General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1192 Views
  • 0 replies
  • 0 Likes

Disable weak cipher suite in SSH

I would like to disable weak cipher suite in SSH for over 100+ Firewalls with the following commands.  The firewalls are running in High-Availability (H/A) mode, version 9.1.10:

 

configure
set deviceconfig system ssh ciphers mgmt aes256-ctr
set deviceco

...

dtran by L4 Transporter
  • 5504 Views
  • 7 replies
  • 0 Likes

User mapping not happening properly

We have recently added a user in the server list.

We are able to see the user in LDAP but when it comes to firewall we are not able to see the user in security policy.

When i checked the user with following command

show user ip-user-mapping all | match

...

Resolved! Globalprotect Portal same IP w/ management interface

Hello,

Before setting up globalprotect portal, I could access the management interface using the public IP externally. Once I configured globalprotect portal for VPN, the IP now directs you to globalprotect welcome login page. Which is normal, cause I

...

icap by Not applicable
  • 9267 Views
  • 5 replies
  • 0 Likes

Generated traffic logs showing weird information

I have a VM-500 panos-8.1.18. I am seeing traffic logs with below flags

Session End Reason- policy-deny (means traffic denied as per policy)

Action -Allow ( how can action be allowed when traffic is denied via policy)

Type- deny

 

We also have ssl decrypt

...

How do I set bgp auth-profile secret in XML?

<auth-profile>
<entry name="BGP">
<secret>-AQ==9wW2MMYTyjIArw6U5IgQlTHDTnc=zwKe7XpB+qQLdlenAO8tkg==</secret>
</entry>
</auth-profile>
 
The configuration appears to be encrypted, maybe using the master key or something. Is there anyway to set this in XML c
...

Resolved! IKE Error

In my system logs I'm seeing the following error:

 

"IKE phase 1 negotiation is failed. Couldn’t find configuration for IKE phase-1 request for peer IP x.x.x.226[500]."

 

The bizarre thing is that the tunnel IS working despite this error!!!

 

The reason fo

...

Can we use SFP+ with PA-820?

Hi, Guys. I plan to use the PA-820.
The PA-820 has only two HA ports.
I am planning to substitute the HA ports with SFP ports.
Can I use the PAN-SFP-PLUS-CU-5M with the PA-820?
The PAN-SFP-PLUS-CU-5M is cheaper than the PAN-SFP-CG, so I would like to use

...

Lisa_35 by L0 Member
  • 2753 Views
  • 1 replies
  • 0 Likes

antivirus not able to update

we have recently renew our license of thread prevention . As application and threats are update but the antivirus is not update from Palo alto server. We  downloads the AV from support portal and manually install in FW  and run this command still ant

...

Joshan_Lakhani_1-1611061626483.png
Joshan_Lakhani_2-1611061703048.png

Resolved! Log interface configuration under PA FW

Hi folks,

 

We have PA 7050 firewall chassis and after upgrade to version 9.1.11, we got a sync HA issue, the TAC told us that it's mandatory to configure the log card interface.

 

So we created a log interface to resolve the issue, the sync HA issue was

...

URL with port

Hi, 

Wondering if someone can help me out. I've done some searching and have not come up with with much

 

I have a user who needs to access a few webpages on a custom port. The link for example is something like: https://custom1.config.fake:2546/info bu

...

FW_Newb by L0 Member
  • 3670 Views
  • 3 replies
  • 0 Likes
  • 24171 Posts
  • 117 Subscriptions
Top Solution Authors
Top Liked Authors
Labels