This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Testing "Security-Focused URL Categories"

Is there a way to test the "Security-Focused URL Categories" with some example of URLs that would match the category?I went looking for them in my log after setting them to Alert and found none. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/url-filtering/url-categories/url-risk-categories.html

BoDollis by L1 Bithead
  • 1999 Views
  • 1 replies
  • 0 Likes

GlobalProtect with Azure MFA - Double login (username+password)

Hi, we have a customer with GlobalProtect with MFA from MS Azure. The setup works fine but we are still unable to get rid of a "double login". Not the MFA with a SMS on phone but the regular username/password combo.Usually it goes like this: 1. Login with username/password. 2. Redirected to the same page. 3. Login with username/passowrd. 4. SMS ...

https://etm.ru website haven't open

Hi All, We have tried to access one Russia URL (https://etm.ru) from our INT-trust and VPN zone while the result is ERR_HTTP2_PROTOCOL_ERROR and have tried with different browser but result is same . We could access through VPN external US gateway ( In our global product we have multiple external gateways) but it wasn't work from rest of the ga...

Geo Blocking problem

Hi, I am using Palo Alto (PA) firewalls hosting Software Version: 8.1.17 in AWS and need to configure Geo-Blocking so that only GB (United Kingdom) requests are permitted and all other requests denied. The infrastructure setup is as follows:FQDN => Internet Load Balancer => Palo Alto => Internal Load Balancer => EC2 instance I have ...

security policy source 1.PNG
security policy source 2.PNG
PA_1.PNG

Deduplication issue and config document regarding aggregator and output

Hi Experts, I’m testing with Splunk but, I got a problem about deduplicate. I’ve been input different 1000 indicators of IPv4 after deduplicate, there is 750 indicators of IPv4. below one IP address has a different value but, after deduplicate, I can see only one indicator. My expectation is that don’t deduplicate or there is multi value for t...

그림1.png
image002.png
jilim by L1 Bithead
  • 3392 Views
  • 1 replies
  • 0 Likes

Interzone Static Routing

Hi all, I'll preface this as I'm the sole networking guy at my job and I'm still green. Apologies for any dumb questions, I've tried to read the manual for relevant info and used my google-fu to no avail. I'm using a PA-3020 on firmware 8.0.6. I've been asked to integrate a new Cisco ASA for a financial system that allows a tunnel between my sit...

error user in group mapping

Hello, After upgrading to 8.1.X > 9.0.X > 9.1.x. we found that some ldap users do not check per user policies, only for ip politicies. The firewall has no user-id configured, only tree server ldap. we check that the firewall recognizes the Ldap tree. Is there any issue of incompatibility with the version? Thanks.

BigPalo by L4 Transporter
  • 4746 Views
  • 6 replies
  • 0 Likes

Resolved! Error when creating PBF Policy - IP does not match subnet

I want to create a PBF Policy in order to route traffic from one zone/interface destined for the Internet to a transparent intercepting squid proxy in another zone/behind another interface. Using a destination nat policy seems to work, but some other problem occurs and I was advised to try a PBF. The PBF is defined as follows:Source:Type: Interf...

daubsi by L1 Bithead
  • 7903 Views
  • 4 replies
  • 0 Likes

Resolved! Device Certificates Intermediate Cert

Hello,On Device>Certificate Management>Certificates - I have a IntermediateCert, under the RootCert, that is expiring. I can easily renew it, (It's self signed), but I'm trying to understand what its being used for. I haven't found any information that easily explains it, (just basically how to install, renew, etc).How can I find out what ...

roma by L2 Linker
  • 3345 Views
  • 1 replies
  • 0 Likes

Configure a Managed Palo Alto device when panorama server is unreachable

Hi,I am planning to deploy Panorama server to manage 4 FW on main site and DR site with Panorama server installed on the main site in panorama mode. I wanted to know if we can access and configure the FWs in the event of a communication failure or virtualisation environment failure or maintenance. It is not clear in the documentation. Can anyone...

Resolved! HA2 link down

The 20G link for HA2 between the two PA-5220 firewalls (Active-Passive cluster) does not work correctly. It is a direct link using single-mode fiber and 10G-LR optics with a length of approximately 550 meters.After restarting any of the two firewalls, the HA2 link does not raise (in the Down state). We only managed to lift it after disconnecting...

BigPalo by L4 Transporter
  • 20479 Views
  • 7 replies
  • 0 Likes

Does MineMeld support multiple values for a condition in a prototype config?

I am trying to setup one prototype where it's condition will accept indicators with share levels of both green AND amber. I don't want to create a seperate prototype for every share level combination of color and confidence.. I would like to just say "if the confidence is >75 AND share level is either green or amber, then accept the indicat...

Outlook 2016 unable to open while on GlobalProtect

Anyone else experiencing issues with Outlook 2016 being unable to open while on GlobalProtect? We have sporadic windows 10 pc's with this problem and all windows 7 pc's have this issue. When we disable GlobalProtect and start Pulse Secure (our legacy VPN agent), Outlook opens right up and connects. We have a ticket open, but I'm guessing TAC ...

jmurphy by L2 Linker
  • 8145 Views
  • 5 replies
  • 0 Likes

Expedition 1.1.83 hangs during xml export

I'm trying to complete a cisco ASA to Palo Alto migration but Expedition seems to hang during the generation of the xml output. I've restarted jobs and task manger multiple times as well as updating Expedition and rebooting the vm itself. Below is the output from the "cat /tmp/error" command via cli.expedition@Expedition:~$ cat /tmp/errorNotice:...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks