This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4435 Views
  • 0 replies
  • 0 Likes

Resolved! Palo Alto PA-3220 replace Bluecoat Proxy

Hi Guys, Does anyone tried to use PA-3220 model as proxy server? Currently the internet traffic of my company is using bluecoat proxy with pac file (config in windows proxy setting), and the proxy also inline with sourcefire for doing SSL interception, IPS/IDS. I'm investigating can this model replace the bluecoat proxy. Can I define the PAC to ...

Resolved! Switch port configuration for management interface on HA pair

Are there any recomendations or requirements to configure a switch port for management interface for a PA firewall?Should it be an access port or could it be a 802.1q port (trunk mode)?Are there any recomendations to enable/disable/specify lldp/cdp/vtp/igmp/spf on switch port for management interface?If the management interface will be used for ...

PA_mgmt_interface.jpg

Fast DNS Resolution Issues

Hello Community, I checking to see what everyone is doing for their allow lists for some thing like an S3 bucket. Scenario: Lets say my server has no internet access due to policies denying the traffic. I then create an object, FQDN, xyz-s3.amazon[.]com (just as an example), add it to a policy that allows my server to access just that s3 buc...

Reference guide to configuration xpath and entry?

Is there any PA published document for the node paths and entries in the configuration file? And how do you tell if something is a path or an entry in the config? It seems extremely painful to try and figure out an xpath to pull the data you want. Searching the forums and KB has some hints, but no over arching config format information. For inst...

Resolved! Prisma SD-WAN application SLA setup?

Where can I know how to setup the application SLA condition? I read some Prisma SD-WAN Administrator’s Guide, I seen there are lot of function to enable Path selection and monitoring based on the Link Quality, SLA. But how can I set the SLA of the application such as Packet Loss, Jitter, and Latency? For example, I would like to setup access You...

JoeKwok by L2 Linker
  • 4413 Views
  • 3 replies
  • 0 Likes

Antivirus Security Profile

Hi everybody, i've enabled and configured an antivirus security profile and attached to a security policy for web-traffic as i see web-traffic can be antivirus-scanned, but my problem is: traffic is identified as ultrasurf with port 8080 so antivirus does not scan, how can i handle this problem? regards

Resolved! Can't advertise static route over ebgp

Hi all, i'm not having much joy getting this working.I have created a static route for a subnet which I am trying to advertise to an eBGP peer.I then created a redistribution profile with only static enabledI then added that profile under bgp Redist Rules.The BGP peering is definitely established and I am able to redistribute a Connected route n...

Mushussu by L0 Member
  • 7819 Views
  • 3 replies
  • 0 Likes

Resolved! Static Route Question

I just have a question about static routing on the palo alto and how it deals with traffic. We one VR and a default network route to send traffic for 10.20.0.0/16 out via ethernet 1/5 , zone core. There is another interface 1/6 configured with 10.20.50.1/24 zone lab. On the lan by default all traffic get sent to the firewall. Outbound traffi...

MistryJa by L1 Bithead
  • 2999 Views
  • 3 replies
  • 0 Likes

compatibility

Dear Gents.Kindly, i have a Cisco catalyst 9500 switch, my question, what is the last product of Palo alto firewall compatible with my cisco 9500 switch? thanks.

SDWAN - DIA anypath -Scenario?

Im still trying to get a grasp of the concept of SDWAN - DIA anypath. The components and configuration are pretty straight forward but the "why/when" is not making sense. The main scenario that's proposed is "when you want to fail over to using the internet at another site (over the vpn) when local DIA is not available." Again, I must be miss...

smarcyes by L1 Bithead
  • 5446 Views
  • 6 replies
  • 0 Likes

In Progress: Device Updates / Content Publishing

Incident Report for Content Publishing is Failing: Palo Alto Networks Cloud Services — If you are unable to retrieve new updates for devices, please stay up-to-date on the issue and its resolution via the status page.

jforsythe by Community Team Member
  • 2538 Views
  • 1 replies
  • 1 Likes

using Snmp3 to backup PA

Solarwinds Network Config Manager has the ability to use SNMP3 to backup PA config. See below link.https://thwack.solarwinds.com/product-forums/network-configuration-manager-ncm/i/feature-requests/backup-palo-alto-configuration-with-solarwinds-ncm-config-backups But the article doesn't include the SNMP3 string to do the backup. Anybody got a SN...

"end" but no "start" log while session breakdown. logging set to start and end of session

Hello, we have the following issue: Customer complains, that their web services, that are reachable from the internet through a palo alto firewall, show sporadic breakdown of incoming ssl connections for a couple of minutes. After analyzing the logs on the palo alto, I see in the corresponding time frame log entries with type session "end", but ...

  • 24374 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks