This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! No hits on source NAT

Really basic setup here. I'm just trying to get a lab setup going but I'm not able to get out to the Internet. I'm not seeing any hits on my NAT policy and therefore no hits no my security policies. To my knowledge this is setup correctly. I can ping the LAN/WAN interfaces just fine. PA-82010.1.0WAN is ethernet1/1LAN is ethernet1/2 Is ther...

NAT-config.PNG
AtosErik by L0 Member
  • 5001 Views
  • 2 replies
  • 0 Likes

Panorama commit to template error after enabling device and network template

Hello everyone,i have faced a problem when creating a group mapping to get Active directory users from ldap to policies , it didn't works. and after some reseach i've found that i should enable device and network template option in device panorma settings when i did it and creat un ldap profil i have the following error message in commit - Vali...

Desktop Office apps unable to see Microsoft O365 people or resources

Hi,Have two separate issues, but think they are connected by lack of firewall rule somewhere, cannot locate what I am missing thou..Issue1:When I try to use SHARE button inside desktop version of Word/Excel/PPoint to share document, cannot see anyone in drop down, cannot search for any users and in general it's not populating. I don't have that ...

url category with wildcard

I have to create a url category which is would allow anything coming from url x.y.z.com/api-* every time i try to create that custom url category i get the following error "Consecutive asterisks (*) in a URL wildcard pattern can severely impact performance and is not supported. Instead, use a single asterisk or multiple carets (^) to indicate co...

Resolved! Objects Capacity on PA-3400 Series

Hello, Despite my research on the site, I am looking for the following features on the PA-3400 series:- Max Virtual Routers- Max. Security Zones- Max. Security Rule- Max. Address Objects- Max. Address Groups...Thank you for your help

site to site vpn. IKEv2 and fragmentation?

When configuring a site to site IPSEC tunnel, i see that the IKE gateway can be set to allow packet fragmentation or not (DF bit) when using IKEv1. However the option isn't present for IKEv2. Other vendors, such as Cisco, allow the DF bit to be set for IKEv2.Why is this the case with Palo Alto (v9.1.x)?

Resolved! meaning of ms.log - update system boot?

Hi all, I am checking the log of firewall to know the states of firewall issue.I found that there are some log in ms.log as show below2022-XX-XX XX:XX:XX.XXX +0800 update system boot: count = YYYY, timestamp = 2022/XX/XX XX:XX:XX What is the meaning of this log? Is it mean the dataplane reboot at 2022/XX/XX XX:XX:XX, total reboot number is YYYY?...

JoeKwok by L2 Linker
  • 4330 Views
  • 1 replies
  • 0 Likes

GlobalProtect - Multiple Gateways on One IP Address

Good day, Our PA-500 is currently on PANOS 7.0.5-h2. We want to configure GlobalProtect - Multiple Gateways using the same IP Address. Is this possible? We tried to follow the instructions here: http://dsg0.com/t/palo-alto-networks-globalprotect-with-multiple-gateways-on-one-ip-address/122 but we are getting an error that the GlobalProt...

WCCP visibility

Hi All.Yesterday we tried to put PAN Device on a POC with a customer just before traffic reach their Proxy solution. Customer redirect using WCCP web traffic from router to Proxy and we used a PAN port on Palo Alto to receive that WCCP traffic. The Proxy device only has one NIC interface, so at TAP port of PAN we should see WCCP traffic redirect...

CPU core and memory list for each model

Dear Team, I can check the log storage and number of NICs on the compare site and spec sheet provided by paloalto. However, I cannot check the CPU core and main memory for each model. If I have a device, I can access the firewall and check it, but if I don't have it, it cannot be checked. I am looking for a model with CPU 4 Core or higher and ma...

Resolved! HTTP OPTIONS Method Enabled on Panorama

Hi All,I got Vulnerability HTTP OPTIONS Method Enabled on Panorama, the status show OK.curl -k -v -X OPTIONS -x "" https://10.10.10.10/restapi * Mark bundle as not supporting multiuse< HTTP/1.1 200 OK< Date: Wed, 27 Apr 2022 02:47:02 GMT< Content-Type: httpd/unix-directory< Content-Length: 0< Connection: keep-alive< Allow: OPTI...

Resolved! User identification and WinRM on HTTP

Hi to all, before to write i red some post here on the community and i just configured my NGFW and windows domain controllers.Becuase i have every 3 sec an alert about "The server-side authentication level policy does not allow the user AAA\BBB SID (XXX) from address Y.Y.Y.Y activate DCOM server. Please raise the activation authentication level ...

Resolved! Does PAN-OS VPN functionality support MFA?

Hey guys, I'm looking at moving off Sonicwall NSA 3600 and onto a PAN appliance. One factor is that I'm currently using Sonicwall's VPN functionality which has some simple, built-in MFA in the form of TOPT codes that the user must put in each time they connect to the VPN. Its not dependent on any other service so its kind of nice that way. I was...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks