This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4126 Views
  • 0 replies
  • 0 Likes

Need a way to move big number of selected policies to the desired location

Dears,As a cleanup to our policies in the firewall, I added a tag "Zero hit" to the policies that never trigger a hit. I have a huge number and I would like to move them all to the bottom.I tried to find a way to move them to the location I want and found it not available.My question:1- Is there a way to (not manually) select a big number of pol...

Resolved! Service Route Source interface not show with VM-300 on AWS

Hello, There is no interface show when i try to change the source interface for specific service (as show as in image).The VM-300 box is on AWS, and both Internal and External interface are set to use DHCP, Layer 3 routing. Anyone has idea how to correct it?Thank you.

Screen Shot 2020-11-16 at 9.45.53 AM.png
Screen Shot 2020-11-16 at 9.46.22 AM.png

Request a Signature for CVE be Mitigated

Is there a proper way to request a CVE be mitigated by the Palo firewall and added to the Threat Vault? I have read the conditions for a signature being added, but it doesn't tell you where to request one. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAOnCAO If it matters, I'm trying to mitigate Oracle WebLogic Ser...

RMaine by L0 Member
  • 3463 Views
  • 3 replies
  • 1 Likes

Error in CEF format for Threat logs

The following guide provides the parsing for CEF-style Log Formats for PAN-OS 9.1:https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cef/pan-os-91-cef-configuration-guide.pdf We have been using this for a while, but because now we have a 2nd source of logs (PRISMA) aside from Panorama, we just found out the parsing suggested for "T...

MarcelST by L3 Networker
  • 4134 Views
  • 1 replies
  • 0 Likes

List all deny rules from cli

I have to list all deny rules (from cli)The following command "show running security-policy | match index " list all security rules by nameFor example:"AllowBrach1IN; index: 1" {....etcWhat I want is:- deny INBOUND traffic rules only but regarding entire subnets (those having CIDR as their destination ...like 192.168.1.0/24..etc)Is there any way...

jls3j999 by L1 Bithead
  • 9344 Views
  • 14 replies
  • 0 Likes

Resolved! PaloAlto 5260 upgrade

Hi, I am upgrading so PA firewalls from 8.1.7 and 8.1.9 to 8.1.13, normally I wouldnt ask these questions but since these firewalls are extremely critical I need to be extra cautious. been looking at the upgrade Matrix and couldnt see a clear answer but based on my experience I believe its a straight upgrade to 8.1.13 without any path, is that c...

qasim02 by L2 Linker
  • 4616 Views
  • 4 replies
  • 0 Likes

User group Mapping

Wndows logon user name is ABC\xyz, and the user id fetched from AD group is ABC.local\xyz, and because of that the traffic is not hitting the configured rule. Any workaround to fix this?

zamiedu by L0 Member
  • 2761 Views
  • 3 replies
  • 0 Likes

getting DDNS working with DYN.COM service

I have to deploy some PAN firewalls at locations where ISPs only support DHCP. This seems to be increasing in some countries. I subscribed to DYN.COM but I am stuck on the certificate profile. I need the DYN.COM public cert and CA for dnsalias.com domain, but am not successful in getting it. I have a support case open with DYN, but taking a long...

namijo by L0 Member
  • 3203 Views
  • 2 replies
  • 0 Likes

Resolved! How to reach the Palo Alto management interface form my internal network

Hi,I'm fairly new to Palo Alto firewalls and just set up a home lab, but I have a problem accessing the management interface from my local network. I have 4 network devices in my network: - Modem/Router- Palo Alto PA-500 (PAN-OS 7.1)- Cisco 2960 switch- Cisco 1602 AP I'll try to explain how everything is connected, but I also added a picture of ...

Topology.jpg

Resolved! Root cause of Syslog alert message

Hello, On 14th November at 4:53PM AEDT, we were receiving the following syslog message:"Request made to PublicCloud server returned with HTTP response code : 502"We kept on receiving this message every 5 minutes approximately till 21:46 on the same day. No change was made at our end, we were still able to browse the Internet, Licenses are valid,...

System Log.jpg

Blocking external Skype client authentication

Hello, We are looking to block our skype clients from authenticating to our on prem servers. We nee the ability to have external parties join our web skype conferences. Anyone know what ports to block to prevent the Skype client from authenticating? I've been looking and looks like my client connects over 443/ssl but that needs to stay open for ...

User-ID mapping limitation using RDP

Dear community, We have a desired scenario where user_1 connects from machine_1 to machine_2 using rdp and login with user_2.We´d like that the mapping of machine_1 associates with user_1 and machine_2 associates with user_2. We are aware of the limitiation of User-ID in this scenario:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?i...

Carracido by L4 Transporter
  • 2719 Views
  • 1 replies
  • 0 Likes

Is Azure A Safe Place To Secure Data On Cloud?

I am planning to take Azure certification from one of the renowned training institute in Bangalore. I was reading some facts about Azure i.e Azure is a service provided by Microsoft which was initially known as Windows Azure. The function of Azure is basically internet-based computing or popularly known as cloud computing which helps in sharing ...

Resolved! A question about PA-3020

Hello, I've got a PA-3020, but I don't have license. What do I lose without the product license? Only support? I would like to know.

AKAMAI API for IP Addresses.

Hello All, I have a customer that requested the information below: "We have recently discovered that apple is moving to Akamai for services like App store and IOS updates. Would you happen to know if Akamai has an API for the ip addresses so we can set this up in MindMeld since they are dynamic". Please can anyone advise so I can relay th...

sodhegba by L2 Linker
  • 4069 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks