This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4476 Views
  • 0 replies
  • 0 Likes

Multiple ISP

Dear Team,I have a query. One of the customers wants to load balance their Internet traffic between multiple ISPs ( they have 5 actually). Can we do that ? I know we can do for dual ISP. But will this be feasible ?

PA3250 - L2 - L3 interface communication

Hi Team! I have simple topology ( pls see at the picture). I configured eth 1/1 ( for PC2) as L2 interface, but without Security Zone. I want to ping from PC2 - default Gateway (AE1.121) and PC1. Is it possible to set up Palo Alto like this? Pls, give me details, I can't find any use cases with the similar configuration. Thank you in advance.

PA_NX.JPG

Chromebook Global Protect failing

I have Setup Global Protect but my chromebook is failing to connect, I thought my config was dud but I have just tried to connect with my macbook and it works exactly as it should. I can't see why the chromebook wouldn't work, clearly the setup must be right. 3/17/2017, 5:06:44 PM: openDialog, type = 1 3/17/2017, 5:06:44 PM: pop up dialog after...

Resolved! Internet access

Hello all, we have installed proxy server to DMZ now I wants to allow internet access to LAN user . What would be my security policies for LAN user to access internet through proxy serverI have created two policies1. From trusted zone to DMZ Source as LAN user --------- Proxy server IP address as destination2. from DMZ to internet Source as ...

Source IP issue. *Urgent*

Hi team, I am facing the source IP mismatch region .This is the IP 41.139.156.142 which shows up from Kenya, i have confirmed from https://ping.eu & https://threatvault.paloaltonetworks.com/ but in firewall traffic log it show like this IP belongs to Germany.I have blocked this IP in policy but why it is happening ? Why firewall shows misma...

Palo Alto OSPF neighbor confusion

I have two down stream layer 3 switches both active running HSRP connecting to the active palo alto. Switch 1s interface connecting to the palo alto is set to ospf priority 10, switch 2s interface facing the palo alto is set to ospf priority 5. For some reason the palo alto is choosing switch 2 for the next hop. Does Palo Alto not understand pr...

Security policy Not process user-ID mapping after upgrade 9.0.4 to 9.0.8

PA-820FW: 9.0.8Check use-id mapping in CLI returned fine. Check user group mapping fine but security not process user-ID info.I have nine PA-820. After upgrade from 9.0.4 to 9.0.8, three of them act up. six of them are working fine. Tech Support still have no clue.Think about version bug. reinstall no help. Upgrade to 9.1.2h1 no help------------...

HNguyen_0-1591969110163.png
HNguyen by L1 Bithead
  • 2741 Views
  • 1 replies
  • 0 Likes

Upgrade OS from 8.1.x to 9.0.x Boot Loop

Upgrade PA-850 from 8.1.5 to 9.0.6 Boot LoopHi,I want to ask if anyone have experienced upgrading Palo Alto from 8.1.x to 9.0.x and worked it out, because i didnt.Last night was my nightmare, i tried to upgrade PA-850 straight from 8.1.5 to 9.0.x. For 10 mins it seems work fine, autocommit shows up and completed. But at a sudden, there was syste...

Resolved! Not Blocking EICAR June/2020

PA220, running 8281-6129 If I go to https://www.eicar.org/?page_id=3950 and try download test files using http, the firewall is not blocking of the download. If I go to the old site, http://2016.eicar.org/85-0-Download.html , the firewall will block it.

Migration of PAFW PA-5050 8.0.12 to PA-5220 Latest version

Hi,I have planning to migrate PA-5050 HA version 8.0.12 to PA-5220-HA to latest version. Constrains - The new PA-5220 cannot be downgraded to 8.0.12 to migrate the configuratoin. PA-5050 are in production so can't be upgraded to suitable version of PA-5220. Additional requirement - PA-5050 cfg has each interface for inside and ouside. New PA-...

DHCP option 43

Hello, Can we use Option 43 without Vendor Class Identifier, In GUI without VCI I can't select ok. If client doesn't use option 60 with DHCPREQUEST then what we do ? Matt

Mathew42 by L1 Bithead
  • 7646 Views
  • 4 replies
  • 0 Likes

destination nat from Mikrotik router to Palo ato

hello i am about to transfer from Mikrotik router to palo alto i have one issue i don't know how to do it in palo alto i have some servers with privet IP address and ports (web-server and database server) and these servers need to be accessible from our public IP address so what i do in Mikrotik router just add destination NAT its contain the se...

JALAL79 by L0 Member
  • 4342 Views
  • 2 replies
  • 0 Likes

Both LACP interface ethernet1/2 moved out of AE-group

We've a PA-3050 up and running for over a year now. It is configured with an agregated interface with LACP enabled (mode active, transmission rate Fast). These interfaces are attacheced to a procurve 5406 where the interfaces on the procurve are configured as a trunk of the type lacp. This was running fine till now. Last 3 days the connection on...

Sjoerd by L2 Linker
  • 30232 Views
  • 19 replies
  • 1 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks