This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

want to block IP address.

Dears,I have one internal working website. i want to allow the website by the URL and want to block by the IP address.Example:- website name - https://example.com ip address - 192.168.1.50If any user browse this website https:// example.com should be open and if the user browse this https://192.168.1.50 sho...

PowerBI Desktop Sign In fails with SSL Decryption

We are rolling out SSL Decryption for a group of test users and we run into an issue with PowerBI Desktop.When we try to login in PowerBI Desktop it fails and shows that it cannot setup a trusted SSL/TLS connection for the sign in. I am looking into my decryption logs, but I cannot find any issues with URL's that might have something to do with ...

Resolved! Traffic not matching policies configured with AD groups and users

Hello all, i have problem user based policy .in cli i can see that ip and group mapping is fine . When i configure the policy the users and groups appears in the drop down and so on, but didn't match the traffic .Can you give me some suggestions?Thank you in advance!

stef by L2 Linker
  • 3394 Views
  • 2 replies
  • 0 Likes

Load Versioned Configuration (locked)

Hello, community!I'm trying to export a configuration version from a 3020 and it's not creating new versions whenever I commit a config. Upon checking, I found the last config version says "(locked)" at the end of it. Currently no admins have config or commit locks in place and we have commited many times and no new versions have been created. T...

CMachado_0-1605902002039.png
CMachado by L2 Linker
  • 2475 Views
  • 1 replies
  • 0 Likes

Dynamic Updates Query

Hi Team, one of our Client had app and threat license earlier now the license has been expired.Both the devices is in HA.So one of the device has been Rma Now i have configured but i have getting error of Antivirus mismatch because threat license has been expired so how i can rectify the issue of antivirus mismatch

Demisto Mail Sender Integration

Hello,I am using Demisto community edition and i want to integrate it with "SMTP" in order to be able to send e-mails, but i couldn't and encountred the following error message. "(-1, 'E Fatal error: tls_start_servertls() failed') (85)" So I am asking for help, and thanks very much in advance.Cordialy.

mail error.png
ilyes23i by L0 Member
  • 2181 Views
  • 1 replies
  • 0 Likes

Multi-vsys for 3250

A Virtual Systems license is required to support multiple virtual systems on PA-3200 Series firewalls, and to create more than the base number of virtual systems supported on a platform.PA-3250 support bellow things-Base virtual systems1Max virtual systems*6 Base virtual systems1:- Does it mean it only support vsys1 or we can create one more vsy...

Flood log triggered by DoS Protection could not be sent to syslog server

Problem description :Flood log triggered by DoS Protection could not be sent to syslog server.paloalto deploy: v-wire modePANOS : v4.1.8Settings in paloalto :1. Device -> Server Profiles -> Syslog -> Add a syslog server with port 514 and LOG_USER facility.2. Objects -> Log Forwarding -> Add a syslog forwarding profile, all severit...

AWS IPSec VPN Issue while migrating from PA-5020(HA-8.1.15-h3) to PA-5220(HA-8.1.15-h3) Firewalls

Hello Everyone,I have an issue while migrating from PA-5020(HA - 8.1.15-h3) to PA-5220( HA - 8.1.15-h3) Firewalls. 1) did .xml running config file export from 5020 and import into the 5220, but got an error message while commit. Involved PA TAC engineer and SE, could not be able to resolve this issue, just they said its a panos bug, upgrade hi...

Tthapa by L1 Bithead
  • 4335 Views
  • 5 replies
  • 0 Likes

How to replace PA-5020 with PA-5220 with minimum downtime?

I am in the process of replacing PA-5020 HA A/P pair with PA-5220 HA A/P pair. At some point, we will remove 5020 and introduce a 5220 and this needs ARP refresh on all interfaces. is there a script/process I can use to ensure the ARPs are refreshed as soon as the new firewall is connected?Thanks.

TLS 1.3 Encrypted SNI No-Decrypt URL Categories

In non decrypted tls 1.3 traffic, how is the firewall in 10.0 seeing the URL that a user requests and how is it enforcing that category? I've read that tls1.3 encrypts the SNI field, which from my understanding, is the primary way the palo firewalls read and implement URL categories on non-decrypted traffic. If we don't decrypt on certain tr...

Sec101 by L4 Transporter
  • 9758 Views
  • 2 replies
  • 0 Likes

Panorama VM running on ESXi 6.7?

Dear community, I had a Panorama VM running Pan-OS 8.1 without any issue on top of VMware ESXi 6.7, after upgrading to 9.0.4 the host is rebooting the VM from time to time with the following error log:"..........reset by vSphere HA. Reason: VMware Tools heartbeat failure. A screenshot is saved at......" The screen-shot taken when the VM crashes ...

Carracido by L4 Transporter
  • 4473 Views
  • 2 replies
  • 0 Likes

Overriding existing User-ID mappings with Captive Portal to elevate privileges

Override the learned credentials through User-ID agent or captive portal for troubleshooting or additional access without involvement of a firewall administrator. (Without clearing from CLI). For example, IT admin is at users place and need to override current internet privileges to access Youtube for troubleshooting an issue. This can be achie...

How to migrate logs from M-100 to another M-100 in mixed mode by moving the logging disks

the customer have an M-100 do RMANow they need to replace the hard disk with the new M-100.I refer to this articleHow to migrate logs from M-100 to another M-100 in mixed mode by moving the logging disks.nine thousand three hundred and sevenCreated On 09/27/19 23:00 PM - Last Updated 05/19/20 20:46 PM I have some questions.Question 1: I don't k...

Felixcao by L3 Networker
  • 2212 Views
  • 1 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks