This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4229 Views
  • 0 replies
  • 0 Likes

Resolved! GUI Access on Public IP

I'm setting up a PA-200 for a remote office and was wondering if anyone could tell me how I would restrict the GUI access on the Public IP to solely 1 range of public IP addresses. As it sits now I have access on any device as long as I have the password and username, I'm not sure if that is the normal default or not but it doesn't really sit we...

BPry by Cyber Elite
  • 12369 Views
  • 5 replies
  • 0 Likes

Resolved! Select PAN-OS version after reboot

In HA upgrade scenario we decided to stop the procedure and downgrade after the 1st FW was upgraded and had issue. But on the 2nd FW software install was already completed but we didn't reboot the FW so it stayed on old version. Does anyone know the CLI commands to show into which version the FW will boot? And how to select to boot to old version?

santonic by L6 Presenter
  • 5448 Views
  • 5 replies
  • 0 Likes

Fun with MS Office 365

Hello Community,Has anyone found a way to allow access to a corp instance in o365 but block all other access? The idea would be so that a corp user can log into the corps instance, however block access to another companies or even personal instance. Thoughts and suggestions are most welcome.

Double NAT return packet dropping in firewall

Can anyone help point out if I am missing something obvious here.... I have a new vendor over an AmazonAWS VPN that I have to double NAT inbound traffic for (because they are using IP ranges that clash with our existing network and best practices, i.e. using 10.0.0.0/24 and public IPs in their private AWS). The VPN comes a a tunnel on a VPN secu...

Resolved! IPSec Tunnel Monitoring for Single Tunnel

Is there any benefit of setting up tunnel monitoring if it’s just one tunnel, i.e. no failover tunnel? Our monitor profile obviously would be to wait for recovery. We have third party alerts for devices on each side of the tunnel should they go down. Any good reason to enable Palo’s tunnel monitor in this case? Wanted to see if there's so...

KGDrake by L0 Member
  • 5383 Views
  • 3 replies
  • 0 Likes

IOT Policy Set creation ability missing?

Why is it that on some devices I am able to click and create policy (highlighted blue), but others like the Lenovo computer, or Dell Computer profiles I am unable to click and create a policy for them from the profiles page? Seems to be related to devices that fall into Device Type:"Traditional IT" or device types that are blank. Maybe a bet...

Sec101_0-1651088583181.png
Sec101 by L4 Transporter
  • 2152 Views
  • 1 replies
  • 0 Likes

URL Filtering > Advanced URL Filtering

Hi,With legacy URL filtering no longer available we've renewed our subs with Advanced URL Filtering instead.The license for this appeared in the support portal but did not come down to the firewall itself (still showing the legacy sub which expires in a week). I can manually download/upload the key from the CSP to the firewall and now it shows b...

SARowe_NZ by L3 Networker
  • 2687 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect and other VPN tools

Hi mates,I was wondering if there are any ways or tools to block the GlobalProtect connection when another type of VPN is up and running. The main goal of this is to get the right country of origin information on the GlobalProtect logs on the firewall which is not possible when another type of VPN is already running on the end-users machine. Tha...

Fail-over VPN site-to-site

Hi, We have a PA with two VPNs configured. VPN-Main is the active one and if this vpn falls, the traffic must go through the other VPN-backup. The fact is that when the active VPN falls, the route that has the Palo Alto continues going through the previous VPN, it does not refresh the route and adds it through the new tunnel.This configuration w...

1.JPG
2.JPG
3.JPG
BigPalo by L4 Transporter
  • 29257 Views
  • 21 replies
  • 0 Likes

Resolved! overlapping subnets in virtual router and NAT

Hi I have two virtual routers say customer-1 and customer-2 having subnets 10.10.10.0/24 (overlapping subnet). Now internet connection line is on eth1/1 which is in default virtual router. Both customer-1 and customer-2 needs to access the internet but I am wondering how source NAT will work in this case?Also for reverse traffic for 10.10.10.0/2...

Resolved! Sweet32,3DES, SHA1,RC4, disable, using "RSA certificate" with SSL/TLS profile

Sweet32,3DES, SHA1,RC4, disable, using "RSA certificate" with SSL/TLS profile Hello good evening, as always thank you very much for your support, please help me to clarify an issue related to weak encryption of TLS/SSL Web-gui using rsa certificate to disable 3DES, SHA1 and RC4, of an SSL/TLS profile for WEB-GUI access and continue negotiating o...

Metgatz by L4 Transporter
  • 3469 Views
  • 1 replies
  • 0 Likes

Globalprotect Certificate Pop-up sometimes?

When connecting to globalprotect, using MFA, sometimes after login there is a certificate popup that details the GP certificate. You have to click ok or cancel. Anyone know what the deal is with this? It's not consistent, and it's not an error, but it is another step and confuses the end users.

Resolved! Having issues with certain pages on Live Community

Hello, I'm currently receiving multiple errors like this:Access Denied You do not have sufficient privileges for this resource or its parent to perform this action. This is not the first time. In the past, I was instructed to log in in to the live community and one of your members(Mitchell Gordon), was able to solve this issue, but now is happen...

How can I see which user access what website

Hi, I'm currently managing a PA-220 and have setup URL-filtering. I can see which IP-addresses that tries to access the blocked websites.Is there any possibility to resolve/match this IP-address to our DHCP server to see exactly which mac/computer it is accessing the blocked sites. We have it setup so all computers on our company network have un...

Unknow email address suffixed on PA Syslog

Few emails are neither registered nor getting suffixed from the Splunk SIEM solution.A TCP dump from the server to identify whether the logs with the email address abcdef@123.com are coming directly from the PA firewall shows that those are from the PA-5220 firewall. Is any email address suffixed on PA Syslog shall it can be removed the email ad...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks