This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4452 Views
  • 0 replies
  • 0 Likes

Resolved! Allow a more specific path of a Blocked URL

Hi All, I'm trying to determine if this is possible. We are blocking abc.company.com via an entry in a custom url category which is applied to the internet policy via a URL filtering profile. I need to allow abc.company.com/specificpath while still blocking all other paths. Nothing I've tried works. We have a whitelist rule above the main inter...

epeeler by L2 Linker
  • 7791 Views
  • 3 replies
  • 0 Likes

Resolved! Configure DHCP reservation on Global Protect user

Hello Community, Is there a way on the PALO ALTO that we can do DHCP reservation while using the Global protect client VPN.As of now we don't have any DHCP relay on the PALO ALTO. The PALO ALTO is the one providing IP address for the global protect user.Is there any DHCP expire on the global protect assign IP address?I found some docs but more o...

Resolved! Whitelist Java Traffic

Good morning,I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's & domains to whitelist Java traffic & block everything else? And if so, can I then write any kind of regex to match specific java versions, say if we have an older version of Java that is required for a specific app for a specific ...

Site to site vpn issue

Dear Team,I have one site 2 site VPN tunnel b/w Paloalto and cisco. some time i can see the tunnel is going automatic down and after some time it will come automatically. I have checked ikemgr and system logs but i am not able to find exact issue why its going up and down. can any one help me this below is the logs.I was doing troubleshooting th...

Resolved! Multiple Virtual Wires - PA Firewall - TP (IPS)

Hi, I hope it works but looking for confirmation. In PAN-OS with PA-5450, can we have multiple virtual wires configured e.g. 3 pair of interfaces configured as 3 virtual wires. Use case is PA NGFW deployment as inline IPS protecting 3 separate segments leveraging TP subscription. FW has to be deployed as bump in the wire solution. ThnxRohit

IPSEC tunnel Intermittent disconnect between onprime PA-5250 and and VM PA hosted on Azure.

Hello all,Need help.We're experiencing unsual IPsec tunnel disconnect between our main firewall PA-5250 and VM series hosted on Azure. PA-5250 - Version 8.01 - Static GW IP address 2.2.2.2VM series VM:- 10.0.7 - Azure01 - GW IP is dymanic representing 1.1.1.1 on logs. IPsec tunnel info check and verified are same on both firewall. Proxy ID:- ...

Find object tag in Rules?

I am trying to get rid of FQDN objects that no longer resolve (1000's BTW). Problem is that you can't delete an object if it is in a rule or address group. I can tag all the objects via command line which is great, but how can I see all the rules where an object is tagged with my "delete fqdn" tag? Seems like the Tag Browser could have done this...

Resolved! Telemetry cant connect : Server is not reachable

Hi Support,The telemetry unable to connect to server.-Device Health and Performance-Product Usage-Threat Prevention All same errorStatus : FailedReason : Server not reachable Follow in https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZCCA0 Update server configuration was set to updates.paloaltonetworks.com.We try setti...

Setting Up PA220 for Home

Hi, I'm trying to get my PA220 up for my home use. Right now it's plugged into a router, and I am plugging a laptop into the second ethernet port. I went through instructions here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFkCAK My laptop gets an IP of 192.168.1.2, but when I try to connect to any site in Chrome...

NLee5 by L0 Member
  • 2950 Views
  • 2 replies
  • 0 Likes

Error querying OCSP responder

We have an issue with the R3 root certificate caused by the OCSP Certificate Revocation Checking within our decryption profile. We're seeing all sites using this certificate being blocked due to unknown issuer. When we run the "debug sslmgr view ocsp all" we can see the responder URL as unavailable with error querying OCSP responder. We've chec...

are you permitted to remove all local admin accounts pan-OS 9.1 or higher?

hello all,I'm a PA noob who has recently just transitioned to a team that has a pretty heavy backlog. sorting through it, I see another team has requested that we remove local admin accounts from our firewalls. to my knowledge, the only local accounts on any of the FWs is the default account, with all admins authenticating using AD. I understand...

Website access issue

Hey team,The site is showing in cryptocurrency and getting blocked (https://www.tradingview.com/). As the checked site is showing under 3 categories and we do not want to allow cryptocurrency.As a workaround, we added the site into the custom category.So we need a permanent solution for the same. But as per the customer's suggestion, the site s...

ManishBhalekar_0-1644472022233.png
  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks