This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4104 Views
  • 0 replies
  • 0 Likes

Resolved! Dual ISP - Will not activate dual default gateway routes

I just installed a firewall for a customer last night and it absolutely refuses to activate the default route for both ISPs in the virtual router. Only 1 will go active at a time. The intent is to just use route monitoring and use the primary ISP unless it goes down. The primary ISP static default route is created with a route monitor.The back...

traylorm by L1 Bithead
  • 3522 Views
  • 1 replies
  • 0 Likes

Identify the user account while using RDP on desktop

Hi,This is just an query, so that I can understand this topic better. Bear with me, since I am not a network specialist.EnvironmentUser works remotely on a laptop and uses GlobalProtect VPN client to remote in on a desktopThe desktop is located in the office, which allows the user to RDP in on it from any location outside the officeThe desktop i...

Multiple IKE crypto profiles on individual interfaces for multiple IPSEC tunnels

Hi, In 2021 we ran into the issue where it seemed between PA-OS 8.1.x and 9.0.x/9.1.x Palo began either via a feature or bug introduced began enforcing the scenario in the subject line and began dropping tunnels after upgrading and causing issues with HA pairs. Define IKE Crypto Profiles (paloaltonetworks.com) At the time Palo identified the abo...

Z33Z by L0 Member
  • 2718 Views
  • 1 replies
  • 0 Likes

Resolved! software update for PA-820 without support contract

hello all,my organization has a PA-820 at a branch location that's been a little neglected. it doesn't have a support contract and it's currently running panos 9.0. I would like to upgrade this at the very least to 9.1, but I'm having difficulty locating the image online to do the upgrade manually. anyone have a link to the software repositories...

Resolved! MFG part numbers confusion

Hello all,Is there an official document from Palo Alto that lists their MFG part #'s?For example if I'm looking to purchase a 1 year subscription for my 3220 stand alone firewall I need to know the license part # to purchase. The frustrating part is that different websites list different MFG for the same product and its confusing. For example on...

roma by L2 Linker
  • 2452 Views
  • 1 replies
  • 0 Likes

Multiple IPSec tunnels, single external IP

Looking to set up a POC with a PA-820 that has the followingIPSec VPN site-to-site between our local facility and 3 partner networksSingle external IP, 3 tunnels (IKE P2)NAT to a single host on our local private networkIs this reasonable/possible?

digdoug by L0 Member
  • 4166 Views
  • 1 replies
  • 0 Likes

Resolved! Default PANOS for PA series

Hello, Anyone have the ideas how to check online what is the default PANOS which ship with PA series FW?I have PA-3220 ordered last Nov and it will arrive soon.Many thanks,

Failed exporting config bundle via ssh

Failed exporting config bundle via ssh to servername.com /tmp/pan/pano_name_20220106.tgz: No such file or directory..Killed by signal 1..' It was working, but suddenly has stopped. "Test SCP server connection" works and drops the test file in the correct location. Scheduled Config Export job fails with the above error however. Any ideas on how...

Resolved! Installing a new cert

For Global Protect I currently have a server cert on my PAN 3220. When i imported it it had the entire chain - root, intermediate and the server cert. That server cert is now nearing expiration. I gave our cert manager a CSR from the PAN and I now have the new .PEM formatted server cert with longer expiry and the chain which includes the root an...

palomed by L3 Networker
  • 2376 Views
  • 1 replies
  • 0 Likes

PRISMA SD-WAN

Is Palo Alto dropping support for PRISMA SDWAN? A lot of the older but detailed CG branded docs are gone, but there are no new Palo Docs to replace them? I'm interested in implementing the Cloudblades, and all the site links take me in a loop of marketing material, and explanations of how great it is, but I can't find one doc that even list ...

4cls by L0 Member
  • 2545 Views
  • 1 replies
  • 0 Likes

Where do you get additional threat feeds from

Hello All,Just curious as to what additional threat feeds you use to ingest into your PAN. Here are some of the ones we use:Threat intelligence blocklistshttps://talosintelligence.com/documents/ip-blacklisthttp://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txthttp://panwdbl.appspot.com/http://www.spamhaus.org/drop/drop.txthttp://www.spa...

FQDN URLs that change IP addresses quickly

PA-3220 Active/Standby Pair10.0.8-h8 We have a URL we tried adding to a negate policy for inside to outside decryption. This resolves the ability to pull credit reports into our core financial system. However the problem is still intermittent. Its added as an FQDN object. Here's the thing, If I do an nslookup or go to digwebinterface.com and ...

ksauer507 by L3 Networker
  • 6951 Views
  • 5 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks