This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4221 Views
  • 0 replies
  • 0 Likes

Resolved! Licensing and install questions for Azure

Hello- I have a few questions regarding installs in Azure tenants regarding products and licensing. My understanding is that we can install either the VM-based model of NGFWs in Azure or the SaaS model, correct? If so, do both/either of those two require Panorama for management? Both VM-based models and SaaS models require licensing? If I h...

beakkenn by L0 Member
  • 946 Views
  • 2 replies
  • 0 Likes

Palo Alto Dual ISP, ECMP enables the external interfaces and enables IPSEC VPN tunnels

Palo Alto Dual ISP, ECMP enables the external interfaces and enables IPSEC VPN tunnels. Good afternoon, as always, thanks for the collaboration and support. A few doubts, We currently have an PA configured with ECMP, for outbound to the Internet, with two different ISPs. We plan to configure a Site to Site VPN, with each of the ISP. Here a...

Metgatz by L4 Transporter
  • 7179 Views
  • 5 replies
  • 0 Likes

Resolved! Dynamic Administrator Authentication based on Active Directory Group rather than named users?

Hello, We have an environment with several adminstrators from a rotating NOC. With the current LDAP method to my understanding we have to manually add the administrator name to the PA administrators list before login will work (e.g. jdoe). We would like to be able to tie it to an AD group (e.g. "Firewall Admins") so anyone who is a member of tha...

jgrote by L1 Bithead
  • 11554 Views
  • 9 replies
  • 1 Likes

Resolved! Migrating Cisco multi-contexts into one vsys Palo Alto firewall

Hi there, We are looking to migrate a Cisco ASA 5545 with two contexts (Internet and LAN) to a PA-1420. We don't have a multi-vsys license, so everything needs to be merged into a single vsys. We’ll be managing the PA locally (no Panorama) and using the Expedition tool for the migration. Is it possible to merge both ASA contexts into one vsys?...

AK74 by L2 Linker
  • 962 Views
  • 2 replies
  • 0 Likes

Google Playstore rule allowed services

Dear Members, Am here a new member, please I wish to know how to allow only the google play store for a specific networks with android devices.If I try to add only google base/play application, other traffics also blocked.Let me know how to allow google play store . Regards, Tiago Marques

tlmarques by L4 Transporter
  • 479 Views
  • 1 replies
  • 0 Likes

Prisma Access and Microsoft Tenant Restrictions

Hello All . Been wrestling with this for a week . My starting point is to only allow connections to the entra joined domain for e,g, fred.onmicrosoft.com . The rational is DLP - if I go to my browser and attempt to logon to another enterprise - dave.onmicrosoft.com it is blocked. This is not consumer BTW - home tenants are blocked with t...

Restrict Microsoft365 tenant

Hi, To restrict access to specified Microsoft 365 tenant (allow company M365 tenant only), I have tired to follow below link for configuration. Using HTTP Header Insertion For Sanctioned Access To Office365 ... - Knowledge Base - Palo Alto Networks But it's didn't work. Users still available to logon with personal M365 account. Since URL i...

Resolved! Trendmicro application identified as "ssl" despite of proper SNI, CN, SAN.

We have the Trend Micro agent installed on the endpoints, and it is running smoothly. However, the application is still being identified as "ssl", even though the packet captures show the correct SNI value in the Client Hello. In the Server Hello, both the SAN and CN fields contain multiple wildcard entries ending with *.trendmicro.com. The URL...

Setting up a ION device in Azure

Hello, We have 3 branch sites and we want to deploy a virtual ION device within our Azure tenant to connect it like another branch site. 1 - Is that possible? I see PA ION devices within Azure to deploy but I am not sure if it will accomplish what we want it to do. 2 - (If we can do 1) Is there any documentation on best practice setup for ...

Resolved! User ID agent not starting.

I am setting up backup user-id agent 8.1.10-2 on Windows 2016 Standard server.I have given all the required access to the user-id agent admin account but its not working / refusing to start.I am using the same credential on existing UID agent 7.0.8-13 running on Windows 2008 R2 and it runs fine. I attaching error messgae when starting UID servic...

Capture.JPG
Nischal by L2 Linker
  • 25590 Views
  • 12 replies
  • 2 Likes

Shared Pool Memory Allocation failure

Hi Team, I got 5 devices which are experiencing Shared Pool Memory Allocation failure at the same time displaying by a SIEM. So , I already shared the potential cause of the issue as you can see below : The sslmgr daemon attempted to perform an action (certificate validation) before completing its initialization.This typically occurs when:The ...

F.Pinar by L3 Networker
  • 820 Views
  • 1 replies
  • 0 Likes

Setting static Management interface IP in Azure VM NGFW

Is there any way to set a static Management interface IP with PanOS 12.1 in Azure VM? There are no options in the GUI, just a show DHCP client information window. From the CLI, a static IP/GW/DNS can be set in the config and commits without error, but it does not apply to the interface. Any attempt to "set deviceconfig system type static" result...

Resolved! Unable to activate Precision AI network security bundles license

HiHow to activate Precision AI network security bundle for my 400 series firewall?Previously I was using core bundle since 2024. For this renewal, my partner provided Precision AI bundle. I have already received the auth code, but I’m unable to activate it on both the firewall and CSP portal.The error message is showing “use email link” or fail ...

zinkt101 by L1 Bithead
  • 2009 Views
  • 2 replies
  • 0 Likes

Config admin using radius group.

I have VM-100 running panos-11.1.13. currently i have local admins for msp -superusers and 1 customer user with a customer -admin-role profile. customer wants to have mutiple admins controlled by their radius. so radius profile and auth profile is configured. how can i attach admin user group(listed under auth profile) to admin role profile. I s...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks