General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

LIVEcommunity System Update - Delayed

UPDATE 11/8/23 11:43 a.m. EST:

LIVEcommunity’s System Update will be delayed. This means your use of LIVEcommunity will not be impacted this week (11/8-9), and you can proceed with business as usual.

 

Thank you again for your patience and stay tuned

...

jforsythe by Community Team Member
  • 278 Views
  • 0 replies
  • 0 Likes

New Area for Engineering Blogs on LIVEcommunity!

We are excited to announce a new Engineering Blogs section on LIVEcommunity, exclusively curated by Palo Alto Networks engineers!

 

This dedicated area will be home to technical posts about Palo Alto Networks innovations to build scalable and reliabl

...

jennaqualls by Community Team Member
  • 529 Views
  • 0 replies
  • 1 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 1816 Views
  • 2 replies
  • 10 Likes

Source and destination based on NAT using DHCP

Hi,

 

I am setting up a PAN device. On ethernet1/1 I have it set up to DHCP. I then will have a computer connected to ethernet1/9. I want to set up both source and destination based NAT. From what I understand in order to do this I would need to create

...

golariu by L1 Bithead
  • 1585 Views
  • 1 replies
  • 0 Likes

Resolved! Change physical port in Active PAssive PA going to ISP

PA is in Active Passive mode.

 

Current uplink connection from active PA going to ISP is 1Gig.

We need to change the uplink port on the active PA that can support 10gig.

 

What is best method to do this without causing least amount of outage?

MP18 by Cyber Elite
  • 3878 Views
  • 12 replies
  • 0 Likes

Need to clear traffic or reset the tunnel to access

We had site to site vpn tunnels and traffic is always stuck and until unless we reset or clear the traffic the access is not working.

 

Any one have experience . The VPN tunnel never go down only the traffic PA to Sonic wall any recommendation on how t

...

NavidAlam by L3 Networker
  • 3696 Views
  • 4 replies
  • 0 Likes

Decryption Broker with Policy Based Forwarding

Hello,

 

I'd like to know if it is possible to use decryption broker with policy based forwarding on the same interface of the policy based forwarding as the scenarios is as the following :

We have a Bluecoat proxy connected to Palo Alto firewall using

...

Palo Alto - GPVPN - IPSEC b2b

My current role is as a Network Architect and I am working with our security team to get some Palo Alto firewalls setup to provide

GPVPN access and also IPSEC b2b connectivity.

 

Our initial design has a single external public address to host the GPVPN

...

mcronin by L0 Member
  • 3937 Views
  • 3 replies
  • 0 Likes

Limit Download per IP

In NG firewall, is there a way to limit the download per IP per day.

For eg, One Ip should have only total 1GB download/upload usage a day.

It's like somewhat ISP does.

unable to access internet from vlan

Hi,

i am configuring PA-220 software version 8.0.9. i wan to create a vlan and allow them to access the inter net i have seen some video but i am unable to access the inter net i am even unable to ping my vlan gateway. is there any thing i can do ?

 

 

Screenshot (9).png

Error after upgrade of panos 8.0.17 - 8.1.0

After doing an upgrade I get the following error.

 Error: Max. user groups used in policy 1117 exceeds capacity (1000)
(Module: device)
Commit failed

The FW model is a PA-3020

I hope you can help me

 

Thanks.

Alan VG

TACACS Timeout

TACACS Server timeout currently has a max setting of 20 secs.  We have implemented Duo MFA on our TACACS server and 20 secs is really tight for receiving and approving the push notification from Duo.  Is there any way to override the max timeout?

 

We

...

cdwing by L1 Bithead
  • 1331 Views
  • 0 replies
  • 0 Likes

MineMeld into Proofpoint TRAP

I am trying to integrate MineMeld and Proofpoint TRAP. It should be relatively simple and feel I am overlooking something. 

The first step was easy. Create an output using stdlib.taxiiDataFeed. 

Because this is the community edition auth is turned off

...

Romans6 by L1 Bithead
  • 2883 Views
  • 1 replies
  • 0 Likes

Resolved! Threat Map Bubbles

Hi,

When I view the threat map, It shows a large bubble in the middle of the atlantic ocean that is labelled "reserved" what is this?

Any help is greatly appreciated.

M

charger by L2 Linker
  • 3042 Views
  • 4 replies
  • 1 Likes

Kill Login Sessions

Hi,

Is there a way I can kill or log out other administrators that is authenticated in Palo Alto Management? Hoping for your assistance.

Thanks,

Xer

MineMeld mining IBM X-Force TAXII/STIX2 source feed

I have MineMeld setup to poll my IBM X-Force TAXII feed, however no indicators are being retrieved.  At this point, I simply want indicators from a specific X-Force collection to feed into a mirror copy within MineMeld.  The collection has indicators

...

ACMENEWS by L1 Bithead
  • 2536 Views
  • 0 replies
  • 0 Likes

Windows based user ID Agent Setup

Hi Everyone, 

 

Hope everyone doing well. 

we have setup a windows based User ID. but one problem I saw with that is, it is receiving accounts with $ sign in the last. I believe these are service type accounts and if yes we would like to exclude them on

...

Global Protect 5.0.4 portal not found

hello team,

 

we have this client running his ISP thru E1/3 (secondary ISP service), he wants to allow the Global Protect client thru this conection, however, after configure the portal and gateway in the PA-500, we test in the agent installed and we g

...

Top Liked Authors