This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4442 Views
  • 0 replies
  • 0 Likes

Renewing a Subordinate CA Certificate for firewall, issued by MS Server Enterprise CA

Hi, I've been looking all over for some guidance on this, without much joy. I am trying to renew a subordinate-CA certificate on a firewall, that was issued by a Windows Server Enterprise CA. Obviously there is no Renew function on the firewall for that cert as it was externally issued - and it appears on Windows server you can only renew Subord...

syslog server logs

Hello, I am facing an issue to get the alerts for my syslog server ( description contains 'Syslog connection broken to server[\'AF_INET.127.0.0.1:2625.\']' ) every two hours I am getting alerts. i checked the sys-ng.log and took the packet capture but I can see the same error. Below is the configuration:-sys log Server IP- 192.1681.1protocol - U...

Jafar_Hussain_0-1636027177713.png

LAN to Portal/Gateway Externo same Firewall

Dear:Good afternoon, is it possible from my LAN network, to connect via Global Protect, to the external portal/gateway of my Firewall ? I tried, despite having the permissions at the policy level and it fails to establish a connection.Is it strictly necessary to have an internal gateway for this? To connect from my LAN to an Internal or should I...

Metgatz by L4 Transporter
  • 2188 Views
  • 1 replies
  • 0 Likes

Resolved! Shared Security Policy Rules

When you have multiple device groups, are you able to create shared security policies? When I try to select shared and create a security policy rule, the zones are blank. Only workaround I can seem to find is create a security policy in one device group and clone it to the others

ce1028 by L4 Transporter
  • 6015 Views
  • 2 replies
  • 0 Likes

PBF policy match works in CLI but hangs in the GUI

Hi, Came across an issue where a PBF policy match works in the CLI, but not in the GUI. When you run the test in the GUI it just hangs. The PBF rule is working as expected in production, its just the test in the GUI that seems to fail. Anyone come across this issue before? Other PBF policy match tests in the GUI work, so not sure if this is pro...

BenPrice_0-1635901518208.png
BenPrice_1-1635901757751.png
BenPrice_2-1635901890382.png
BenPrice_3-1635901946304.png
Ben-Price by L4 Transporter
  • 2381 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect not working with RADIUS NPS and LDAP on the same server.

Hello everyone, We have a Firewall configured for Authentication for LDAP and RADIUS NPS. Both works fine when I force the authentication profile using CLI:test authentication authentication-profile LDAP username user passwordtest authentication authentication-profile RADIUS username user password However, when using Global Protect with an Authe...

Globalprotect Smart Card configuration

So my company is working to setup a new PKI infrastructure with smart card logins for the users. I have looked at all the 2FA and associated articles about setting up the VPN but it leaves a lot to the imagination. I followed the steps creating the certificate profile and assigning it to the portal and gateway. But when i test it the issue i arr...

j.bartha by L1 Bithead
  • 7893 Views
  • 4 replies
  • 1 Likes

Resolved! Ping an IPv6 Link local address

Hi, Is it possible to ping a IPv6 link local address from a Palo Alto firewall? If so, what is the syntax on the firewall CLI? I know other platforms allow you to define an outgoing interface when pinging a link local address, but this doesn't look to be available. Thanks in advance.

Ben-Price by L4 Transporter
  • 6617 Views
  • 3 replies
  • 0 Likes

Resolved! Convert a physical interface to an aggregate or add a new aggregate and move associated objects.

I have two PA3050s Active/Active, where I already have E1/12 configured as type Layer 3, no sub interfaces. Is it as simple as doing the LACP configurations on the upstream switches and then converting physical interface E1/12 type to Aggregate, then add in E1/13 as a second member. The existing E1/12 has the following objects associated. 2 NAT...

  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks