This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4257 Views
  • 0 replies
  • 0 Likes

Resolved! How to configure a site to site VPN with Self signed certificate

Hello folks, This might be a newbie type of question so I appreciate your patience..... I need to create a site to site VPN using a self signed certificate. I'm happy to do the site to site VPN. But ........... I'm not sure how to use self signed certs for doing this. Does anyone have any procedure of how to do this using certificates? Are there...

Jedi_D by L2 Linker
  • 6776 Views
  • 4 replies
  • 0 Likes

Resolved! Creating CSR with SAN via API calls

Hi, I am trying to create CSR via API calls with subject alternate name for hostname and ip address, but I cannot find it in documentation. Simple creation of CSR works for mehttps://10.XX.XX.XX/api?type=op&cmd=<request><certificate><generate><certificate-name>apicert</certificate-name><name>testing</na...

nm2025 by L0 Member
  • 1814 Views
  • 2 replies
  • 0 Likes

Type: INNR in session id detail.

Hi team, What does INNR represents in type when looking at the session ID details.I know that this happens at child session, when parent session ID belongs to the HTTP/2 ID.If you guys have any idea about what INNR represents, let me know.

Mgmt Traffic over VPN

Hi All, I am looking to deploy a few (4) PA-440's into the field. What is the best way to configure my remote firewalls to send MGMT traffic 3.3.3.3/24 (using loopback) over a vpn to central firewall to pass along to panorama MGMT (10.10.10.10/24) to receive to traffic to manage them remotely. Thanks for the help.

jQuery vulnerability on management interface of PA-3220

Hello all, Our customer is currently using PA-3220 running PAN-OS 11.1.During their recent vulnerability scan, the following CVEs were reported that jQuery used on the Web management interface; CVE-2018-8046CVE-2007-6758 Questions:1. Do these vulnerabilities actually affect? Or false positive from their vulnerability scanner?2. What is the...

kawai818 by L0 Member
  • 730 Views
  • 2 replies
  • 0 Likes

spanning tree portfast for cisco to palo links

I am moving some palo interfaces to a new cisco switch. What is the recommended spanning tree configuration on both palo and cisco sides when connecting these devices? PA(config-if)# spanning-tree port type ?edge Consider the interface as edge port (enable portfast)network Consider the interface as inter-switch linknormal Consider the interfa...

M.Allen by L1 Bithead
  • 1173 Views
  • 1 replies
  • 0 Likes

wrong traffic matching rule

Hi this maybe a simple or dumb question, but I have a rule shown below that has specific sources defined. I thought the rule would only match on those host listed in the source, but when looking at the logs, I can see other source IP's are matching on this rule. Can anyone explain why the other source IP's that are not listed in this rule match ...

palo-rule.jpg
palo-logs.jpg
E.Hinkle by L0 Member
  • 948 Views
  • 1 replies
  • 0 Likes

Resolved! How to add switchport trunk allowed to AE interfaces?

I have a cisco switch which has a trunk to a PA device. On the switch it is configured switchport trunk allowed vlan 120,766,767. How do I add the corresponding configuration on the PA end? The AE2 int already has the .120, .766 and .767 sub interfaces. Does it need configuring to allow the same as the Cisco switch and by creating the sub interf...

M.Allen by L1 Bithead
  • 1947 Views
  • 3 replies
  • 0 Likes

Resolved! Proto in packet capture filter

What is proto in packet capture filter ? The manual only says:Proto—Specify the protocol to filterThe field only seems to accept numbers...

dieter_b by L4 Transporter
  • 8876 Views
  • 5 replies
  • 0 Likes

Adobe Creative Cloud update and PaloAlto Content-ID

Hello, We have several of our users that are using well-known Creative Cloud client to download/manage/update/upload/assess/enhance/whatever their wonderfull Adobe softwares (Aftereffect, DreamWeaver, ...) We have a PA with application-based policies. We deny all traffic that rely on "ms-update" application by default (because we have WSUS in pl...

PAN-OS 11.2.8 ETA

Hi All, i would like to know the ETA of the PAN-OS 11.2.8 as per last PA TAC mention that the 11.2.8 tentative release date of june 25 but so far no info of the release yet this is to fix for GUI display issue with SAML SLO url. thank you

Advice on dual isp, getting dns to work

Hello all, I currently have a PA440 and I have 2 isp's, ATT and comcast which will be our backup and it's my 1st time setting this up, we are a small business of about 80 users, I already followed how to configure dual isp redundancy on the links provided here, but can't seem to get the right direction on how to get dns to work once the failover...

cdcirexx by L3 Networker
  • 3238 Views
  • 8 replies
  • 0 Likes

Moving an AE1 OSPF transit link into another AE port what changes will be required?

Hi all, I am looking to move an existing AE1 interface which operates as an single OSPF transit to another AE3 port with other sub interfaces also configured. What changes should be completed and considered when doing this to retain network connectivity? Existing port New port I have amended the virtual router to use the new AE3.3501 int...

MAllen_0-1755771816444.png
MAllen_1-1755771857850.png
MAllen_2-1755771937970.png
MAllen_4-1755772823439.png
M.Allen by L1 Bithead
  • 1469 Views
  • 1 replies
  • 0 Likes

PA-820 Support renewal

Hi All, Our current PA-820 support is due to expire in October, so I requested a renewal quote, and our vendor is stating that paloalto is declining to extend support. Has anyone had similar feedback from resellers and or paloalto regarding their non-EoL PA device who's support is due to expire (in approximately two months time)? According to pa...

  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks