This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 184 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 866 Views
  • 0 replies
  • 0 Likes

Custom Logs / Path Monitor Alert

Hello!

 

I may be trying to do something impossible, but it seems like the configuration elements are all there.  We have a static default route to our ISP that is set with path monitoring so that we failover to a backup route when the gateway is unr

...

building a lab with PA-440 or VMs

Hello everyone,

 

I have some knowledge about PaloAlto NGFW but now I intend to focus and get some certifications. For that I bought a PA-440 which runs 11.2.5 and I intend to buy a second one which doesn't have an active license and running 10.2.3-h

...

No internet after changing ISP

PA-440, OS 10.1.14, Standalone

We just changed the ISP, the static IP in interface (WAN), updated the Virtual Router as well, NAT, PBF, Security Policy was checked, IKE Gateway.

But we couldn't browse the internet. The firewall management GUI is also

...

Dars_Em by L1 Bithead
  • 611 Views
  • 7 replies
  • 0 Likes

Configure SAML for GloblaProtect and use groups to filter

Hi,

I would like to configure SAML for my GP authentication and  I would also like to be able to assign IPs by user groups and configure rules for these remote users by user groups. 

Does anyone know if this is possible? how can match users received

...

BigPalo by L4 Transporter
  • 229 Views
  • 1 replies
  • 0 Likes

Resolved! how to whitelist Akamai downloads ?

How do yuo configure a correct FW rule to only allow downloads for a specific user from a specific URL, but the content is hosted on akamai networks ?

 

I configred a FW rule with the URL of the server as FQDN in the destination field and allowed downl

...

DaxVC by L2 Linker
  • 12194 Views
  • 6 replies
  • 0 Likes

Resolved! Proper "outside" interface configuration

Hello all!

I'm facing an issue which brings me to ask what the proper configuration should be for an outside interface.

 

Given the attached diagram and captures, do I have the correct outside interface (vlan.100) configuration?

 

diagram

 

  • Outbound t
...

if-cfg-question_202504151350.jpg
2025-04-15_14-15-22.jpg
2025-04-15_14-04-22.jpg
2025-04-15_13-52-51.jpg
relayer by L1 Bithead
  • 867 Views
  • 5 replies
  • 0 Likes

ACME and SSL decryption

So i recently got wind of this:

 

https://www.thesslstore.com/blog/47-day-ssl-certificate-validity-by-2029/

 

acme.sh and/or certbot takes care of the servers, but won't this break existing SSL decryption rules?

Any strategies/workarounds for this? t

...

Insufficient Data

I am running into an issue where an internal application is not being identified and on the logs appear as "insufficient data". What can I do to on the firewall to allow the application to be identified? 

flipjg33 by L0 Member
  • 333 Views
  • 3 replies
  • 0 Likes

Resolved! Clarification on http2 traffic and decryption

Hi all,

 

I was hoping to get some clarification on http2 and firewall interaction. I understand that generally http2 works without issue as long as it's being decrypted. I also understand disabling inspection/decryption (Strip TLS ALPN) on http2 tra

...

KGDrake by L0 Member
  • 2243 Views
  • 2 replies
  • 0 Likes

Resolved! Best method to block Instant Messaging

Working for a State Government agency, we are required to keep a record of any official electronic communication.  Using public Instant Messaging services creates a problem for us in that we don't have a mechanism for keeping copies of any transactio

...

merrydc by L1 Bithead
  • 4521 Views
  • 4 replies
  • 0 Likes
  • 24006 Posts
  • 115 Subscriptions
Top Solution Authors
View All
Top Liked Posts
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks