This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4456 Views
  • 0 replies
  • 0 Likes

Recommended ways to manage numerous firewall policies

For people who have many firewalls which have similar policy, what are good ways to manage these, say for example I want to add a particular rule from one zone to another, and the zones are identical across 80 firewalls. Am looking at using Device Group hierarchy but not sure of pitfalls or traps to avoid here.

Server management cannot be restarted

I cannot login to the web GUI, I receve error "Timed out while getting config lock. Please try again. ". I saw that it has to do with overloaded server managment plane so i tryed to restart it form CLI, ussing the comnad "debug software restart process management-server". The problem is that i get the same error in CLI "Server error : Timed out...

Resolved! Fortigate VIP Equivalent

Hello, I am working on a Fortigate to PA migration and I am trying to wrap my head around the equivalent of a Fortigate VIP (we used VIPs to go from public IPs to inside web servers) on a PA. Would I just create addresses for everything and then do the "virtual" piece with a NAT policy?Thanks for any input,MJF

Allow only Zoom for a subset of machines

I want to lock down Internet access for some machines to just allow them to use Zoom, but using the App-ID means I have to allow SSL and STUN too and I don't want that as that opens up a ton of other sites, Anyone have any suggestions? Maybe a URL filter allowing just the *zoom.us domain?

froche by L1 Bithead
  • 5059 Views
  • 2 replies
  • 0 Likes

VPN Bandwidth Load Balancing

Hi Team, I have three VPN connection for three isp network. We need to load balance the VPN connection when it reaches to a particular threshold for example 75% or 80% then the traffic need to shift to other tunnels. For example if one tunnels is being used by 5 or 10 users and someone downloads or uploads a content then according to the bandwid...

Resolved! How to reduce downtime when migrate to an AE interface

Hi All, Am going to bundle an existing layer3 interface (e1/1)with extra one (e1/2 ) to an ae1 interface. And then move the ip address from e1/1 to ae1. This is in a HA A/P configure, question is how to reduce the downtime to roughly 0?If it will impact existing sessions?As zone name not changed but ingress/egress interface, and PA sessions matc...

AllanGao by L1 Bithead
  • 3906 Views
  • 3 replies
  • 0 Likes

Resolved! U-Turn NAT question

When setup U-turn NAT, can see SNAT part using an internal interface for DIPP. But in the scenario A/P FW has two downstream switches, ie. two internal interfaces, if need to setup 2 U-turn NAT policies . So that when the primary link down, can use the 2nd NAT(which using 2nd internal interface ip address as DIPP)? Please help.

AllanGao by L1 Bithead
  • 5192 Views
  • 4 replies
  • 0 Likes

Resolved! Security Policy "Last Hit" metric

Hello,How is the "Last Hit" metric for a security policy on the firewall generated? Would the timestamp be based on the session start time or the received time of the log? Intuitively I would think the former, but I am starting to think its the latter. Does anyone definitively how this works? Thanks

Pc does not join into Domain

Hi,I can not join into a domain when the computer pass through PA.This is my scennario:PC - PaloAlto - Switch - DomainControllerThe PC and Domain controller are in the same Zone (trust) and I have a security rule: from zone trust, to zone trust, permit all.I can see a lot og kerberos v5 packet with bad checksum.Regards,

Palo Alto interface does not ping after a certain period of time

We are running NMS.However, the operation method does not work internally and goes out to the VPN public IP.trust -> untrust -> isp(internet outside) -> VPN untrustCommunication is done in the same way as above. In NMS, the status of VPN untrust is monitored by ICMP.However, after 30 minutes, the VPN untrust interface suddenly stops pin...

PA without license

Hello. I hope you can help me. I currently have a customer who wants to leave one of their old APs unlicensed as a VPN concentrator. My question is the following: What functions would be active in the PA? For GP I checked this KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG0CAK in which it says that it allows "S...

Policy Optimizer Reports

Hello Community,Has anyone here found a decent way to have a report generated automatically on a periodic basis for the Policy Optimizer suggestions? I.e. A PDF generated every Monday morning with a list of Unused policies in the past 30 days, etc.? Thanks in advance!

Global Protect stuck in "Connecting", "Still Working"

Hi there guys, I have a Macbook Pro with Catalina v10.15.4 and I am here because I am out of moves on how to make this software to work. Troubleshooting I've tried so far:1) Tried going to privacy and security in the settings to allow the software thru there but I never saw that as an option. I have installed and uninstalled the software many t...

  • 24377 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks