This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4240 Views
  • 0 replies
  • 0 Likes

NAT issue for accessing ICMC service from google

We have 4 production servers are accessing ICMC service which is hosted in following URL “pubsub.googleapis.com”, If all 4 servers in common NAT rule then there is a time-out error observed which caused ICMC service failure. We have tried change the rule from FQDN and category based rule but still time-out noticed , Application team escalated to...

gasin1 by L1 Bithead
  • 3077 Views
  • 4 replies
  • 0 Likes

Do PA have size limit for AV scanning (not size that upload to WildFire)?

Hi, I'm looking for reference document that clearly answer below question:1/ PA have file size limited for AV or not?2/ What file type that PA support or not support in AV scanning?3/ When PA need to forward file to scan on WildFire? Please give me the document related to those 3 topic.I try google for a long time But I can't find clear answer. ...

Global Protect Users Experiencing Telnet Disconnects

I wanted to see if I can get some help with some session termination problems that I am experiencing for Global Protect users. Our remote users connect to an on-prem ERP systems through telnet, tcp/23. I recognize that this protocol has inherited performance and security problems, but unfortunately that's what we are given to work with. The bo...

CCullhaj by L1 Bithead
  • 4528 Views
  • 3 replies
  • 0 Likes

Resolved! Convert VSD Juniper(Screen OS) configuration to Palo Alto

Hi team,We have a Juniper firewall configuration with 4 VSD(virtual security device) and we want to migrate that kind of configuration on Palo Alto.We have tried to migrate that configuration but we didn't find this capability on palo alto firewall.Does exist any similiar capability in palo alto?Thanks ,Regards.

Fjrubiab by L0 Member
  • 4067 Views
  • 3 replies
  • 0 Likes

Resolved! VPN Best Practices

I'm looking to make some modifications to Site-to-Site VPN IKE-Gateway/IPSec profiles and GlobalProtect IPSec Crypto Profile. For GlobalProtect IPSec, I'd like to switch from aes-128-cbc to GCM. I know GCM is more secure and has better performance but what I'm unsure about is if I need aes-256-gcm or is aes-128-gcm acceptable. For the site-t...

ce1028 by L4 Transporter
  • 6903 Views
  • 5 replies
  • 0 Likes

BGP configuration

I am looking to see the commands to check bgp configuration on palo alto 5050 Software version 8.1.14 We have that PA in our organization but i am new and trying to check why i am not able to learn a route 10.104.55.0/24 in BGP in PA 5050 I am learning 10.104.55.0/24 in the routing table.admin@SHA-FWPA01A(active)> show routing route virtual-r...

Need to export policy rule in excel format.

Hi, While exporting all policy backup in excel sheet as we need this all policy details with all fields in rules.As when I tried to export directly via console it gives only object name, not real ip address. So it is difficult to know which object has which ip address inside it.Please help us to get this all rules details in excel sheet.

PA-3220 Power Supply Air Flow Direction Optional?

As I have encountered and many others may also, when this unit was installed in a data center, the person did not follow hot and cold isle standards. Is there an option to replace only the power supply or type of fans to reverse the air flow? This would be much easier than unracking and recabling everything.

DHCP server issue with PA3020

Hello, I have PA 3020 on which I have configured a DHCP server with about 400 reserving "binding", and IP pool for non reserved.this DHCP server is configured on vlan tagged subinterface.every thing is going well for laptops and PCs "windows", but I have almost with all android phones "Can't get IP address" issue.when I check "view allocation" I...

Resolved! Panorama Pre rule reuse with firewall type but different inside zones

I want to reuse a pre ruleset because all firewalls of a type get these firewall rules. The issue is the inside interfaces are different zone names. Whats the best way to handle that situation while using the "no any zone" best practice? I am alreadly overriding an object-group to specify these zones networks. We cannot override the zones of a p...

trial license for pa-220

Hello guysI m trying to get a trial licence for lab purposes for my personal pa-220Not familiarized with palo alto environment (thats why I bought the pa-220 btw)I don t have an account manager or a ce because I m not a company.More experienced users know how to do it? Regards,

alexwirz by L0 Member
  • 3023 Views
  • 1 replies
  • 0 Likes

Issue With DNS Suffix

Dear Team, The challenge was that we need to do commit with wildcard in dns suffix ie. *.xyz.com but it failed ( PAN OS 9.1.7).For workaround we have removed wildcard. You seen in other firewall with panos 9.1.5 its having dns suffix with wildcard. For resolving dns suffix issue with wildcard, After upgrading to panos from 9.1.5 to 9.1.7 why wi...

Packet capture hitting specific security policies?

I would really like the capability to setup packet captures for traffic that hits specific security rules. For example, we have rules that block outbound connections to Palo's dynamic IP list for known malicious IP addresses and would like packet captures taken when traffic hits that rule. I've not seen that capability and haven't seen a forum p...

Resolved! GlobalProtect Pre-Logon VPN WITHOUT using Machine Certificate for Authentication

Hi, I currently have my lab PA-220 where its configured for prelogon and then on demand for the VPN, and it works just fine with saving cookies for the authentication and authenticates at the windows login screen without any issues. Move to our production PA-220 and we cannot seem to get the pre-logon to connect, and I have mirrored the same set...

  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks