This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4133 Views
  • 0 replies
  • 0 Likes

Resolved! unsigned LDAP

Hi,As we know Microsoft is going to disable use of unsigned LDAP port 389 in March 2020.Fortunately I don't have LDAP profile on my PA firewall but I have Kerberos. Will there be any impact ? and do I have to change it ? Thank youKonrad

Resolved! CLI command for IPSEC tunnel info

Hello friends, I am looking for cli command to see all the details related to ipsec tunnels configured on the gateway. I need information related to tunnel id, peer ip and their status. Is there any command available ? I can see details under gui but i cant see tunnel id. Please help on this. Thank you.

Joshim by L1 Bithead
  • 47826 Views
  • 4 replies
  • 0 Likes

SSL test pages of urlfiltering.paloaltonetworks.com not blocked

Hi,If we test https://urlfiltering.paloaltonetworks.com/test-grayware there is no block page however if we test http://urlfiltering.paloaltonetworks.com/test-grayware we do get a block page. I cannot find urlfiltering.paloaltonetworks.com nor *.paloaltonetworks.com in a no ssl decryption profile nor the predefined exclusion list.In the traffic l...

tomdevos by L0 Member
  • 3307 Views
  • 1 replies
  • 0 Likes

Route between Subinterfaces with two VRs

Hello, I have a network with two WAN connections, i have assigned one of them for a vlan 10 and the other for vlan 20 using two VR and NATing also i created dhcp server for both vlan and for now every thing works fine, the problem is i can't access the resources in vlan 20 from vlan 10 and vise versa, what should i do also? should i create a sta...

Untitled.png

How to remove one BGP-RIB Out

Hi, We've configured BGP between Paloalto to Azure by using EBGP. The bgp is established but in RIB Out noticed that prefix 0.0.0.0/0 advertised to the peer respective azure. How to remove this, because due to this the users in bgp unable to access the internet. If I enable the "reject default route" option does this help? or cause any problem ...

bgp azure.JPG
bgp azure.JPG
bgp azure.JPG

RADIUS Authentication Still Prompts for Password Change

I have a stand-alone system which is utilizing two Palo Alto 220 Firewalls. As part of this system, I have RADIUS policies configured on a Windows server to provide domain-admin access to the device. On one PA220 I am able to login with my domain credentials and access the device without issue. On the other PA220 I am able to login with domain c...

TAP Mode

Hi, I want to know if there is a way to forward all switch traffic to single Destination port of Palo alto. So far I can find on switch side you can make a singel port source and destination the PA port. Just want to know if we can monitor all ports on the switch? Thanks

umar00o by L2 Linker
  • 3422 Views
  • 3 replies
  • 0 Likes

Shared Gateway and Panorama

Hello Community,I have Panorama that managed cluster of PA-5000 with some Virtual System, I use one Device Group for one VSYS.Now I need to configure the Shared Gateway.It seems that i can manage the NAT Policy related to the Shared Group only into WebUI of device and not from Panorama.Could you confirm me I cannot managed it via Panorama? Thank...

Run operational command using SSH

I need to automate run particular operational commands , which were not available in the API. I tried running them using SSH to the Panorama CLI, but it fails. Also Paramiko Python script does not seem to work and not sure what are we doing wrong. Can you please share any experience exectuing SSH commands?

batd2 by L4 Transporter
  • 5769 Views
  • 3 replies
  • 0 Likes

Statistics for data transfer on a Palo Alto.

Team,I am looking to gather some reports which will tell me how much traffic has been passed over a specific VPN tunnel on a Palo Alto.Is that possible?The preferred stats are over a month or a 15 day period. If yes, can you guide me on how can I create these reports? Thanks!!!

nson2139 by L3 Networker
  • 3373 Views
  • 1 replies
  • 0 Likes

unable to reach peer end public IP via vpn tunnel

HI Team I have created S2S VPN tunnel between palo alto and cyberoam firewall. Tunnel is up but the traffic is not flow. Under Cyberoam firewall there is one server with public IP 144.21.X.X.From palo alto we need to reach the peer end public IP 144.21.X.X via the vpn tunnel.but whenever I tried to reach the peer end public IP 144.21.X.X its go...

Resolved! Panorama annyoing refreshs

Hi community, I experienced the following behavior with PAN-OS 9.0.4 on Panorama VM:When editing a policy and accepting the change (doesn't matter if policy editor or dragging and drop) it takes a moment, the change to get "active"/written to candidate config - so panorama freezes for a short moment, then you can work again.BUT: I got another re...

Chacko42 by L4 Transporter
  • 4555 Views
  • 2 replies
  • 0 Likes

JawinaBug Command and Control Traffic Detection(85599)

Could you guys please throw some light on "JawinaBug Command and Control Traffic Detection(85599)", there is no information related to could you guys please throw some light on "JawinaBug Command and Control Traffic Detection(85599)", there is no information related to JawinaBug at allWhat triggers this signature, what are the IOCs?, Please help...

Lalitb by L0 Member
  • 2814 Views
  • 2 replies
  • 0 Likes

Identifying iPad App Traffic

Greetings I have a PA-220 Running Version 8.1.9-h4 Current problem is that some teachers use iPads and some of them use an app called SEESAW.The app loads fine on the iPad but seem to be blocked from the cloud resources it should have access to.Using it on Mobile data everything loads fine.Using it through the Firewall I eventually get a message...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks