This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

Resolved! About NAT in dual ISP

Hi fellow panw admin 🙂 Need some clarity before i plan to setup my firewall, i have pretty big network. Right now the load sharing and nat handled by some appliance above firewall, no nat in firewall. I need some info about source and destination nat in dual isp scenario, i read many post about dual isp scenario in this forum but most talk abou...

Resolved! Importing cert problems

Hello Gurus,I generated CSR outside of panorama, trouble importing cert, is this allowed?When choose import cert(device->Import cert) & private key nothing happens/i see importing screen for everAll my certs are in pem format.RegardsBabu

wildfire logs showing allow action for malicious url

Two wildifire logs (16 July and 20 July ) are showing for same url with malicious verdict and action is allow. We have checked wildfire report of both logs , all information is same (same hash value , first timestamp seen is 7 July etc. ).If same url is identified in 7 July then why its showing in wildifre submission logs. Also why action is al...

Deepak_K by L3 Networker
  • 2391 Views
  • 1 replies
  • 0 Likes

Global Protect Client won't reestablishment connection after update

Hi, currently, I have a problem with the Global Protect Client Update.After using the GP Client version 5.1.1 I updated to GP 5.1.5 but after the update the connection refuses to re-establish the connection. The KBArticle (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkSCAS) says the expected behavior is a reestabli...

Resolved! Panorama 9x - how to delete Child DG ObjectX if Parent ObjectX exists

In Panorama 9x (specifically 9.0.6) if `Object-X` exits in both the Parent DG and a Child DG - you cannot delete the Child DG `Object-X`. In the Child-DG, the "delete" button for that object is grayed out. In the Parent-DG the delete button is available. But we need to delete the more specific Child-DG object in order to only have the more gl...

rolinger by L2 Linker
  • 2930 Views
  • 1 replies
  • 0 Likes

Latest GlobalProtect host checker supported antivirus & firewalls list

Hi guys, I'm searching, if exists, a knowledge article or a PDF more recent than this one : https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000D5kyAAC&field=Attachment_3__Body__sBecause it's for GP version 4 which is outdated (2018 according to PDF property tags) as we currently are in v5

How to configure HIP.

Hi team, ++ I want to configure HIP- Anti Malware with virus definition version.++ I see in HIP log for Definition version as 200729-4 but I am not able to configure the same in Virus definition option in HIP anti malware.++ I am not able to use any kind of characters and not more than 5digits.++ How do I configure this ?? Attached my HIP log. ...

Hip.jpg

Block all SSH outbound

For a home user who uses VPN to access internal network, how can we block all his SSH outbound connection to internet?

Ivy_Vo by L1 Bithead
  • 6896 Views
  • 9 replies
  • 0 Likes

IPS is not detecting threats

Palo Alto has recently released signature for CVE-2020-3452. however when performing a POC, I cannot detect any threat. I am using link available to public use - https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ but when tried, there is no threat being detected...

Shafaqat by L0 Member
  • 2509 Views
  • 1 replies
  • 0 Likes

How to configure PAN-OS to email/alert me of potential attack?

So, you would think this would be an easy thing to learn and configure, however I can't seem to find the answer from any PA walk through, or through PA support. I'm simply looking to configure my PA-3020 (PAN-9.0.0), so that if a new threat is detected in the threat list, that I will be notified via email. I have already setup PDF summary, but...

Working remotely with Mitel MiVoice Connect, GlobalProtect, and Softphones?

Is anyone using Mitel Connect and Softphones in a remote work environment where the user has GlobalProtect? We are trying to get that to work. The only issue we have at the moment is that the microphone isnt working on the remote device. The user can hear the other person, but cant be heard. Its like the microphone traffic isnt going back up t...

jrauman by L2 Linker
  • 3963 Views
  • 1 replies
  • 0 Likes

Failover of IPSEC Tunnels from active to Passive Firewall

Hello, I have a setup of Two AWS_VM-Series_Palo Alto devices, which are acting as Standalone firewalls but as Primary and Secondary respectively on AWS. Due to some limitations, I cannot configure HA between them, however there is a tunnel connecting these two firewalls for manual traffic failover. Now I would like to setup tunnel monitoring and...

QoS_Rate-Limit_Guest Network_NAT query_Configuration example

could someone advise me to set rate-limit for guest(10.1.10.0/24) traffic in this topology I read the article that We need to apply policy on egress interface always. Hence, for upload, it's on outside interface connected to Internet and for download it is on inside interface (ae) connected to SW(1) Internet Speed 500 Mbps(2) Rate-limit for Gu...

DNARNI_3-1592498823681.png
DNARNI_5-1592498893400.png
DNARNI_4-1592498856246.png
DNARNI by L0 Member
  • 2628 Views
  • 1 replies
  • 0 Likes

Bypass video traffic exclusion

Hello, We have GP set up and one of the settings include "Exclude video traffic from the tunnel". However, we have come across an issue that private site for developers hosted in 10.0.0.0/8 network includes internally hosted videos (http-video app-id) needed for work. So when user tries to connect to website while connected to GlobalProtect, it ...

kalolu by L1 Bithead
  • 3407 Views
  • 1 replies
  • 0 Likes

Resolved! How to forward the logs before yesterday to syslog server.

Hello,We were forwarding log from PA-5220 to syslog server.On July 2, 2020, our syslog server failed and it was unable to get most of the July 2020 logs.Now that the syslog server has been recovered, I want to forward the logs that from July 2, 2020 to today to syslog server.Is this possible...?Could you tell me how if possible?(Sorry for my poo...

  • 24340 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks