This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Outbound SQL traffic (possibly) hitting a zone protection profile

We have a process that sends MSSQL (1433/tcp) to a cloud service that occasionally just stops working - so trust to untrust. It is mostly on 'larger' data transmissions. Turned off all the flood protection in the zone protection profile on the outside interface, and there is no issue. Can I see where that is being triggered? Any thoughts on chan...

4.0.8 Object Name Change Not Updated In Policy

I used to be able to make changes to objects (address/groups/application groups) ect. But now when I made the change I have to go through my policies and NATs and update them manually. Any ideas? Is there an update object option that I'm not aware of?

Resolved! Template vs Device Group

Hello All - I am fundamentally not understanding the difference between Template and Device Group. Using teamplate i can push a policy to multiple Firewalls. Looks Device Group also does the same thing. What is the difference, and use case. When to use template and on what scenario i have to use Device Group? Thanks RB

Resolved! Client-to-Site IKEv2 IPSec without GlobalProtect

Hello, I am totally new to Palo Alto and trying to set up VPN connection from Android Strongswan VPN Client app to Palo Alto without GlobalProtect. I have requirement so client's IP is unknown and can be any public IP. At the moment IPSec tunnel is UP but I always setting error on client side: "setting up TUN device failed, no virtual IP found...

kemeris by L1 Bithead
  • 3287 Views
  • 6 replies
  • 0 Likes

Resolved! LDAP auth for the WEB UI access clarification

Hi All, Why do we need step 3 mentioned in the KB below for the WB UI authentication with LDAP?:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGuCAK Why do we need to create a local user? Won't Palo be an LDAP proxy (grabbing username/password and verifying it against LDAP server database)?

LDAP.PNG
myky by L3 Networker
  • 9241 Views
  • 8 replies
  • 0 Likes

PVLAN

Hello. I've been trying to use PVLAN with palo alto. I have two isolated host which are on the same subnet and wanted them to communicate through palo alto. I was able to manage with a switch using local proxy arp but from what I've searched palo alto doesn't have that feature. I see the arp packets from host A going to palo alto but since the d...

Custom Logs / Path Monitor Alert

Hello! I may be trying to do something impossible, but it seems like the configuration elements are all there. We have a static default route to our ISP that is set with path monitoring so that we failover to a backup route when the gateway is unreachable. We are trying to figure out a way to be emailed when the path monitor fails. I have ...

ECMP breaks secure email access.

Hi all, while using ECMP for the last 2 years without any issues using 3 ISP's with different weight and enabling Symmetric Return and Strict Source Path, I found that some sites with authentication access and Proofpoint secure emails access are being timed out because of their sensitivity of the source ISP change during the session. In most of...

SShnap by L3 Networker
  • 2083 Views
  • 5 replies
  • 0 Likes

The PA-220 is unable to boot into the system.

As stated in the subject, I encountered an error during boot-up. The details are as follows:SPI ID: ef:40:18:00:00header found at offset 0x1d80Image 1.2: address: 0xffffffff81000000, header length: 192, data length: 8160Validating data...Starting next bootloader at 0xffffffff81000000SPI stage 1.5 bootloaderSPI ID: ef:40:18:00:00Header 1 found at...

Custom URL Issue

Hi all, I had an issue where a client created a Custom URL category with multiple of URLs and added it in a Security Rule, all of the URLs specified in that custom category is matching except one URL with wild card such as *.sometechnologies.com. I'm using the command >test custom-url url <MyURL> to check the match but for only one url ...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks