This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

PAN syslog stream into AWS S3 bucket

I am looking for creative ways to get my VM-300 instances to syslog directly into an S3 bucket for pickup by our logging systems. Given the PAN only has the ability to send syslog TCP to an endpoint I am not sure this is possible without some middleware.Has anyone else figured something out to achieve this?

danecott by L1 Bithead
  • 12166 Views
  • 5 replies
  • 0 Likes

Authentication server option

I have a new Palo Alto 820 and my Radius server is a Juniper running 9.1 . At this time my Cisco and other device use a share key to Authenticate to the Juniper device. On the Palo 820 Pan os 9.1.4 it want me to use the following Auth methods "PEAP-MSCHAPv2, PEAP with GTC, EAP-TTLS with PAP, CHAP, PAP" which I do not use. I want to know how I...

Thinking about moving from SonicWall NGFW to Palo Alto

My company has been using SonicWall for the last 7 years or so, and we're currently on a NSA 3600 (NGFW) HA pair for main branch and a TZ500 for a small remote office. The TZ500 is totally fine and the 3600 works ok for the most part but there are always a lot of bugs and issues seemingly for every service and feature (espeically HA). Changes an...

Resolved! SSL decryption issue for Windows Store

Hello, After enabling SSL Decryption, we cannot download from Windows store. Getting error below.Tried excluding hostname with Microsoft but no luck. How to fix this issue? Thanks in advance.

Error-windows-store.jpg
exclude-store-list-decrypt.JPG
Farzana by L4 Transporter
  • 20576 Views
  • 14 replies
  • 0 Likes

Resolved! Using the Panaroma as a central manager for Cisco AnyConnect.

Team,Any one aware if we can even use the Panaroma a a central manager for the Cisco AnyConnect firewall?My use cases are: 1. Central management and to push policies to the Cisco AnyConnect. 2. Ensure policies are in sync and same across all AnyConnect nodes.3. Possible backup of the Cisco AnyConnect configuration.4. Possible historic logs stori...

nson2139 by L3 Networker
  • 2799 Views
  • 1 replies
  • 0 Likes

FW has stopped recognizing several users and does not map them with the corresponding domain group, so it does not apply the necessary policies.

Hello,We have changed a 2 palo alto 5220 in cluster for another 2 palo alto 5250 version 8.1.16.We have migrated the configuration by exporting and adapting the xml.Everything works ok except for a detail in the new passive fw. we have detected it when switching and testing.The fw has stopped recognizing several users and does not map them with ...

BigPalo by L4 Transporter
  • 4276 Views
  • 3 replies
  • 0 Likes

PXE boot not working through FW

Hi all,I have a FW with PanOS 9.1.7 that is causing PXE boot issues with TFTP protocol.When traffic is not routed through the firewall it all works and I have seen several threads about this problem but no solution. DHCP server: Windows Server 2012 R2 172.18.76.23WDS server: 172.18.76.20 DHCP option 66: 172.18.76.20DHCP option 67: \boot\x64\wdsn...

Resolved! Azure HA not coming up

Do I need license to test Azure HA scenario. I am following all the steps but HA1 doesn't come up.I don't have any licenses. And doing a test run of implementation as HA active/passive.Default 10.0 gets installed with BYOL, but we don't have license yet.

raji_toor by L4 Transporter
  • 3013 Views
  • 2 replies
  • 0 Likes

Resolved! Finally have pre-login working - but now

I'm excited to finally have pre-login working per the logs below. But after the successful certificate based pre-login, portal-getconfig fails. On the pan the error message is "Failed to get client configuration". Any advise on how to troubleshoot this further is appreciated!

MichaelMedwid_0-1620266069104.png

SSL Decryption Issues - MacOS Big Sur 11.2.3

We have had SSL decryption configured since we deployed Palo Alto firewalls and it works with little issue on our Windows OS platforms. We have a new project to deploy a few MacOS clients as the application development team requires the ability to test Safari browsing of some web apps. Our internal Root CA has been imported into the keychain an...

How long time will need to prepar the PCNSA

Hi everyone I would like to prepare the certification PCNSA.My idea is to pay the tax exam as soon as posible will make force me to study the exam. I would like to know how many hours and time will need for I am going to the exam. Regards

Athan123 by L0 Member
  • 5577 Views
  • 2 replies
  • 0 Likes

Resolved! 2 ISP NAT question

Hello, we have 2 ISPs . .Static route with metric 10 for the 1st one and another static route with metric 20 for the second one .We have 2 nat rules for LAN. 1st one is via ISP1 and 2nd is via ISP2.So when we change the default route we need to reorder the NAT policies in order to have internet.Is there a option to change default routes without...

stef by L2 Linker
  • 2501 Views
  • 1 replies
  • 0 Likes

PA Destination NAT

I have a use-case that all subnets/VLANs should be able to access the server (192.168.4.4) via HTTP using the loopback IP address 192.168.6.2/32. The PA firewall is the gateway for all the VLANs. I would like to confirm if this is possible? The source will be VLAN 5 or VLAN 10 and destination is VLAN 20's loopback IP 192.168.6.2/32 using HTTP se...

Nikko by L1 Bithead
  • 3070 Views
  • 2 replies
  • 0 Likes

Resolved! Aplicação incompleta

Galera, boa tarde. Estou com um problema bastante confuso, tento acessar um determinado site "HTTP" é recebo a erro (Não é possível acessar esse site), realizamos um teste fora da nossa rede é o acesso é realizado normalmente. Analisando os LOGS verifiquei que recebemos a ação incomplete.O que estamos fazendo de errado ?

Lucaaslr_0-1620676620608.png
Lucaaslr by L0 Member
  • 2696 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks