This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Resolved! Any to Specific VPN Breakout

Hi, I'm having an issue. I have a catchall VPN tunnel on my Palo Alto that sends all of my traffic to a company called Zscaler. They are a cloud security company that acts as a proxy to intercept our traffic and check it before it goes out to the internet and vice-versa. However, sometimes certain exchanges don't play nice with Zscaler, such as...

dromanelli_0-1595621800306.png

Resolved! Pre-Logon Global Protect

Hi Can anyone explain the pre-logon feature that is now part of GP. Specifically how I could use it to launch AD login scripts one a user have authenticated via GP.ThanksRod

djrodb by L3 Networker
  • 11644 Views
  • 12 replies
  • 0 Likes

PA-3020 OS 9.0 either support GRE Tunneling Support

We are planning to upgrade PA-3020 devices to PAN-OS 9, please advise either PA-3020 devices can be upgraded to OS 9PAN-OS 9.x is to use new features introduced in new OS like GRE tunneling, would you please confirm either our device PA-3020 support this upgrade? Model PA-3020

why "set ssh service-restart mgmt" reboots PA-220 with 8.1.13?

Hi, My PA-220's needed some SSH changes. After these were committed locally, I ran the "set ssh service-restart mgmt" command, as the manual says, in run mode.The firewall pings for about 30 seconds, then reboots. I'm using 8.1.13. Why does it reboot? How can I get around it? I have had a ticket in for a week, and the lady working the ticket doe...

Application Square

Is anyone managing the application 'Square'? I am trying to get a better understanding how to identify the application being used for a transaction vs a website visit. A website visit to https://squareup.com/ triggers the application the same as a transaction occurring from what I can see. Definition: Square is a card reader tool and application...

clewis1 by L3 Networker
  • 4200 Views
  • 4 replies
  • 0 Likes

Require assistance to install AWS on minemeld

Hello all, I cannot install aws.AMAZON miner when I add it with the default config all minemelds is not responding and the minemeld's service is looping curl -k 'https://ip-ranges.amazonaws.com/ip-ranges.json' works the default config. the miner. Process looping.when I tried to check log : /opt/minemeld/log/minemeld-engine.log.1:2020-07-09T17:12...

minemeld-default-config.PNG
minemeld-miner.PNG
minemeld-looping.PNG

how to delete panorama config logs

we have set retention period for 1 day , but still config logs are showing of last 5 days in Panorama. As per tac this is the bug as they are currently analyzing the file.Also tried to delete all config logs of Panorama through cli but no luck. Below command not worked on M200 running on 9.0.9-h1 to clear config logclear log [ acc | alarm | conf...

Deepak_K by L3 Networker
  • 6702 Views
  • 5 replies
  • 0 Likes

Object add in bunch of policies.

Hi All, An object (IP address: 192.168.1.2 as an example) configured in the PA firewall and assigned it to 50+ security policies as a source/destination address. Now, I want another object (IP address: 192.168.1.5) assign into the same 50+ security policies as IP 192.168.1.2. What's the fastest way to do it? I can manually do it by going in each...

ChiragP by L2 Linker
  • 4013 Views
  • 3 replies
  • 0 Likes

How to allow a specific file extension

I work for a K-12 school district that uses a program that reads books to students. The file extension is .kes (KES is a file extension that belongs to Text Files of Kurzweil Educational Systems) and is blocked in our file blocking profile as an Encrypted ZIP file. Is there any way to allow the .kes file without allowing all Encrypted ZIP file...

almay by L2 Linker
  • 4850 Views
  • 2 replies
  • 0 Likes

PA config replication through Panorama

Hi All, I am looking for a method to replicate the configuration of one of our virtual firewalls to a physical firewall through Panorama device-groups and templates. Let me explain the setup:We have a core firewall with multiple vsys enabled, and one of these vsys is our external (internet) vsys. Now due to capacity issues, we need to replace th...

VarunRao by L2 Linker
  • 3732 Views
  • 3 replies
  • 0 Likes

Feature requests - command line or API consistency with GUI actions please

In particular we discovered that methods of creating configuration backups are not consistent across the various management interfaces. It appears as if the most restore-able version of the backup has to be done from the GUI. The 'export'/'scp'/'tftp' command may be equivalent, however they do not seem to allow access to the auto-saved configur...

Vwire interfaces are flap

We have a Paloalto connected in vwire mode Cisco ASR1 is connected on PA eth1/21 (Primary) and Cisco ASA (Primary)is connected on PA eth1/22. Same as Cisco ASR2(secondary) is connected on ethernet1/23 and Cisco ASA(secondary) is connected via Ethernet 1/24. Interface are automatically going down and coming up Can any one suggest me why is going...

Joshan_Lakhani_0-1595447238139.png

Overlapping Proxy ID"s

I have a IPSEC site to site VPN with a Check Point firewall. In the Palo Alto I have networks / proxy ID's that overlap each other? Can this cause issues? For example I have: Local Remote192.168.50.0/24 10.241.8.0/24192.168.50.0/24 10.241.0.0/16 B...

Broken SSL Inbound Inspection After July Windows Updates Enables TLS 1.3

I have been using SSL Inbound Decryption for over a year with options1) Block sessions with unsupported versions2) Block sessions with unsupported cipher suites After applying Windows 10 updates to a reverse proxy server, it appears that connection to website is encrypted and authenticated using TLS 1.3, X25519, and AES_256_GCM (based on Google ...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks