This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4444 Views
  • 0 replies
  • 0 Likes

Resolved! Study tip for PCNSA.

Hello everyone, I spent a year working directly with Palo Alto firewall and I would like to get some certifications, but all video content I find is purely in English and I still don't have a command of the language. Did they have any text material tips to aid in the study? Any tips to add would also help a lot. Thanks!

Amaro123 by L2 Linker
  • 4712 Views
  • 2 replies
  • 1 Likes

Resolved! Policy Based Forwarding

Hi All, I have a guest wifi vlan 10.25.x.x that needs to be routed out to a second ISP. AP-->WLC--Palo Alto FW-->MPLS/VPLS-Router-->L3Switch-->ISP The vlan will each have a sub-interface and gateway 10.25.x.1 assigned on firewall in its own guest zone and virtual router. The virtual router will have a default gateway 0.0.0.0 to a ...

MistryJa by L1 Bithead
  • 3773 Views
  • 2 replies
  • 0 Likes

OKTA SAML panorama authentication?

Trying to get this working and I am able to authenticate using OKTA SAML via the button on the login screen but when I do (after entering u/p on the OKTA page) it redirects me back to the Panorama login page. I see PAN_AUTH_SCUESS SAML on the CLI but never an 'auth-sucess' in the GUI (Monitor > Logs ? System) because it never actually logs ...

drewdown by L4 Transporter
  • 6519 Views
  • 5 replies
  • 0 Likes

Resolved! 1:1 destination nat mapping

Hi everybody, does anybody know if it is possible to write a single destination NAT policy in order to map ip addresses from a given range/network to a corresponding range/network of the same size preserving the host portion of the address? I try to explain with an example. I would like to translate packets destined to 192.168.10.0/24 with add...

grenzi by L3 Networker
  • 6314 Views
  • 3 replies
  • 0 Likes

Custom Snort Signature

creating a custom snort signature on Palo alto Firewall but didn’t found the concern context operator for match pattern.Shall we create a context operator or how it can add the pattern if the context operator is not available? For example:alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"[CIS] Emotet C2 Traffic Using Form Data to Send Passwo...

Snort.jpg

Resolved! Global Protect Split Tunnelling

We are enabling split tunnelling for O365 traffic. I have added a object for a known website so I can test this. I can see the IPs in the PANGPS logs so the configuration is pushed to the client. I have also enabled the Split Tunnelling in the APP for Network and DNS. When I am connected to Global Protect and visit the test website it is incredi...

a.jones by L3 Networker
  • 3595 Views
  • 2 replies
  • 0 Likes

TS Agent - System Source Port Allocation Range Registry Key

Hey, the following text you can find on this page:The System Source Port Allocation Range and System Reserved Source Ports fields specify the range of ports that will be allocated to non-user sessions. Make sure the values specified in these fields do not overlap with the ports you designate for user traffic. These values can only be changed by ...

J.Schoen by L0 Member
  • 7943 Views
  • 3 replies
  • 0 Likes

Unable to export ACC last-60-seconds stats

Hi,I'm looking for a way to export regular per-IP bandwidth usage stats in a human-readable format. I have found out that it's possible to get this in .xml via REST API. I'm trying to create a top-src-summary for the period of last-60-seconds. This however generates a blank report (see the first screenshot). There is no issue, if I generate a re...

Capture1.PNG
Capture2.PNG
DuzyGl by L0 Member
  • 2780 Views
  • 3 replies
  • 0 Likes

Resolved! Global Protect Always On and stopping local network access in event of failure

Hi All, Is it possible to stop a device from connecting to the local network if the Global Protect Gateway fails? I have a question from a customer that has an Always On Pre-Logon environment and wants to ensure the connection defaults to a fail-closed mode with no access to the local netwok - although it must allow for initial connections to ne...

a.jones by L3 Networker
  • 3074 Views
  • 2 replies
  • 0 Likes

SWIFT ISAC TAXII Feed

Hi guys I’m’ just curious – SWIFT has offered recently for all members TAXII interface to poll IOCs via https://taxii.swift.com/taxii Feed is not open for everybody – each member must request access to it individually, so it’s not easy to test it. Has anybody already tried it? My simple attempt to use “minemeld.ft.taxii.TaxiiClient” class t...

Resolved! Can Panorama managed devices be configured via the CLI?

Hey folks. I'm adding a Panorama server into my infrastructure to enable zero touch SDWAN provisioning, and since I've never done Panorama before, I've got a question. Can panorama managed devices be configured via the CLI? The reason I ask this is that I do a fair bit of work with AWS and VPC's - and configuring a new VPC into AWS is mostly don...

darren_g by L4 Transporter
  • 7561 Views
  • 4 replies
  • 0 Likes

GlobalProtect IOS split tunnel routing incorrect traffic

PanOS 9.1.4, GP client 5.2.7-6. We have a split tunnel configuration with only 2 internal /32 addresses added to the access route include list. We regularly see traffic from GP clients destined for Internet IP addresses hit the Palo over the client tunnel. This is from several IOS clients - we don't have any other client O/S'es to test with. Is ...

Andy123B by L0 Member
  • 3565 Views
  • 1 replies
  • 0 Likes

Searching for rule with empty "description" field in the ruleset

Dear community I am looking for a way to filter all rules without any value in the description field. We use this filed to reference the incident number which has been raised to request a security rule. And by policy we are not allowed to have any rules in our set where there is not reference in the description field. So i have tried to use the...

TiborNad by L1 Bithead
  • 5989 Views
  • 4 replies
  • 0 Likes
  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks