General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 92 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3332 Views
  • 2 replies
  • 14 Likes

PBF with nat

Hi

 

So I have 1 internal address that when it goes out via the PA to the internet (SNAT) i want it us a specific route - net hop.

 

So it looks like I can't set pBF on source address (SNAT). has to be on the original address.

and I can't specify outbound

...

Resolved! Question about Active/Active HA with Layer 2 Interfaces

Hello,

 

I have read the Administrator's Guide and the Use Cases for Active/Active HA but just wanted to get some confirmation that I am understanding the requirements correctly. We have two identical Palo Alto firewalls that we want to setup HA with.

...

Global Protect new Linux UI

I have the GP Linux CLI client working without any issues, however I wanted to test the UI client that just came out (5.1.0) Does anyone know how to actually use this? The PAN documentation has not been updated to mention this new version or the Linu

...

hshawn by L4 Transporter
  • 28977 Views
  • 18 replies
  • 0 Likes

Getting PAN FW logs to Azure Sentinel

I'm currently sending FW logs to Azure Sentinel, via syslog over SSL to an r-syslog server with the Azure agent on the syslog server forwarding logs to Sentinel. I followed the documentation, format is BSD header with custom CEF format for the logs a

...

threat log.JPG

Minemeld will not start after reboot

I could really use some help here.

Our Minemeld instance running in Vmware will not start after an os reboot.  Now we are a Windows shop so I don't know where to go with this.  The error is:

 

Initalizing minemeld. It could take some minutes, please

...

DwightH by L1 Bithead
  • 1470 Views
  • 0 replies
  • 0 Likes

Palo alto not blocking a URL

Hi All,

 

I hope all are doing well.

 

I am trying to block a URL on palo alto firewall using custom URL category but firewall is not blocking the traffic and its passing through allow SSL/Web-browsing rule just below it.

 

This is the rule i created:

 

Rule

...

Ankurdatta_0-1594630363624.png
Ankurdatta_1-1594630694984.png

GP password expiry error

Some of our users are getting password expiring msg when they are connecting via GP but when we checked their ldap accounts the password is set to never expire.PANOS version is 8.16-h2 and Global Protect Agent is 4.1.10 is there is bug.Please suggest

...

Joshan_Lakhani_0-1594884592222.png

Site disconnect and backup issue

we get a lot of site disconnects and backup reports that are constantly in a state of being disconnected this will effect performance as the connection gets closed. please advice. thanks

Resolved! Command to Not Display Names in the CLI?

In the Cisco ASA at the CLI there is a command to not display names but their IP addresses: no names.

Is there a similar command in PAN-OS; I'm using v 8.1.13? My goal is to list/export NAT policies without names as the individuals who will review thi

...

TCP-RST-FROM-CLIENT

Hi,

 

I have allowed a FTP session. However, the FTP session does not connect. When I search the logs, the traffic is allow however the session end reason is tcp-rst-from-client.

 

Please advice.

 

Thks and Rgds

AhDon79 by L0 Member
  • 34697 Views
  • 14 replies
  • 1 Likes

global resource counter appid_post_pkt_queued

Hello,

someone know what means this counter increasing?

appid_post_pkt_queued    4294967293 826432036 info      appid     resource  The total trailing packets queued in AIE

 

and this?

dfa_sw                   4415      849 info      dfa       pktproc   T

...

Marivi by L3 Networker
  • 2904 Views
  • 1 replies
  • 0 Likes

any solution to keep tracking user IP mapping?

One of my customer is requesting me to track user IP address when he move from his desk to meeting room, and vice versa.

He carries his laptop, he use same ID account on AD, but his IP address will be changed when he moves around.

 

I know he needs to g

...

emr_1 by L5 Sessionator
  • 3807 Views
  • 3 replies
  • 0 Likes

Resolved! What can I do with a Global proect subscription?

(posted this in the global protect forum, but this seems to get more traffic, and maybe more suggestions, so I moved it here)

 

So I'm about due to retire my old 3050's and upgrade to 3250's - and this time I've convinced management to buy me the globa

...

darren_g by L4 Transporter
  • 4198 Views
  • 6 replies
  • 0 Likes
  • 24126 Posts
  • 100 Subscriptions
Top Solution Authors
Labels