This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4124 Views
  • 0 replies
  • 0 Likes

Fail-over VPN site-to-site

Hi, We have a PA with two VPNs configured. VPN-Main is the active one and if this vpn falls, the traffic must go through the other VPN-backup. The fact is that when the active VPN falls, the route that has the Palo Alto continues going through the previous VPN, it does not refresh the route and adds it through the new tunnel.This configuration w...

1.JPG
2.JPG
3.JPG
BigPalo by L4 Transporter
  • 28932 Views
  • 21 replies
  • 0 Likes

Resolved! overlapping subnets in virtual router and NAT

Hi I have two virtual routers say customer-1 and customer-2 having subnets 10.10.10.0/24 (overlapping subnet). Now internet connection line is on eth1/1 which is in default virtual router. Both customer-1 and customer-2 needs to access the internet but I am wondering how source NAT will work in this case?Also for reverse traffic for 10.10.10.0/2...

Resolved! Sweet32,3DES, SHA1,RC4, disable, using "RSA certificate" with SSL/TLS profile

Sweet32,3DES, SHA1,RC4, disable, using "RSA certificate" with SSL/TLS profile Hello good evening, as always thank you very much for your support, please help me to clarify an issue related to weak encryption of TLS/SSL Web-gui using rsa certificate to disable 3DES, SHA1 and RC4, of an SSL/TLS profile for WEB-GUI access and continue negotiating o...

Metgatz by L4 Transporter
  • 3406 Views
  • 1 replies
  • 0 Likes

Globalprotect Certificate Pop-up sometimes?

When connecting to globalprotect, using MFA, sometimes after login there is a certificate popup that details the GP certificate. You have to click ok or cancel. Anyone know what the deal is with this? It's not consistent, and it's not an error, but it is another step and confuses the end users.

Resolved! Having issues with certain pages on Live Community

Hello, I'm currently receiving multiple errors like this:Access Denied You do not have sufficient privileges for this resource or its parent to perform this action. This is not the first time. In the past, I was instructed to log in in to the live community and one of your members(Mitchell Gordon), was able to solve this issue, but now is happen...

How can I see which user access what website

Hi, I'm currently managing a PA-220 and have setup URL-filtering. I can see which IP-addresses that tries to access the blocked websites.Is there any possibility to resolve/match this IP-address to our DHCP server to see exactly which mac/computer it is accessing the blocked sites. We have it setup so all computers on our company network have un...

Unknow email address suffixed on PA Syslog

Few emails are neither registered nor getting suffixed from the Splunk SIEM solution.A TCP dump from the server to identify whether the logs with the email address abcdef@123.com are coming directly from the PA firewall shows that those are from the PA-5220 firewall. Is any email address suffixed on PA Syslog shall it can be removed the email ad...

Requiring a certificate for security policy to control access

I have been tasked to lock down access to our devops environment for developers over VPN. Developers using non-corporate assigned assets (workstations & laptops) will only be allowed access to their desktop workstations in-house over RDP. Developers using corporate assigned assets can access all services on the devops network (source repos, ...

How to allow VMware Workstation created VM's to work on physical PA-820?

Hi,My home setup includes PC with multiple NIC's and a VMware Workstation that has my virtual lab (Windows domain controller, 5 ESXi 7 hosts, VCSA and some other stuff) This is licenced via VMUG programme.My main PC goes through one of NIC's direct to PA-820, VMWorkstation is 'bridged' to one of other NIC's I have. Separate subnets. Have create...

20220705-PA_NAT.JPG
20220705-PA_secpolicy.JPG
R.Tryba by L1 Bithead
  • 2492 Views
  • 1 replies
  • 0 Likes

Panorama template push fails unless a device group is pushed with it.

When committing a template only change from panorama to managed firewalls in a HA pair the commit fails. When committing a template change along with a device group change it succeeds.Template only changes commit fine when being pushed down to managed standalone firewalls.All devices are running PAN-OS 10.1.5-h2Reviewed the panorama logs along w...

External DNS resolution for specific domains

Hello, I am trying to look for a solution to an issue we have whereas we don't want to add routes from Azure (via ExpressRoute) to an on premise for public IP's for which Azure devices need to connect to via a Palo Alto firewall and across a VPN to a 3rd party. At the moment we have configured an FQDN NAT on our Palo Alto firewalls (where the c...

StuartS by L1 Bithead
  • 2571 Views
  • 1 replies
  • 0 Likes

Remove Multiple Saved Config files from CLI?

I recenlty received an alert for /opt/pancfg at 80% full. It looks like there must be a bug in a PAN-OS version that seemed to be saving off configs every hour, with a random naming convention of "5rkswfabcbep_5syszjl7hw0j.txt" There are hundreds of these files dating back to last year. It doesn't work when you try to specify a wildcard (*) to...

Global protect enforcer and public wifi captive portal

Dear community, We have deployed Prisma access Global protect [agent 5.2.9], enabling network enforcer and captive portal detection [ 10 min timer and captive portal message].We are experiencing mixed results with users getting an error web page when joining the public wifi.We are able to get more consistent results when network enforcer is disa...

Allowing PIA VPN in home network

Hi all,Quite new to managing NGFW, please be patient.I have PA-820 looking after my home network, no domain, few computers, using it to learn more than anything else, but since I have it want to use it fully.I want my Private Internet Access VPN to access Internet without decryption, I am failing to make that exception.Protocol I want to use is ...

R.Tryba by L1 Bithead
  • 4474 Views
  • 2 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks