This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4127 Views
  • 0 replies
  • 0 Likes

Resolved! User identification and WinRM on HTTP

Hi to all, before to write i red some post here on the community and i just configured my NGFW and windows domain controllers.Becuase i have every 3 sec an alert about "The server-side authentication level policy does not allow the user AAA\BBB SID (XXX) from address Y.Y.Y.Y activate DCOM server. Please raise the activation authentication level ...

Resolved! Does PAN-OS VPN functionality support MFA?

Hey guys, I'm looking at moving off Sonicwall NSA 3600 and onto a PAN appliance. One factor is that I'm currently using Sonicwall's VPN functionality which has some simple, built-in MFA in the form of TOPT codes that the user must put in each time they connect to the VPN. Its not dependent on any other service so its kind of nice that way. I was...

Resolved! Auto-commit blocking changes - auto-commit scheduled in future

Hi,Currently cannot upgrade a new pa820 (10.1.4), its auto-commit is set to run tomorrow and blocking any updates or current config commits. Does not stop when using 'stop job' from GUI or clear job CLI. Enqueued Dequeued ID PositionInQ Type Status Result Completed----------------------------------------------------------------------------------...

orbcomm by L2 Linker
  • 6317 Views
  • 2 replies
  • 0 Likes

Zone Based Policy in PANOS SD-WAN (not PRISMA)

Hello,In PANOS SD-WAN (not PRISMA), you must either use predefined zones (zone-to-branch, zone-to-hub, etc.), or you can map pre-existing zones to the predefined zones in Panorama. Before SD-WAN, using IPSEC tunnels, we could give each tunnel/branch its own zone and control access very easily. Since SD-WAN requires use of predefined zones, it s...

JayGee by L0 Member
  • 2237 Views
  • 1 replies
  • 0 Likes

Resolved! System log filter - email alerts

I would like to receive email alerts on certain system events, such as when there is a successful login and unsuccessful login attempt from GUI and CLI. (Among other events). The filter for the stem log is looking for certain "strings" or "attributes" Andi have no idea where to find them. Any ideas? Thanks.

roma by L2 Linker
  • 2533 Views
  • 1 replies
  • 0 Likes

Resolved! Custom region not reflecting in "show location ip xxx.xxx.xxx.xxx"

I have an IP address that is showing up in the wrong region, say AM (Armenia) and should be CN (China). I have a support case open to get that fixed, but it has been open for over a week so I want to do a workaround. Ideally I could specify to override this IP address to show up in CN. It seems like this could be done via Objects > Regions ...

Authentication failed captive portal

Hi Expert, We got error message "Invalid username or password" when try login to Captive Portal and affected a lot users. There is no changes made and it is working last 2 days. I look into Solved: LIVEcommunity - captive portal authentication failed LDAP - LIVEcommunity - 32582 (paloaltonetworks.com) but never try yet. Is there anything else...

Oblagonte_0-1650948520679.png

Resolved! VM-500 will it run with 6xCPU?

Hi All, We currently have one customer with two clusters running VM-300, but facing dataplane CPU utilization. Support team has upgraded the VMs to 6xCPU (without knowing that VM-300 only support up to 4). Right now VMs are with 6 CPUs allocated and we are planning to upgrade the vm capacity to VM-500. But I was wondering how the current CPUs w...

Resolved! PAN-OS version is not update on CDL Portal

Hi ,Anyone have some solution for this issue about PAN-OS version is not update on CDL Portal after update to V.9.1.13-h3?Last week I had updated PAN-OS from version 9.1.9 to version 9.1.13-h3 on HA Firewall .I got this issue on the active peer FW.After finished update OS, I check version on the active peer by "show system info" that already sho...

Version_.jpg
Jirapan by L1 Bithead
  • 2690 Views
  • 1 replies
  • 0 Likes

Listing PCAP rules

Does anyone know if there's a way to search for rules within the Palo Alto which have packet capture enabled? I'm trying to see what rules currently collect PCAP and disable the collection of pcap data for noisy signatures.

dgagnon by L1 Bithead
  • 2052 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect Disable Reason

Global Protect Client is setup so that users can disable VPN however they need to input a reason why they disabled the portal. I wanted to know where those disable reasons are stored. Thanks

SIDD76 by L0 Member
  • 11338 Views
  • 5 replies
  • 0 Likes

List NAT tables with static-ip translations

Hello all!I'd like to compile a list of all my NAT tables for static-ip entries for all my firewalls, I don't know if there's a better way to do it but I'm trying to do it by running the following command on my firewalls and recording the output:show running nat-policy | match index\|source\|translate-toThe issue with this one is that it's showi...

TigeRRR by L1 Bithead
  • 7247 Views
  • 6 replies
  • 0 Likes

What to monitor via Solarwinds

Hello -Just looking to see what others monitor for on their Pano/Palo FW within Solarwinds. Is there like a general consensus (best practices) or is it all over the place depending on requirements.

PA3250 in No Rules/Allow All mode and Public IPs

We are currently testing out/learning with a new 3250 in no rules / allow all traffic mode flowing from ISP > Palo > Cisco ASA (Being Retired). We have two public ips routed to two local static IPs and those have stopped working. Would a policy need to be created so the Palo does the routing and not the Cisco.

jpierce by L0 Member
  • 2451 Views
  • 2 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks