This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4474 Views
  • 0 replies
  • 0 Likes

Resolved! Destination NAT to other Port

Hey all,there is a ssh server in an internal network. I want to access that server from public, but with source port for example 11111. The server listens on normal ssh port 22.So I would like the firewall to do a port translation from 11111 to 22.Is that possible?

MPI-AE by L4 Transporter
  • 9592 Views
  • 4 replies
  • 0 Likes

Resolved! Allowing Ads

I have a user who would like access to be able to view ads. This may or may not be a good practice, but I would like to know if this is able to be granted. For example, we granting access to something such as Facebook, I can create a policy and grant access by specifying the Facebook application. Is there something similar when it comes to grant...

Resolved! Authentication - Users are not matching with groups

Hello, I have a problem with authentication. I have configured a PAN integrated agent. I can see users authenticated. At the same time, the firewall is getting the groups from AD. But for some reason, the users are not matching with the groups. So the policy based on the group that I configure is not logging traffic. Users and groups are in NE...

iscott by L2 Linker
  • 8438 Views
  • 3 replies
  • 0 Likes

Resolved! Meraki behind PA850 - Site-to-site, Error Unfriendly NAT configuration

Hi All, I am working on a implementation of the Meraki MXs behind PA850 - Site-to-site ( hub and spoke). I am getting error on the VPN status: NAT type: Unfriendly. This security appliance is behind a VPN-unfriendly NAT, which can be caused by upstream load balancers or strict firewall rules.It seems to be working only when i use static one to ...

bulk export of security zones on Panorama

Hello, I am trying to get a list of all the security zones configured on all the firewalls from Panorama. Is this possible? whats the most efficient way of achieving this? I have over 50 devices and exporting security zones from each one is tedious. Looking for a way to bulk export from panorama.

Using Secure LDAP profiles

In March 2020 Microsoft will be releasing a Security Update which will disable the use of LDAP connections (cleartext over port 389) to/from Windows Servers - only LDAP Secure connections (default port 636) will be accepted by Windows Servers after the Microsoft Security Update has been applied. I assume we have to change PAN firewalls LDAP serv...

PS007 by L2 Linker
  • 3358 Views
  • 1 replies
  • 1 Likes

Resolved! Palo 5220 (8.1.6h2) Throughput

AllWe are pulling data from an a remote server to a SQL server, that sits behind the Palo, using SMB and FTP. The file size is 40G.ALL links between the 2 servers are verified at 10G.The transfer rate is being measured between 75MB and 120MB., apprx (1G)We tested this same type of transfer between servers behind the Palo and the rate was approx ...

mhs_coad by L0 Member
  • 2587 Views
  • 1 replies
  • 0 Likes

Netflow export into IPsec tunnel...

I'm trying to get netflow to export through a vpn tunnel on my PA-VM V9.1 firewall. My route and policy into the tunnel for the target collector is working because I can ping the collector through the tunnel. So I figure I need to change the default service route for netflow, but I'm unable to specify any of the dataplane interfaces/addresses ei...

megrez80 by L2 Linker
  • 6182 Views
  • 5 replies
  • 0 Likes

Layer 2 to Layer 3 Connection , but on same Subnet and IP range?

We have a PaloAlto PA220 at work what is used for telephony/SIP traffic that I set up several months ago. Upstream of the PaloAlto is a unmanaged L2 netgear switch what sits between the leased internet line, the PaloAlto , and a another non-PaloAlto firewall. I want to get rid of this unmanged L2 netgear switch and connect our other non-...

eveares by L1 Bithead
  • 14183 Views
  • 11 replies
  • 0 Likes

Troubleshooting GlobalProtect disconnects

I have a couple of users that say their active connections are suddenly disconnected. What is the best way to determnine the cause of the disconnection? Again this is an active session not a time out

jdprovine by L4 Transporter
  • 8915 Views
  • 3 replies
  • 1 Likes

Resolved! ZPA Minemeld feed from json source truncated to last record

Problem Summary: Trying to locally convey - as a feed - all subnet block ranges from https://ips.zscaler.net/zpa/json - but only getting the last presented. URL Being referenced: https://ips.zscaler.net/zpa/json Example Content: {"Cloud Name":"zscaler.net","Content":[{"IP Protocol":"TCP","Port":443,"Source":"Connector, Zscaler App","Domains":"*....

SSO authentication was solved through override, cause analysis request and Similars

Hi. I have a website that I access via sso authentication, but I can't connect through the firewall. After trying various things, I solved it through the override rule in the firewall The override policy cannot be removed at this time. I wonder why this is possible with an override. Does anyone have a similar case or guess? Tell me please.

jskang by L1 Bithead
  • 2508 Views
  • 1 replies
  • 0 Likes

Resolved! Captive Portal LDAP Authentication redundancy

Hello. I have a Captive Portal that uses next Authentication Profile:CP_AuthWhere:Authentication Sequence:CP_Auth - Auth_Mode_1, Auth_Mode_2Authentication Profile:Auth_Mode_1 - LDAP_1Auth_Mode_2 - LDAP_2LDAP Server Profile:LDAP_1: 10.10.1.101, 10.10.1.102LDAP_2: 10.10.2.103, 10.10.2.104 Base on our monitor logs, we noticed that all our authentic...

JuanAn by L1 Bithead
  • 5679 Views
  • 4 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks