This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4468 Views
  • 0 replies
  • 0 Likes

Resolved! IPSec Tunnel Monitoring for Single Tunnel

Is there any benefit of setting up tunnel monitoring if it’s just one tunnel, i.e. no failover tunnel? Our monitor profile obviously would be to wait for recovery. We have third party alerts for devices on each side of the tunnel should they go down. Any good reason to enable Palo’s tunnel monitor in this case? Wanted to see if there's so...

KGDrake by L0 Member
  • 5500 Views
  • 3 replies
  • 0 Likes

IOT Policy Set creation ability missing?

Why is it that on some devices I am able to click and create policy (highlighted blue), but others like the Lenovo computer, or Dell Computer profiles I am unable to click and create a policy for them from the profiles page? Seems to be related to devices that fall into Device Type:"Traditional IT" or device types that are blank. Maybe a bet...

Sec101_0-1651088583181.png
Sec101 by L4 Transporter
  • 2186 Views
  • 1 replies
  • 0 Likes

URL Filtering > Advanced URL Filtering

Hi,With legacy URL filtering no longer available we've renewed our subs with Advanced URL Filtering instead.The license for this appeared in the support portal but did not come down to the firewall itself (still showing the legacy sub which expires in a week). I can manually download/upload the key from the CSP to the firewall and now it shows b...

SARowe_NZ by L3 Networker
  • 2729 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect and other VPN tools

Hi mates,I was wondering if there are any ways or tools to block the GlobalProtect connection when another type of VPN is up and running. The main goal of this is to get the right country of origin information on the GlobalProtect logs on the firewall which is not possible when another type of VPN is already running on the end-users machine. Tha...

Fail-over VPN site-to-site

Hi, We have a PA with two VPNs configured. VPN-Main is the active one and if this vpn falls, the traffic must go through the other VPN-backup. The fact is that when the active VPN falls, the route that has the Palo Alto continues going through the previous VPN, it does not refresh the route and adds it through the new tunnel.This configuration w...

1.JPG
2.JPG
3.JPG
BigPalo by L4 Transporter
  • 29696 Views
  • 21 replies
  • 0 Likes

Resolved! overlapping subnets in virtual router and NAT

Hi I have two virtual routers say customer-1 and customer-2 having subnets 10.10.10.0/24 (overlapping subnet). Now internet connection line is on eth1/1 which is in default virtual router. Both customer-1 and customer-2 needs to access the internet but I am wondering how source NAT will work in this case?Also for reverse traffic for 10.10.10.0/2...

Resolved! Sweet32,3DES, SHA1,RC4, disable, using "RSA certificate" with SSL/TLS profile

Sweet32,3DES, SHA1,RC4, disable, using "RSA certificate" with SSL/TLS profile Hello good evening, as always thank you very much for your support, please help me to clarify an issue related to weak encryption of TLS/SSL Web-gui using rsa certificate to disable 3DES, SHA1 and RC4, of an SSL/TLS profile for WEB-GUI access and continue negotiating o...

Metgatz by L4 Transporter
  • 3555 Views
  • 1 replies
  • 0 Likes

Globalprotect Certificate Pop-up sometimes?

When connecting to globalprotect, using MFA, sometimes after login there is a certificate popup that details the GP certificate. You have to click ok or cancel. Anyone know what the deal is with this? It's not consistent, and it's not an error, but it is another step and confuses the end users.

Resolved! Having issues with certain pages on Live Community

Hello, I'm currently receiving multiple errors like this:Access Denied You do not have sufficient privileges for this resource or its parent to perform this action. This is not the first time. In the past, I was instructed to log in in to the live community and one of your members(Mitchell Gordon), was able to solve this issue, but now is happen...

How can I see which user access what website

Hi, I'm currently managing a PA-220 and have setup URL-filtering. I can see which IP-addresses that tries to access the blocked websites.Is there any possibility to resolve/match this IP-address to our DHCP server to see exactly which mac/computer it is accessing the blocked sites. We have it setup so all computers on our company network have un...

Unknow email address suffixed on PA Syslog

Few emails are neither registered nor getting suffixed from the Splunk SIEM solution.A TCP dump from the server to identify whether the logs with the email address abcdef@123.com are coming directly from the PA firewall shows that those are from the PA-5220 firewall. Is any email address suffixed on PA Syslog shall it can be removed the email ad...

Requiring a certificate for security policy to control access

I have been tasked to lock down access to our devops environment for developers over VPN. Developers using non-corporate assigned assets (workstations & laptops) will only be allowed access to their desktop workstations in-house over RDP. Developers using corporate assigned assets can access all services on the devops network (source repos, ...

How to allow VMware Workstation created VM's to work on physical PA-820?

Hi,My home setup includes PC with multiple NIC's and a VMware Workstation that has my virtual lab (Windows domain controller, 5 ESXi 7 hosts, VCSA and some other stuff) This is licenced via VMUG programme.My main PC goes through one of NIC's direct to PA-820, VMWorkstation is 'bridged' to one of other NIC's I have. Separate subnets. Have create...

20220705-PA_NAT.JPG
20220705-PA_secpolicy.JPG
R.Tryba by L1 Bithead
  • 2551 Views
  • 1 replies
  • 0 Likes

Panorama template push fails unless a device group is pushed with it.

When committing a template only change from panorama to managed firewalls in a HA pair the commit fails. When committing a template change along with a device group change it succeeds.Template only changes commit fine when being pushed down to managed standalone firewalls.All devices are running PAN-OS 10.1.5-h2Reviewed the panorama logs along w...

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks