This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

Resolved! Recommended Software release

Hi PAN Community! I'm just wondering if there's a dedicated page/link I can refer to if I want to confirm if a certain release is recommended or not. I don't want to raise a TAC case everytime. Thanks!

Rules check by logs with expedition

Hello, For one of our client , using PA 850 in cluster, They have 8 zones for voip , printer , camera etc And all the security policies are wide open. Now we want to restrict the policy by looking at logs from each zone towars other. Can we export logs from panorama to expedition to see or analyse it ? Or what is best approach to do reverse eng...

Microsoft IP ranges and FQDN-s in outgoing rules

Hi all,must be someone had similar thoughts too,we have a customer who'd like to secure outgoing traffic, by specifying not only applications, but also restrict destination FQDN-s and/or IP ranges.Issue with Microsoft is that their FQDN-s, and moreover IP public ranges, change monthly.I was just wandering if there is a smart way to address this ...

Goran_A by L0 Member
  • 3856 Views
  • 1 replies
  • 0 Likes

Palo DHCP Server

I have been having issues with DHCP server reservations on the panOS 10.x I make reservations and I have found some devices i made reservations for get other IP addresses at times and botches my policies. Anyone else have this issue?

Using the Log Forwarding Built-In Actions to create Dynamic Address Group to Slow down Attackers.

Howdy Group There is configuration area within the Log Fowarding Profile that is powerful to slow down the baddies.I am not sure how many people are using it. The premise is1) I am using an EDL from Spamhaus to dynamically deny access to the public IPs of my NAT'd network.2) I have a rule that denies Foreign Countries (US based FW) from attempti...

builtin.png
dag.png

Resolved! HIP profile for external Partners

Hello ;We have to setup HIP profile check for Corp users and external partners Currently we have a common Loopback Interface having a Private IP and we have a tunnel interafce Both loopback and Tunnel are part of same zone called GP This is same Cluster on which Portal and gateway are running In order to assign separate HIP Profiles to Corp us...

session disconnect during A-P failover

Hi, Can anyone suggest, if we failover from Active to Passive unit on PA firewall. will this maintains the established sessions by default. Or we have to additionally enable some other setting to make this enable (should maintain session during cluster failover). Additionally, one more observation while we did recent failover....We have 09 IPSe...

Jimmy20 by L2 Linker
  • 4304 Views
  • 2 replies
  • 0 Likes

LSVPN - Contingency

Hi guys, I have one snario that have some satellites connecting each with Global Protect Portal (Large Scale VPN) and I need implement contingency. I was trying to create other portal, other gateway , PBF in the satellites to control default route, and other tunnel ipsec (global satellite), but the problem is: when I change the default route ...

Password protected internal site

Hi everyone, I'm trying to migrate a rule of an ancient firewall (Microsoft ISA server) that was "publishing" an internal resource using regular HTTP - just a web page - but protected by an RSA SecurID login page. The ISA / RSA implementation was just enforcing a login page before showing up the published Web site: External User (Internet) ---&...

Rievax by L2 Linker
  • 3575 Views
  • 4 replies
  • 0 Likes

PAN CLI: Verifying Service Object Existence and Adding New Service Objects

I am starting to do more work via the CLI such as security rules. How can I check if a service object already exists using the CLI? And if it does not exist how do I add the service object to I can use it in my security rule? If I try to add a service object and the name already exists will the PAN warn me and not all that to be input?What if th...

palomed by L3 Networker
  • 11741 Views
  • 2 replies
  • 0 Likes

Resolved! Only 0.0.0.0/32 Obtained from MindMeld Query

I have been using MeldMeld for several months in a lab environment with great success. Recently I setup a new server for our production firewalls but I have encountered a problem that I have not been able to solve. I can query MindMeld using a regular web browser with no problems and obtain expected ranges of IP's by using the following URL form...

jnye by L1 Bithead
  • 12354 Views
  • 6 replies
  • 0 Likes

Resolved! Multiple Portals for Global protect -Configuration check-Inputs needed

Hello ; For one our Customer running PA 3200 Series in HA having GP License ( HIP checks) Currently the GP Portal and Gateway have common Interface . The GP URL is vpn.connection.it ( sample name) The requirement is that Internal Users use the URL : internal.vpn.connection.itExternal Users(Partners) use the URL : external.vpn.connection.it ...

Resolved! Microsoft CERTSRV

Why does this have to be so difficult? I want to create a cert on the palo. Device > Certificate Management > Certificates > GenerateHighlight Generated Certificate > Export Certificate > Open with NotepadCopy contentsGo to my Microsoft CERTSRV > Request a CertificateHere is where it starts to get a little fuzzy.....User Cert...

Resolved! test security-policy-match command giving me odd output?

I was trying to work out which security policy applied to traffic through my Palo Alto from 10.77.22.10 (in the trust zone) to 10.99.0.1Firstly, I wanted to confirm what zone 10.99.0.1 was in using this page : https://alwaysnetworks.co.uk/identifying-which-zone-a-subnet-is-in-on-a-palo-alto-firewall-script/ administrator@CAMPA01(active)> tes...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks