This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4145 Views
  • 0 replies
  • 0 Likes

Auto commit failed after upgrade to 8.1.0

We upgraded the passive firewall on our Active/Passive HA firewalls from 8.0.19 to 8.1.0.After installing the 8.1.0 image, firewall rebooted. After that, ethernet interfaces as well as HA ports didn't go UP. We also got an error, that the auto-commit failed."Error: Max. user groups used in policy 1067 exceeds capacity (1000)"Questions:1. Ports d...

Resolved! export "application seen" to csv/pdf ?

Hi folks,following situation: one of my customers has a rule that allows any traffic from trust to untrust.the rule detects over 400 application with more than 2 terrabytes of data in the last 30 days.is the any kind of way to export the "seen apps" to a csv or pdf list or anything else? we need such a list to sort out unwanted apps and sort the...

Resolved! Authorized pishing scenarios, issues with Pan DB Url filtering

In my company we are generating authorized pishing test scenarios to test users who compromise their assets when interacting with pishing links in their emails, for this we want to collect information and statistics on who opened the email, clicked on the link and / or entered personal information. To then generate awareness campaigns.The tool u...

Custom Response Page

Hi All, Hoping someone can help. I need a custom response page for URL Filtering. I know I need to use Javascript but that is not my forte so hoping can provide the inform for me. I need to produce two distinct page responses depending on the IP address the user comes from ie:If they come from address range 10.0.0.0/8 a URL response page produce...

a.jones by L3 Networker
  • 8631 Views
  • 8 replies
  • 0 Likes

Nest Thermostat

Anyone running a Nest Thermostat behind a Palo Alto Networks firewall? I am seeing an inability to connect to the nest site. Logs show a repating SSL on 443 with session end reason: tcp-rst-from-client Any thoughts would be appreciated. Bob

BobW by L1 Bithead
  • 9886 Views
  • 9 replies
  • 0 Likes

HIP Profile serial number filter issue

I have upgrade my firewall from 9.0.9 h1 to 9.1.4 when i generate the report for the HIP profile or use the filter base on serial number iam facing this issue please suggest i there any bug in 9.1.4 Even clicking on serial number in HIP Match logs to filter search results fails as below

Joshan_Lakhani_1-1597998626771.jpeg
Joshan_Lakhani_0-1597998604250.jpeg

Can someone exsplaine to me like I'm 5 what App-IDs are?

So I need to update my PanOS on my PA-3020, but because I have a mission-critical network I need to avoid downtime as much as possible. In the walk-through for the PanOS upgrade, it says 'any change a content releases introduces that affects App-ID could cause downtime.' I was not fully clear on what an App-ID is, and why it might change from ...

EDL IP List GUI not display

Currently setting EDLEDL IP information can be captured on CLIBut it cannot be confirmed in the GUITried PANOS version 8.1.5 and 9.0.0 Try some edl canSome can not be displayednot displayhttps://report.cs.rutgers.edu/DROP/attackerscanhttp://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txthttps://raw.githubusercontent.com/firehol/blockl...

Houran_0-1597934331356.png
Houran_1-1597934412758.png
Houran by L0 Member
  • 2253 Views
  • 1 replies
  • 0 Likes

Incomplete sessions for NATTING/Access to different site DMZ

Hi All,I am having a complex and tricky setup that require NATTING and host web server in different network/site DMZ, I know it is not best practice but hope you can help:Here is topology:Site A zones: Trust, Untrust and DMZ with their own public IP and web serversSite B zones: Trust, Untrust and DMZ with their own public IP and web serversIn ca...

infoit by L1 Bithead
  • 3354 Views
  • 2 replies
  • 0 Likes

Palo Alto aws Deployment

Hello guys I'm honestly a noob. I just set up a palo alto vm series bundle 2 on my aws with 3 interfacer.eth 0/0 for managementeth 1/1 for the public subneteth 1/2 for the private subnetI've been trying to set up a wordpress server on the private subnet and access it via the internet. I dont know if my aws configuration is wrong or my nat/securi...

Resolved! User-ID agent

Hello, I have had the user-id agent setup previously but now either after upgrading to panos 10 or enabling mutli-vsys my option for the agent is now missing from my user identification menu. Does enabling mulit-vsys break this or maybe the version 10 update? The agent is still working just cant see the settings or add a new one.Thanks,Justin

jmarberg_0-1597926095642.png
jmarberg by L0 Member
  • 4887 Views
  • 2 replies
  • 0 Likes

Resolved! Repurposing log collector

I have a M-500 with two disk pairs in dedicated logger mode that I want to turn into a dedicated manager. I know how to actually change the mode, but can I remove both disk pairs and use them in another logger? I assume the M-500 has internal storage for the actual OS but wanted to be sure before actually going through with it. Do I need to do a...

ikev2 with cisco Router using certificate problem

after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse: received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id after this: IKEv2 IKE SA negotiation is failed as responder any ideas? rega...

Luping by L0 Member
  • 2806 Views
  • 2 replies
  • 0 Likes

SSL inbound inspection

Hi Team,I am facing the issue in SSL decryption intermittently. For the transaction website. traffic flow for the SSL inspection is:- Outside user ------> Paloalto--------->Load balancer-------->Application server. In the destination NAT translation, i have given the load balancer IP. Condition A with SSL inspection:-Once we apply SSL i...

ssl.PNG
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks