This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

DLP product that will integrate with PA decryption broker?

All the DLP products I have researched require ICAP capability which the PA doesn't support. Does anyone know of a DLP product (network appliance or VM not client based) that will actually work with the decryption broker solution? Please don't suggest the Palo Alto DLP as it was not adequate in our testing.

Resolved! RDP through GP tunnel with a different user.

Hi All, I have a client that has recently run into an issue, after upgrading to PAN OS 10.1.2. When they connect to Global Protect with their username and then try to RDP through the GP tunnel to a server on site using a different user account that is not in the allowed GP user AD group, the GP tunnel looks to freeze (doesn't disconnect) and all...

Ben-Price by L4 Transporter
  • 9297 Views
  • 11 replies
  • 0 Likes

Traffic Logs show 2 different source users from same IP

We are using User Identification and have the user-id agent running on 2 different AD servers. Also using global protect. When looking at traffic logs I can filter on my GlobalProtect VPN IP, I can see the source user of my user account, and a source user of another account. When looking user-id mappings, and look at my VPN IP, I only see my ...

image.png
image.png

failover between sites

Hi, Hi , I have two sites , between sites layer 3 connection is there .single firewall deployed in each site .Now I want to make active standby with these firewalls .How can I do that , does it work without any problem ?What need to be dome to make it work Thanks

site to site.JPG
simsim by L4 Transporter
  • 3497 Views
  • 4 replies
  • 0 Likes

HA - Path Monitoring

Hello, good afternoon everyone, thank you very much for your support and help. I have the following scenario: A pair of firewalls configured in HA, such as Active Passive, model 5250.There are currently 2 links to the Internet, the main link, that is, the active one, is used for the main access for all the general output to the Internet, it has ...

Metgatz by L4 Transporter
  • 3524 Views
  • 1 replies
  • 0 Likes

VPN Site to Site configuration between two PAs

Hi,I've been trying to get clients on the end of two different Palo Altos to be able to ping each other. Everything is green but the IPsec Tunnel doesnt seem to be working. Using tracert, traffic from a client first hops to the LAN Port and then to the opposite end of the tunnel and stops there. I've already created policies that allows traffic ...

smshafek by L1 Bithead
  • 3177 Views
  • 3 replies
  • 0 Likes

Doubt regarding fullbackups firewalls managed from PANORAMA

Hello friends, good evening. I am new to administering Panorama and therefore firewalls through the Panorama console and I have some doubts, mainly with backups, which I hope you can help and support me. Understanding that example I have a firewall managed from Panorama M-200, the firewalls have part of their configuration managed through Device...

Metgatz by L4 Transporter
  • 2978 Views
  • 1 replies
  • 0 Likes

Resolved! External Palo Alto Dynamic List

Hi Team Have a PA220 licensed for Wild fire, Threat prevention, and PANDB URL filtering . Though I had configured the External Dynamic List based on the best practice, I could not get the default PaloAlto Dynamic IP lists feed : Palo Alto Networks - High-risk IP addresses and the Known malicious IP addresses showing up Could someone plea...

Receiving false positive alert for AWS config recording is disabled in Prisma cloud

We tried with the mentioned steps and enabled the recording following below recommendation:1. Sign in to the AWS Management Console2. Select the specific region from the top down, for which the alert is generated3. Navigate to service 'Config' from the 'Services' dropdown.If AWS Config set up exists,a. Go to Settingsb. Click on 'Turn On' button ...

AWS.PNG
Deepak_K by L3 Networker
  • 4137 Views
  • 3 replies
  • 0 Likes

User-id agent timeout integration with dhcp lease timeout

Hi all,let's suppose these conditions: - interface with dhcp enabled, 24 hours lease timeout, ip range (for example) 192.168.3.0/24- user-id agent enabled with 45 minutes timeout- virtual machine environment with non persistent vm, so when a machine is powered off it will be destroyed and recreated with a new mac address- a machine cannot do web...

N2Z2 by L2 Linker
  • 4183 Views
  • 5 replies
  • 0 Likes

Resolved! No hits on source NAT

Really basic setup here. I'm just trying to get a lab setup going but I'm not able to get out to the Internet. I'm not seeing any hits on my NAT policy and therefore no hits no my security policies. To my knowledge this is setup correctly. I can ping the LAN/WAN interfaces just fine. PA-82010.1.0WAN is ethernet1/1LAN is ethernet1/2 Is ther...

NAT-config.PNG
AtosErik by L0 Member
  • 4993 Views
  • 2 replies
  • 0 Likes

Panorama commit to template error after enabling device and network template

Hello everyone,i have faced a problem when creating a group mapping to get Active directory users from ldap to policies , it didn't works. and after some reseach i've found that i should enable device and network template option in device panorma settings when i did it and creat un ldap profil i have the following error message in commit - Vali...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks