This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4221 Views
  • 0 replies
  • 0 Likes

Resolved! Where did the critical issues page move?

Hi, The below URL was Critical issues page. ---- https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm68CAC ---- Currently, this page shows "Data Not Available".Where did the critical issues page move?

MasaW by L2 Linker
  • 1151 Views
  • 2 replies
  • 0 Likes

CVE-2023-48795 Vulnerability

Hi Community, I have my firewall been exposed to CVE-2023-48795 Impact of Terrapin SSH Attack. Currently, based on the Palo Alto Security Advisories, I could see that PAN-OS version that are above than 10.1.15 are unaffected to this CVE. Upon checking my firewall model which is PA-820, I couldn't see any version listed for 10.1.15 in the softw...

File Integrity Monitoring using Cortex via Corelation Rule

Dear all, I'm looking for FIM on Linux (like etc/shadow), I try with previous conversation use this query: dataset = xdr_data |filter event_type = FILE and (event_sub_type = FILE_CREATE_NEW or event_sub_type = FILE_WRITE or event_sub_type = FILE_REMOVE or event_sub_type = FILE_RENAME ) |filter lowercase(action_file_path) in ("/etc/*","/usr/loc...

Resolved! helps generate an XQL to notify when a USB is connected

I am trying to use Cortex XDR so that when a user connects a USB storage device I receive a notification by email. so far I have used this XQL: preset = device_control| filter event_sub_type = ENUM.DEVICE_PLUG which tells me when any USB device is connected to the endpoints, I added this as a BIOC rule so that when the condition is met it ...

Resolved! Zero-Trust Strategy for Prisma

Hi all I have been tasked with providing a Zero-Trust strategy document to management, related to how to implemenet this on our Prisma Access solution. I am looking for some examples that I can pull from that anyone has done this already for. I have gone thru so many Palo documents, discussing all the Pillars etc, there is so much information o...

D.Maas by L1 Bithead
  • 5380 Views
  • 11 replies
  • 0 Likes

Resolved! Retention period for traffic logs on Panorama

Hello Experts What is the rention period for traffic logs on Panorama, I mean how many days it will keep the traffic logs from firewall. Actually I need to do the harden the security rules by looking the traffic logs.

ghostrider by L4 Transporter
  • 32449 Views
  • 12 replies
  • 0 Likes

Anti-Spyware Behaviour and Inline Cloud Analysis

Hello All, I have run into some curious behaviour with Anti-Spyware. High severity threats tagged as threat type 'spyware' are coming through the firewall with an action of alert, despite all configurations pointing to an action that should either be reset-both, or sinkhole. I have confirmed the following: The security policy rule that m...

nohash4u by L3 Networker
  • 2975 Views
  • 6 replies
  • 0 Likes

Redundancy for Global protect VPN

Dear Friends, We have a customer who is Currently configured with GP- Global Protect for VPN is connecting with ISP-1, one Public IP / One ISP-Internet Service Provider. Requirement is, can we configure as backup or as redundant with another ISP-2 ? Purpose : Once One ISP is down, then GP- Global Protect users will not disconnect from remote...

Resolved! Undetected APP dependency?

Hi. So we ran into an issue and we're not sure if there's a missing app dependency in the Palo Alto db or if we're missing something. What happened was, we migrated one Policy from port to APP-based. On the Apps seen it only had one detected app (let's call it app1) with no new apps seen for a long time. This rule is being hit regularly by tr...

mR00t_s5 by L2 Linker
  • 1463 Views
  • 2 replies
  • 0 Likes

Migrate Fortinet to palo alto

Hello, We are planning to migrate from a Fortinet firewall to a Palo Alto Networks firewall. As this is my first time handling such a migration, I would greatly appreciate guidance from an expert on the step-by-step actions required. NGFW

Resolved! HA active/active dual ISP load balancing

Hi all, I am considering network design that have: - Dual ISP (public IP /29 for each) - 2 x PA with active/active HA - PA connects directly to L2 networks (LAN) Requires: Load sharing between 2 ISP Internet links Problems: Is it possible to configure separated nat for each? How session can failover to remaining PA? Do I need Floating IP for...

nw-rogox by L0 Member
  • 7894 Views
  • 4 replies
  • 0 Likes

Resolved! Is the Cloud Identity Engine required for filtering by Group when using Entra without LDAP?

I feel like I've read every document on this forum but I can't seem to find a solid answer to this question. I'm sure someone will link 4 other posts..... 🤦‍♂️ I am using SAML Auth to Entra for GlobalProtect. I can auth to the Portal if I specify the user directly (using domain.com\username - username@domain.com does not work). I can also ...

KSaucier_0-1748887583212.png
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks