This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4475 Views
  • 0 replies
  • 0 Likes

Resolved! GlobalProtect - Use Machince Certificates for Authentication

Hi everyone, at the moment our GlobalProtect Infrastructure is only using LDAP for authentication, which is a problem since users should only be allowed to connect to GlobalProtect via a corporate Windows notebook.As a second factor we would now like to use machine certificates. We have already rolled out machine certs to every machine by an int...

Enabling multi vsys on a prod firewall.

I’m planning to create multi vsys on my palo alto. I just wanted to know if my existing configuration (interfaces, aggregate interfaces and rulebase) will be moved as it is to vsys1 or they need to be mived manually? I have aggregate interfaces layer 2 in my environment so I need to assign vlan interfaces to vsys and keep parent port in no vsys ...

HA1/HA2 speed recommendations for a PA5200 series setup (A/P)

I'm not sure if this documentation exists somewhere but I can't seem to find it.we have a customer with palo alto 5200 series firewall.due to covid-19 (as is the case with so many companies they are currently production stress testing the firewall with extra load due to teleworking, etc)the firewall handles it fine. however the ha1 and ha2 inter...

Resolved! Authenticating a PC based application

We have an old vertical application that can connect to a web server via https and that populates the datain the desktop application (thick client). Mgt Team would like there to be two factor authentication. But if the thick app does not support two factor I think that's a non-starter. Or could there be some way that a legacy app not designed fo...

Reconnaissance query

Hi Team,Is it possible to whitelist on the basis of destination for scanning port. I can see in Reconnaissance configuration we can only whitelist on the basis on source address. But more than 500 sources are available to scan port so its difficult to allow those for specific destination address. Please suggest. regards,Shiv

Cortex XDR Agent management questions - stragglers and operation status

I've deployed the cortex agent to all of our servers and now need to find stragglers (servers without agents running). I also need a method to know that not only are the agents installed and running but they are actually running as designed. I noticed there is a network scan in the portal for cortex but it only shows IPs for the devices, so I d...

PA-220 advertising BGP routes

Hi everyone, hope you're well. I hope somebody can help with this. I'm looking to introduce a local Internet breakout, by installing a Palo Alto 220 firewall, as the site has been reporting slow Internet recently.

BChana by L0 Member
  • 2506 Views
  • 1 replies
  • 0 Likes

Template setting not working

WildFire looks like this on the Palo: But if I click on it to change it, it has a template setting: I took a look at the Stack and the one at the top has the correct setting, the one at the bottom is set to none. So that should be right, any idea why this is happening? I've refreshed and within Panorama everything says "In Sync".

Manual.jpg
WF.PNG

Resolved! Pruning weak key exchange algo in Pan OS 8.19

In Palo Alto v8.19, they added functionality to prune multiple weak key exchange algo in one line: (https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-19-addressed-issues.html) I followed the guide here (https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-cli-quick-start/get-started-with-the-...

Resolved! Unauthorized Request Panorama.

Hey All; I had a weird error this morning with Panorama, "Unauthorized Request" Login and Logout and it still does it. This was when editing the LDAP settings on version 5.0.2 on the hardware version. Anyone have the same thing?

amansour by L4 Transporter
  • 6958 Views
  • 3 replies
  • 0 Likes

Custom Category traffic flow issue

Hello all, I have created a custom URL category for a site and have a security policy to allow specific applications to that category but the results are inconsistent and when I review the log, when the traffic was successful the URL Category shows as the custom category and whenever it fails, it shows the URL category as a default PAN category...

EmptySet by L1 Bithead
  • 5956 Views
  • 8 replies
  • 0 Likes

Knowledge sharing: Palo Alto troubleshooting falty or not supported SFP and SFP stopped working after upgrade

Hello to All, I wanted to share what I know with thee comunity. First in many cases for faulty and not supported SFP the option "show system state filter sys.sx.px.phy" is used (for more info https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaMCAS ). If you don't see the manufacturer information check the article https:...

Resolved! What OS on windows server can PA support about global protect?

Hello, The below doc describes there are client OS list what PA can support for global protect. https://www.paloaltonetworks.com/documentation/60/globalprotect/global_protect_6-0/globalprotect-overview/what-client-os-versions-are-supported-with-globalprotect.html But there is no information about windows server list. Can Global Protect sup...

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks