This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

SSL Inbound Decryption Failing

hello, we are setting up SSL Inspection for inbound traffic but it is failing when clients try to access, we are getting unsupported protocol errors. ssl labs shows the following issues around handshaking. with SSL Inspection off we do not see these errors can anyone advise what we can do to address this? we are running PAN OS 9.0 Thanks Ryan

RyanJohnstone1144_0-1612884336341.png
RyanJohnstone1144_1-1612884421679.png

Panorama<->Firewalls connectivity issue

Hi all, After I modify the route service and restore it to the state before the firewalls (2 HA firewalls + PA220 ) are no longer connected to the panorama. No changes are made on the network side between the two.Panorama : VM (VMware ESXi) version 8.1.17Firewall: 2 HA FW version 8.1.17 and PA220 8.0.17Changing the IP address of panorama in the...

ayoubAitkhouya_0-1612712485559.png

URL Filtering Issue Through GlobalProtect

We are facing a issue in URL Filtering while connecting Palo Alto PA-220 via Globalprotect. When I am using broadband connection to connect to my laptop to vpn then all the configured url filtering sites are getting blocked but when we connect it through mobile internet connection then only facebook and instagram is opening. While we can get tho...

KapilRoy by L0 Member
  • 3153 Views
  • 2 replies
  • 0 Likes

Static group, that has 2 dynamic groups as members, used in decryption policy?

I have a static group with 2 dynamic groups as its members, that is in turn used as the source object in a no-decrypt rule. I have discovered that this does not work; decrypt still happens. However If I use the dynamic groups directly as sources in the no-decrypt rule it works as expected. This same static group DOES work fine in the security po...

ccvega by L1 Bithead
  • 2198 Views
  • 1 replies
  • 0 Likes

External Certificate Renewal

I can't for the life of me figure out the process to renew a certificate issued from an external CA. We have a cert purchased from Thawte for our Global Protect gateway. It will expire shortly and Thawte wants a csr file for the renewal. Selecting renew in the Certificates tab only allows me to select how many days, which is not helpful. I h...

can we generate report for tunnel interface in ACC

We are using proxy solution for url filtering for which we have deployed ipsec tunnel with cloud proxy server.If we are filtering ACC report for interface and zone we are not able to get proper utilization report. Hence we are trying to export report for tunnel interface as we can see in pan chrome tunnel interface runtime bandwidth is 30 mb upl...

Deepak_K by L3 Networker
  • 2374 Views
  • 1 replies
  • 0 Likes

LIVEcommunity January Rewind

Hi everyone! We are excited to share our first LIVEcommunity monthly recap with all of you! There are a lot of exciting things happening around the community, so we put together this News article sharing everything that you might have missed during the month of January. Check it out here. As always, we are open to hearing your thoughts an...

agalindo by L4 Transporter
  • 3100 Views
  • 1 replies
  • 3 Likes

Resolved! Syslog Server Queries.

Hi, I would like to know the following queries,In log forwarding, there are 7 types of forwarding i.e traffic, URL, threat etc. can we know how much data will it consuming for an individual log type while forwarding the logs to Syslog server from CLI or GUI.what is the function of the facility and what is log_user means?

Force Authentication Policy (MFA) for known users (user-id agent)

Hi, I had configured Authentication policy for one of the environments and everything worked fine as expected. While replicating similar setup for a different environment, the Authentication policy was not working. After some troubleshooting, I observed that if the firewall has user to ip mapping generated via user-id agents (type UIA), it does ...

Palo Alto image for demonostation shown in the video

Hi team, I am looking for setting up the palo alto firewall as well panorama in VMware workstation as shown in below video. It seems to be pretty easy. Only thing I am looking for is palo alto image. How can I get the image ? I googled and got to know that it requires palo alto support portal access but I do not have access to portal. Is there a...

Vikashh by L2 Linker
  • 2001 Views
  • 1 replies
  • 0 Likes

Are used PA 'for-sale' posts permitted

Hello - does Palo Alto support resale of hardware that is not End-of-Life, and are posts on resale permitted in LIVEcommunity? I have been searching for pinned community rules and have not found anything related yet. I don't want to post/ask more related to this if it is not allowed. Thanks!

keklund by L1 Bithead
  • 1874 Views
  • 1 replies
  • 0 Likes

IP spoofing /source routing

Hi Friends, I have nt enabled Zone protection for our palo alto firewalls as its connected to trusted zones. I want to know the whether IP source routing is disabled in the PA NG Firewall (Pan OS &gt; 9.0) by default or not. Also steps to protect against IP Spoofing or IP source Routing related attacks. Thanks in advance. S

SDWN and PAT

Trying to setup a LTE link as a backup link for an SDWAN deployment. All of the LTE gateway devices do PAT as they get a single IP from the provider. Will this work. Don't think it will work in the hub but in the branches believe it will. Just want to make sure since there is no specific documentation around this or any configuration objects...

upgrading from PAN OS 9.0 to 10 without internet connection

I need to upgrade from PAN 9.0.4 to 10 but without an internet connection where i have to upload the images manually, what im not sure about is that i read i need to make sure i meet the minimum content release for the target version which makes the upgrade process very frustrating , am i supposed to upgrade content release for each version alon...

chuckles by L2 Linker
  • 5712 Views
  • 1 replies
  • 0 Likes

Palo Alto QOS - WRED drops

In Palo Alto firewall, we observed WRED drops on QOS (150Mbps) applied egress interface eth 1/11 – due to which DB sync/mirroring is randomly getting failed/dropped between DC &amp; DR. Please let me know for any configuration changes/workarounds to avoid this WRED drops.

preetpk by L2 Linker
  • 4554 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks