This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4225 Views
  • 0 replies
  • 0 Likes

Resolved! Where to Write Security Policies with a Site-to-Site VPN

Hello,We have a pair of 3200s on our main site, and have added an 820 at a remote site to bring up an IPSec tunnel between the two.When I initially set the remote site up, I decided to have all the security policies controlling what access the remote site would have to the main site on the 820 side. I could see arguments for doing it on either e...

Does NAT64 works for inbound NAT

Currently we have configured inbound NAT for DMZ application which is on ipv4. Public ip used for it is ipv4.Due to some requirement client from outside network will be coming from ipv6 public ip to access the application. In this case our nat is not working. We have found NAT64 feature in below doc , but given example is for outbound NAT. http...

Deepak25 by L3 Networker
  • 5687 Views
  • 3 replies
  • 0 Likes

Is my firewall hacked already ?

I have a PA3020 with 7.0.5-h2 PAN-os version. I noticed that it have a lot of DNS traffic sent to strange IP address. when I running show system resources command. I found strange process nginx and two syslog-ng there. Is it normal, how to get rid of them ? 2797 nobody 20 0 53388 5712 3344 S 0.0 0.1 8:19.70 nginx6804 nobody 20 0 107m 12m 6472...

banny6 by L1 Bithead
  • 4778 Views
  • 5 replies
  • 0 Likes

Something aking to | sort | uniq -c | sort -nr

Like the title says, is there a way to run a filter for a period of time, pull out a list of IPs, sort them, remove the duplicates with a count, and sort them by most popular?This is a common omegle thing to do with syslog data, say you have a very permissive rule and you want to see what source IPs are being used by that rule. You could awk pri...

Jack45 by L1 Bithead
  • 2527 Views
  • 1 replies
  • 0 Likes

Allow redirect URL with decrytion on.

Hey guys one of my customer I not able to access the Redirecting URL's This Error display (err_http2_inadequate_transport_security)I checked the logs the traffic URL shows alert but the decryption is done.We are able to Access the URL without decryption. Created a specific decryption policy in which it enables the Strip ALPN. and we are able to...

3rd party managed minemeld feed to local

We have a service provider(SP) with authenticated minemeld feed and we want to pull feed from the SP minemeld which asks for authentication into our local minemeld instance, instead of directly into our firewall. How can we do that.

raji_toor by L4 Transporter
  • 3832 Views
  • 4 replies
  • 0 Likes

ALERT WHEN VPN DESTINATION STOP WORKING

Hi everybodyCurrently have a vpn connection to a remote site , and now we are transferring many info along the dayBut sometimes connection closes and transfer interruptsSo we want to sent alerts when this connection o transfer interrupts to be able to sends a kind of email alert Is it possible?

Does GlobalProtect refresh USER-ID bindings mid session?

The GlobalProtect section of the Admin guide for PAN-OS 8 says the following:For mobile or roaming users, the GlobalProtect client provides the user mapping information to the firewall directly. In this case, every GlobalProtect user has an agent or app running on the client that requires the user to enter login credentials for VPN access to the...

SD-WAN Hardware Change / Migration

We have been running SD-WAN since release a year or so ago, regular PAN-OS SD-WAN not Prisma SD-WAN. All the sites were deployed with PA-220 at the time, but we are rolling more sites in and I need to swap a couple of the PA-220s with a PA-440. Anyone done a hardware replacement of an SD-WAN device, that is being repurposed? I followed along t...

bschaper by L2 Linker
  • 3889 Views
  • 2 replies
  • 0 Likes

Resolved! Static Destination Nat issue

In static Destination Nat I have configured 172.16.0.10 IP in private IP. But when I checked the logs in monitor it is showing 255.255.255.0 in Destination IP Column of log & packet was dropped with aged out error. Can anyone please explain what is wrong with my configuration?

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks