This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

Paloalto routing an IPSEC tunnel to another router

Hello, I'm trying to create a tunnel between R1 (OpnSense) and R3 (Sophos), R2 is the Paloalto that NATs a dedicated wan IP to interface1/2 (private TRUST LAN) where is locally connected the Sophos. R1 (Opnsense) <-----> R2 (Paloalto NAT 1:1) <-----> R3 (Sophos) I have setup all the IPSEC IKE2 tunnels on R1 and R3, on R2 i did ...

alexcoxie_0-1750750937204.png
alexcoxie_1-1750751072579.png
alexcoxie_2-1750751152487.png
alexcoxie_3-1750751174390.png

Automated backups from Panorama

Hi Guys I have a HA FW Palo Alto, which are managed by a PANORAMA. Is it possible to do the automated task, to send a BACKUP of the FW configuration, on a daily basis, but from the PANORAMA? The best option in this scenario, in your experience, is to send the backups from the same FW? Or is it better to do the configuration only from the PANORAM...

Matlu_NN by L2 Linker
  • 1124 Views
  • 2 replies
  • 0 Likes

Wildfire submission log issue

Hello Team, I am navigating through the wildfire submission logs but I cannt download the file or submit verdict request chage. why that? I have full control as administrator, any ideas? TIA

Resolved! Authentication with PA440 using Microsoft 365 Entra ID

We are in the cloud with Azure GCC High environment and have no on prem AD. We are searching to see if there is a way to set up our PA440 to authenticate for a VPN using the user accounts on Entra ID in M365? Does anyone have any experience with this? Thanks,

B.Vance by L1 Bithead
  • 1744 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama Management of Remote HA PAN Pairs over a VPN

I have Panorama at our central site to manage PANs. I have several HA Pairs (PA-220 devices) that are remote and connect to Panoram via a VPN. Currently on the remote PAN HA pairs, Panorama can only fully manage the primary PAN. The secondary PAN of the HA pair is not reachable via Panorama. I can sync the config from the primary PAN to the se...

duckboy by L0 Member
  • 5886 Views
  • 4 replies
  • 0 Likes

Queries on IPv6 to IPv4 Conversion

Can anyone answer and provide the clarification on to the below queries. Does Palo Alto support IPv6-to-IPv4 NAT without a DNS64 server? 2. Does Palo Alto support /128 IPv6 addresses in NAT?

Filter Certain Search Strings using URL Filtering stopped working

We set up a custom URL category proxy-search following the instruction here https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Filter-Certain-Search-Strings-using-URL-Filtering/ta-p/52441This worked fine but recently it has stopped working. Students can now type the search words we block on the list in Google and they can search ...

Bootp

We have discovered a few bootp devices which are unable to get an ip - looks like unsupported with Palo. Anyone have come across this issue and have a suggested work around?

clewis1 by L3 Networker
  • 2854 Views
  • 1 replies
  • 0 Likes

Resolved! XML API for Global Search

Hi All,I am trying to test XML API for global search . I am trying to use for search security rule with given description . ANy help for this.

Resolved! Can this OID notificate the expired certificates for SSL decryption and Global Protect?

Hi, I found the below OID in SNMP Trap.Can this OID notificate the expired certificates for SSL decryption and Global Protect? https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBfzCAG ====panCryptoCertExpiryTrap .1.3.6.1.4.1.25461.2.1.3.2.0.100 Certificate expired==== Best regards,MasaW

MasaW by L2 Linker
  • 1317 Views
  • 1 replies
  • 0 Likes

Website Filtering Dillema

Good morning, I've got a situation where some students are going to an inappropriate gaming site that also bypasses the content filtering I have in place and allows access to some adult content, this is one of the websites: https://friv2025.com, the issue I'm having is I can block this particular URL, but all they need to do is change the year i...

buppd96 by L0 Member
  • 1272 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect - split tunnel catching too much

Global Protect is working great, but we're seeing too much traffic inside the tunnel and subsequently dropped on the DC firewalls.We're using split tunnel with specific routes and a couple of include and exclude domains. However, we're seeing completely unrelated traffic tunnelled through the VPN. Where do we even start with troubleshooting this...

dmgeurts by L2 Linker
  • 1853 Views
  • 3 replies
  • 0 Likes

Decryption Profile

I modified existing decryption rules to add a decryption profile to each of them. In the profile, I have "Block sessions with untrusted issuers" checked. I'm finding sites with well-known trusted certificates are being blocked due to this. My understanding is Palo has a very limited certificate store. What's the best/most common way to han...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks