This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Self-Signed Certificate expiry warning

Our GlobalProtect VPN was using a self-signed certificate which got expired caused end users not being able to connect to the VPN.This raises the question that what are the ways to get alerted for these sort of incidents. Is there any in-build mechanism on the firewall or the Panorama that we could use to get notified of the Certificate Expiry i...

PaloAlto FW RDP Across multiple AD domains

I'm part of a cloud team that does not manage the FW but am not getting clear answers from them.My operations counterparts have the following issue: Support person logs into IP address x.x.x.x into production domain. As part of their function, they must RDP into servers on prod/dev/pat/sit domains. Each domain with a separate ID once the rdp cli...

Resolved! Panorama Template/Template-Stack Variables Override

Is it best practice to override template variable settings at the template-stack or at the device level? It looks like template stack would be sufficient unless you have multiple firewalls and only a select number with different settings.

Firewall Palo can advertise aggregate route...

Hello, In our lab, we made a set up about peering BGP between Palo and a third part device.According to this kb from Palo : "The Palo Alto Networks firewall does not advertise an aggregated route to its peer when it receives a prefix falling within the aggregated route range from the same peer" but in our case it's workingDoes it mean the KB is ...

Palo Dual Action on Same Malicious Domain

We have found in the logs, Malicious DNS queries are being blocked but few of them are in Alert State. however the Domain is marked as a malicious in DNS signature at Threat Vault.Can you please elaborate why paloalto having dual action on same malicious domain.

Joshan_Lakhani_0-1610996825658.png

Replacing a zyxel home router - IGMP proxy for IPTV problems

Hi, I am trying to replace my ISP-provided Zyxel home router with a PA-200. I'm also subscribing to IPTV from the same ISP, with a Thomson DBI-8500E-TLN2 IPTV PVR.The zyxel - while branded, appears to run standard zyxel firmware - the config doesn't contain anything related to IPTV, but it has an "IGMP Proxy enabled" setting. Is there a way ...

hklygre by L1 Bithead
  • 6238 Views
  • 4 replies
  • 0 Likes

Locked out after adding Allowed IP Addresses to Management interface

I did not see any good information on how to fix this issue. I accidently entered the wrong subnet under Device > Interfaces > Interface > Allowed IP Addresses and was locked out of my primary firewall. I could still login to the backup as this was not a shared setting. I opened a support case and they did not offer a good solution to f...

Resolved! Layer 3 Subinterfaces VM-Series Firewalls VLAN 4095

When it comes to vm series firewalls, Layer 3 subinterfaces, trunks and port groups, are there any downsides/catches/cautions to setting the ESXI port group to use vlan 4095 (trunk), and then simply utilize layer 3 subinterfaces on the vmseries firewalls with 1 NIC? Article noted below, using just like a normal trunk if I understand correctly? ...

Sec101 by L4 Transporter
  • 5550 Views
  • 2 replies
  • 0 Likes

PA-220 lab licensing

Hi, I'm looking to purchase a PA-220 lab unit (lab license) for home. Basically, using it for labbing with my personal internet/internal traffic. Are there limitations with that device/license, such as bandwidth limits

ce1028 by L4 Transporter
  • 12338 Views
  • 3 replies
  • 0 Likes

Resolved! Global Protect DHCP Pool utilisation

Hiho, I´d like to know how to see how much ipv4 adresses of the pool are in use or free so I need to know when to enlarge the pool.That dhcp redirect doesn´t work I unfortunately recognized while searching the forum regarding dhcp and gp.We are using always the prefered version of the 9er release. I wasn´t able to find relevant information withi...

Read-Only Superuser by Security Zone

Hello, I hope everyone is staying healthy. I work at a company that provides ISP services to public schools, each school district is divided in to separate security zones on our Palo and I am trying to see if a read-only user can be created that is able to only look at security and NAT rules for their assigned zone. I've been fiddling around in...

Resolved! IPSec VPN restarts very often

Hallo,I have defined a IPSec VPN connection with following params:ike: 3des/sha1/dh5 Lifetime: 8 hoursipsec: ESP/3des/sha1/dh5 Lifetime: 30 minutes (life size not set, shows 0MB)ike gateway: main mode, DP enabledThe connection is established but in system log I see very often (every 5 sec.) tunnel is again and again down and up. We have packet l...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks