymore. Is it possible to re-use the license key on another firewall without perform the deactivation on the VM itself (because it has been disconnected and removed already)? I tried to use the Auth code to activate my new firewall, however it showed error as below. Any ideas? T...

SeanDeHarris_0-1657268581459.png

TCP 443 Web Server Allows Password Auto-Completion

Hello dear community, good afternoon: Please your support: I tell you about an "X" vendor vulnerability scan tool, I detect the following vuln against the IP of the MGT WEB-GUI of the Firewall. Problem,inconvenience, vulnerability against the WEB-GUI/MGT of the firewall directly: Details:Low TCP 443 Web Server Allows Password Auto-Completion...

Metgatz by L4 Transporter
  • 11470 Views
  • 1 replies
  • 0 Likes

Tracing external IPs back to internal IPs at a specific moment in time...

In the course of tracking down security vulnerabilities, I find myself trying to trace External IPs (from external security scan reports) back to Internal IPs at a specific moment in time (the timestamp from the scan report). Most of the time, it's very simple, as many internal IPs are NAT'd 1-to-1 to external IPs. Those tend to stay static. But...

Resolved! How to remove SSH weak algorithms and not impact ipsec tunnels.

Hello, good evening. Thank you very much in advance for your help and support as always. Checking this link: https://live.paloaltonetworks.com/t5/general-topics/how-to-remove-ssh-weak-algorithms/td-p/285933#:~:text=Next%20Topic-,1%20ACCEPTED%20SOLUTION , -Reaper Fair, but fair (murphy) I need to apply these settings at the SSH and SSL/TLS leve...

Metgatz by L4 Transporter
  • 9431 Views
  • 8 replies
  • 0 Likes

Resolved! GUI Access on Public IP

I'm setting up a PA-200 for a remote office and was wondering if anyone could tell me how I would restrict the GUI access on the Public IP to solely 1 range of public IP addresses. As it sits now I have access on any device as long as I have the password and username, I'm not sure if that is the normal default or not but it doesn't really sit we...

BPry by Cyber Elite
  • 12273 Views
  • 5 replies
  • 0 Likes

Resolved! Select PAN-OS version after reboot

In HA upgrade scenario we decided to stop the procedure and downgrade after the 1st FW was upgraded and had issue. But on the 2nd FW software install was already completed but we didn't reboot the FW so it stayed on old version. Does anyone know the CLI commands to show into which version the FW will boot? And how to select to boot to old version?

santonic by L6 Presenter
  • 5366 Views
  • 5 replies
  • 0 Likes

Fun with MS Office 365

Hello Community,Has anyone found a way to allow access to a corp instance in o365 but block all other access? The idea would be so that a corp user can log into the corps instance, however block access to another companies or even personal instance. Thoughts and suggestions are most welcome.

Double NAT return packet dropping in firewall

Can anyone help point out if I am missing something obvious here.... I have a new vendor over an AmazonAWS VPN that I have to double NAT inbound traffic for (because they are using IP ranges that clash with our existing network and best practices, i.e. using 10.0.0.0/24 and public IPs in their private AWS). The VPN comes a a tunnel on a VPN secu...

Resolved! IPSec Tunnel Monitoring for Single Tunnel

Is there any benefit of setting up tunnel monitoring if it’s just one tunnel, i.e. no failover tunnel? Our monitor profile obviously would be to wait for recovery. We have third party alerts for devices on each side of the tunnel should they go down. Any good reason to enable Palo’s tunnel monitor in this case? Wanted to see if there's so...

KGDrake by L0 Member
  • 5306 Views
  • 3 replies
  • 0 Likes

IOT Policy Set creation ability missing?

Why is it that on some devices I am able to click and create policy (highlighted blue), but others like the Lenovo computer, or Dell Computer profiles I am unable to click and create a policy for them from the profiles page? Seems to be related to devices that fall into Device Type:"Traditional IT" or device types that are blank. Maybe a bet...

Sec101_0-1651088583181.png
Sec101 by L4 Transporter
  • 2121 Views
  • 1 replies
  • 0 Likes

URL Filtering > Advanced URL Filtering

Hi,With legacy URL filtering no longer available we've renewed our subs with Advanced URL Filtering instead.The license for this appeared in the support portal but did not come down to the firewall itself (still showing the legacy sub which expires in a week). I can manually download/upload the key from the CSP to the firewall and now it shows b...

SARowe_NZ by L3 Networker
  • 2640 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect and other VPN tools

Hi mates,I was wondering if there are any ways or tools to block the GlobalProtect connection when another type of VPN is up and running. The main goal of this is to get the right country of origin information on the GlobalProtect logs on the firewall which is not possible when another type of VPN is already running on the end-users machine. Tha...

  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks