This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4125 Views
  • 0 replies
  • 0 Likes

Bad Gateway error

Hello All, I installed minemeld on aws instance, when I am trying to logging getting "Error checking credential: bad gateway". I checked Minemeld services and getting error as : minemeld-engine FATAL Exited too quickly (process log may have details)minemeld-supervisord-listener RUNNING pid 1921, uptime 0:08:47minemeld-t...

sam2016 by L0 Member
  • 22869 Views
  • 9 replies
  • 0 Likes

Tons of "Generic:<URL> hits in threat logs for DNS Query hits

Hi Guys, I am seeing a ton of "generic:&lt;random-url&gt;" hits in my threat logs under the spyware category for DNS queries from my email spam filter server out to the world. I have DNS security set up on the Palo so they are being sinkholed, but there are a ton of them, and several dozen different URL's. The spam filter uses a proprietary sof...

dromanelli_0-1611763278220.png

Resolved! VPN from Palo to Cloud – Physical Interface or Loopback?

Just wondering what is best practice for this?We have a /29 on our outside interface. We are using the IP assigned for client NAT translation.Over the coming months we’ll be configuring several VPNs to the same cloud provider. Should these terminate via a loopback or just on the physical interface and we should add an address to the physical int...

Resolved! Open-vpn client for Globalprotect

I have a consultant who is asking if the Global Protect VPN would connect with an OpenVPN-based client? I suspect he is working from a Linux PC.does Palo support it?

Best Practices for acquisition

Hi Guys, Our company has recently made several acquisitions. All of them have non-palo alto firewalls. We will be migrating each of non-palo firewalls to our palos.Now, for migrating the rules, we are using expedition. But, some of them have overlapping IP addressing. We are planning to resolve that problem with NAT.But wanted to ask here: Is th...

PaloAlto and DNS

I have PAN running version 8.1.17 and it is configured with two DNS servers on the management interface, you know the usual, nothing special. I have security and NAT rule on the PAN firewall the uses FQDN. Is there a way to detect when the PAN fails to query the DNS server? Is there anything in the system log that will tell me the PAN can NOT...

dtran by L4 Transporter
  • 5362 Views
  • 5 replies
  • 0 Likes

Resolved! Mass creating local-db users from CLI

Hi Community,We wish to add a batch of users to the local database, I'm just wondering if anyone has had experience with scripting this or doing this in batch. With the command "set shared local-user-database user testuser" it requires separate user input to add the password so this is out of the question. I thought the command "set shared local...

Panorama via S2S VPN

Hi everyone, We have our PA Firewalls in different countries all around the globe.Lets call them Country1, Country2. Country3 and so on.All locations are connected to each other via S2S VPN.We have Panorama in location Country1. And it manages firewalls in all countries over the S2S VPN.At all sites, we do have local admin accounts.Now, my conce...

Active/Passive HA direct link between firewalls

Hi All, I use PA-220's in HA pairs often, and I've always used a straight-through cable to connect port 7 and 8 from FW1 to port 7 and 8 on FW2. I've never had ANY issues with this configuration. I just learned that PAN says to use a crossover cable when connecting the firewalls directly to one another like I have been doing all this time with ...

not able to access certain web sites from host behind PAN firewalls

I am trying to access http://www.brokercheck.com from behind the PAN firewall via dynamic NAT without any success. I have other customers behind different PAN firewalls, regardless of PAN OS version, with the same issue access website http://www.brokercheck.com. The FW rule is wide open "any any accept log" It works for customers NOT behind PAN...

dtran by L4 Transporter
  • 7482 Views
  • 4 replies
  • 0 Likes

Best Placement Integration Approach

Hi Guys,Just want to seek your inputs about what can be the best integration approach for this scenario.Currently, the VLAN gateway is in my core switch and I will be introducing PA FW into my network. I want to have control and visibility for my intervlan switching, will the virtual-wire approach be the best for this scenario? I am a bit not co...

Nikko by L1 Bithead
  • 2432 Views
  • 2 replies
  • 0 Likes

Best way to apply log Forwarding setting to multiple security policies in Panorama

I recently migrated a few HA pairs into Panorama in my environment. Historically, our security policies were configured to only send traffic logs from deny rules to our syslog. Any allows were only logged on the local firewall (due to costs of Splunk ingesting logs). It was simple to also send those to Panorama. However, I also want to now send ...

Daryl_B by L0 Member
  • 4115 Views
  • 2 replies
  • 0 Likes

The data length of the http2 message exceeds 65526 and later will be discarded

We then pass the data through http 2.0 in plaintext, the data length of http2 messages exceeding 65526 will be partially discarded, resulting in incomplete data and affecting normal operations.Currently, the solution is to turn off the HTTP 2.0 checks, not to do checks on HTTP 2.0, and the business is back to normal.May I ask if anyone has encou...

jianghxa by L1 Bithead
  • 2227 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks