General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 177 Views
  • 0 replies
  • 0 Likes

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 601 Views
  • 0 replies
  • 2 Likes

Resolved! Connect to Two Palo Alto VPNs

I have an employee who travels often with a need to simultaneously connect to two Global Protect VPNs, neither of which are clientless VPNs.

The first connection is to the main office.

The second connection is to another company, which has whitelisted

...

SSL VPN REDUNDANCY

Hello everyone,

 

I want to make redundancy ssl vpn for two ISP.I have two ISP.I will use DNS failover.And write nat rule for two publıc to loopback interface.(I use loopback interface for globalprotect).I write symmetric return for two external interf

...

Resolved! HA Active/Active Mode with Multi VSYS

Hi All,

 

Is it possible to use a Multi-VSYS Palo Alto to have the active-primary on one Palo Alto and a second VSYS Active-Primary on the second Palo Alto in Active-Active HA mode. I've done this on Cisco Active-Active firewalls but I need to do this

...

a.jones by L3 Networker
  • 15165 Views
  • 18 replies
  • 0 Likes

Palo Alto URL Filtering Test Pages unreachable via HTTP

Anyone else notice that the Palo Alto URL filtering test pages (example: http://urlfiltering.paloaltonetworks.com/test-command-and-control) are no longer reachable using http?

 

This article describes the pages and why you would want to use them to val

...

PeteS by L1 Bithead
  • 3348 Views
  • 3 replies
  • 0 Likes

Resolved! BGP Communities in Palo Alto Firewall

Hi,

 

It's possible to use well-known communities in Palo Alto like in Cisco Router? I mean, community no-export, no-advertise, local-as or Internet.

 

We need to propagate some routes to a peer but indicate to that peer that don't propagate outside the

...

nanukanu by L2 Linker
  • 16033 Views
  • 6 replies
  • 0 Likes

Want to allow SFTP only and not SSH Traffic

Hi Team,

 

I am trying to achieve my requirement however, unable to achieve it. Please review my requirement below and suggest your thoughts if there are any possible way to accomplish.

 

I want to block SSH traffic and at the same time i need to allow S

...

SahulH by L3 Networker
  • 14332 Views
  • 5 replies
  • 0 Likes

Rename Panorama template and template stack

Hello,

 

We have a few firewall clusters managed by Panorama and are looking to change the naming schema for templates and template stacks. Does anyone know if changing these would have any affect on firewall operations? We previously changed the zone

...

URL Filtering Whitelist

Hi,

 

We have a case that 1 user would like to access URL (example a.com) that is currently blocked in existing URL filtering profile.

 

We know we can allow this by

 

1. clone existing URL profile and add a.com into allow list or add it through custom URL

...

L1_ENG by L1 Bithead
  • 4889 Views
  • 4 replies
  • 0 Likes

Resolved! DNS sinkhole database view or test

We are finding that even domains configured as malware/c2 are not getting sinkholed.   I'm aware from other posts, that these are not the same database on the firewall.   

 

Why are these not persistent?  Why would you not flag on a DNS lookup that is

...

Sec101 by L4 Transporter
  • 6720 Views
  • 4 replies
  • 0 Likes

DNS proxy

Hello

In one of my subnets I'm using google 8.8.8.8 as DNS server (received via DHCP).

But only form one entry I want to provide my own FQDN and IP.

Could I use DNS proxy feature for this ? (enable DNS proxy with primary DNS server 8.8.8.8 and add stati

...

polak71 by L1 Bithead
  • 1791 Views
  • 1 replies
  • 0 Likes

NFS datastore change

Customer integrated NFS datastore with panorama to store logs.

 

Now they are planning to change old NFS data store with new NFS data store, But their concern is they want old NFS datastore logs to be retained in new NFS datastore after migration and t

...

SSL decryption troubleshooting

I am trying to get SSL Forward Proxy working properly, generally it seems to be OK but I have a site I have tested

 

is for the bank hsbc

 

that gives an error..

 

Certificate Error

There is an issue with the SSL certificate of the server you are trying to

...

HA traffic through Cisco Switch

Hi Team ,
Can we route HA traffic between two 3260 firewalls through cisco switch using L2 vlan.

 My requirement is to run firewalls in HA and devices will be in different buildings. Buildings are connected with dark fiber. As PAN dedicated HA ports ar

...

  • 23762 Posts
  • 110 Subscriptions
Top Solution Authors
Labels