This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Clientless VPN

Hi Team, Iam facing the issue with clientless VPN when I open the application and checked the some tab in application they are not loading. when i take the packet capture i found lot of error" Ignore Unknown records". TAB are not Loaded.

Joshan_Lakhani_0-1604516773282.png

Resolved! Config push from Template stack failing for one HA pair, without any error message

We recently added a new firewall to Panorama (Pan OS 9.1.4) and included it in the existing Template stack. The deployment went fine.However, the config push to this template stack is failing without any error. If we click "Commit All", we don't see any error message. It just get stuck at this screen: Validation also fails without giving any inf...

AmitSailWish_1-1604468434067.png
AmitSailWish_2-1604468510986.png

KnowBe4 Phishing Training and WildFire testing

My company uses KnowBe4 for email phishing training. During our current campaign we discovered that test emails were getting opened and attachments or hyperlinks were triggered identifying a test failure. This happened when the user could not have opened the email as they were not at work, nor did they have remote access. Upon further inspect...

Resolved! panorama HA sync

The physical firewalls was relocated and renamed from FWDAN-BYTWAN01/02 to FWSCO-BYTWAN01/02 with new mgmt. ips.Then we removed and added the firewalls back to one of the Panorama (vaemp-pan01) which was active that time. But the other panorama (vaalb-pan01) is still showing old names and discounted. Do we have to manually add the Firewalls agai...

MineMeld and Prisma Access API

Hello everybody, has anyone ever worked with MineMeld and the API to Prisma Access. There is this PrismaAccess (https://github.com/PaloAltoNetworks/minemeld-prisma-access) API extension for MineMeld (I know it is only experimental) but I would like to test it anyway. I have created the miner, processor and output. But where and how do I put th...

jschwier by L1 Bithead
  • 2818 Views
  • 1 replies
  • 0 Likes

Issue with PBF Symmetric Return

We are running PanOS-10.0.2 on our PA-220 and we are having an issue with a PBF rule which seems to be denied even though it should match the traffic. The setup:2 WAN interfaces:Primary = PPPoE interface on ETH 1/5. Route is added to router when PPPoE is online with metric 10Secondary = "Normal" interface on ae1.100. Static route is in router wi...

2020-11-02 15_06_01-Window.png

Need to Allow Video-Streaming from Specific Website

Hello Dears, Requirement:- I want to allow only some educational videos (educational videos belong from training and tools URL category) for my environment.Below i have tried:-I have checked all the streaming videos played on YouTube or any the streaming media category.When we allow traffic for training and tools as well as streaming media categ...

HA cluster

Hello, Can you form a HA cluster with a PA-3020 and PA-3060? Or do models have to be identical?

qoduxobi by L0 Member
  • 2034 Views
  • 1 replies
  • 0 Likes

Resolved! About APP-ID icmp and ping.

Hi guys.I have question about APP-ID that ICMP and PING. I found that some document said "ICMP is all of icmp procol and PING is only ICMP type 0 and 7 is echo request and reply".When we have white list security policy, For open a PING application, Shoud we open ICMP and PING also? I think they has got app-dependency so ICMP must be opend and al...

ttongfly by L3 Networker
  • 9826 Views
  • 4 replies
  • 1 Likes

Adding L3 to vWire PAN

I currently have a PAN 3220 sitting in serial behind a Cisco ASA. The PAN's doing the higher level inspection, geo, correlation warnings, content filtering. I had written earlier on the forum about wanting to implement layer 3 on new interfaces and it sounds possible. I've added interfaces inside and out and marked them as layer 3 and added them...

palomed by L3 Networker
  • 2907 Views
  • 2 replies
  • 0 Likes

Resolved! Certificate ca status from the CLI

I have successfully loaded my device certificate and a CA certificate from the CLI - took some seraching for format of the certificate strings, but they're in there now. One problem. In a firewall I have previously set up I show (in set format) the certificate stanza:set shared certificate wanroot subject-hash ffffffffset shared certificate wanr...

Palo Alto OSPF routing./wild card mask configuration.

Folks,For OSPF configuration on the Cisco router, we normally define a wild card mask. e.g. network 1.1.1.0 0.0.0.255 area 0.What this configuration tells the Cisco router is to form OSPF neighbor with all IP address that being with 1.1.1.x IP address. Do we have any option of configuring such a wild card mark on the Palo Alto firewall? Or on t...

nson2139 by L3 Networker
  • 2707 Views
  • 1 replies
  • 0 Likes

Trouble with multiple IPsec VPN Tunnel

Hi all,I'm a fresh man to paloalto devices and I'm facing a problem.Site A has a subnet 192.168.100.0/24. Site B has 192.168.40.0/21. Both sites use PA820.Site A has a IPsec tunnel to Site B. This tunnel is running good.Now we have a new Site C, 192.168.52.0/24, using a non-paloalto firewall. I can set up a tunnel between B and C , C can access ...

mercurr by L1 Bithead
  • 6068 Views
  • 6 replies
  • 0 Likes

want to create two region in same country.

Hi, I am facing an issue regarding the region configuration. I want to create two custom regions. I have tried, in the name, I added India and checked geolocation and added the coordinates of a city. This scenario is working. When we keep the city name (for e.g. Mumbai) and added the coordinates of the city it is not working. And we cannot keep ...

File Blocking feature not working with owncloud-uploading application hosted on NGINX web server

Hello everybody, the thread subject is pretty self explanatory. I'm playing with the file-blocking feature and doing some testing. What I've found in my lab environment, using both PAN-OS 10.0.1 and PAN-OS 9.0.9 and both VM-Series an PA-820 appliance, is that file blocking is not always working with application owncloud-uploading. I have a fil...

grenzi by L3 Networker
  • 4469 Views
  • 2 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks