This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

URL Filtering Whitelist

Hi, We have a case that 1 user would like to access URL (example a.com) that is currently blocked in existing URL filtering profile. We know we can allow this by 1. clone existing URL profile and add a.com into allow list or add it through custom URL.2. create firewall policy above existing rules to internet to allow this specific user id / IP a...

L1_ENG by L1 Bithead
  • 5767 Views
  • 4 replies
  • 0 Likes

Resolved! DNS sinkhole database view or test

We are finding that even domains configured as malware/c2 are not getting sinkholed. I'm aware from other posts, that these are not the same database on the firewall. Why are these not persistent? Why would you not flag on a DNS lookup that is out to resolve a malware/c2 domain - and NOT sinkhole it? Is the DNS database something that get...

Sec101 by L4 Transporter
  • 8004 Views
  • 4 replies
  • 0 Likes

DNS proxy

HelloIn one of my subnets I'm using google 8.8.8.8 as DNS server (received via DHCP).But only form one entry I want to provide my own FQDN and IP.Could I use DNS proxy feature for this ? (enable DNS proxy with primary DNS server 8.8.8.8 and add static entry with my FQDN and IP) Thank youKonrad

polak71 by L1 Bithead
  • 2161 Views
  • 1 replies
  • 0 Likes

NFS datastore change

Customer integrated NFS datastore with panorama to store logs. Now they are planning to change old NFS data store with new NFS data store, But their concern is they want old NFS datastore logs to be retained in new NFS datastore after migration and then new logs need to be logged to new NFS datastore. Please let me know if this is doable, I’m no...

SSL decryption troubleshooting

I am trying to get SSL Forward Proxy working properly, generally it seems to be OK but I have a site I have tested is for the bank hsbc that gives an error.. Certificate ErrorThere is an issue with the SSL certificate of the server you are trying to contact.Certificate Name:IP: 91.214.6.22Category: not-resolvedIssuer:Status: unknownReason: I h...

HA traffic through Cisco Switch

Hi Team ,Can we route HA traffic between two 3260 firewalls through cisco switch using L2 vlan. My requirement is to run firewalls in HA and devices will be in different buildings. Buildings are connected with dark fiber. As PAN dedicated HA ports are ethernet i have to use another converter or switch to make them communicate in HA ports. i did ...

Resolved! Panorama Dynamic updates

HelloI use Panorama to manage my firewalls, I configured Panorama for Dynamic updates (antivirus, Application & Threats) but, when I go to "Device Deployment / Dynamic updates", all versions are in middle of December 2019. When I "check now", I have no issue about an connection error but the new version of antivirus, App & Threats are no...

Resolved! Minemeld O365 doesn't have latest IPs

Seeing an issue using minemeld and O365 IPs and not having the same IPs that Microsoft is advertising that need to be allowed. Is there any easy way to confirm what is there and and what isn't via minemeld? I've been using for awhile but only now did I notice that some of the CIDRs aren't coming across via minemeld.

drewdown by L4 Transporter
  • 12337 Views
  • 10 replies
  • 0 Likes

Resolved! 64-bit User-ID Agent Software

Hi,The Installation instructions for the User-ID Agent software remind you to ensure you've downloaded the correct version of the software (32 or 64-bit).However I can't find the 64 bit version of 8.1.10 anywhere, only of the Credential Agent. Anyone know where it is?? I've tried installing the 32-bit version to Windows Server 2016 instead but t...

Anyone else notice these "Load Config Partial" syntax changes in PAN-OS 9.0?

Doing my first migration to PAN-OS 9.0. We've migrated the config using expedition, but when I try to use the load config partial commands I keep getting a "Invalid syntax." error Example on how it used to work- load config partial from MT-fixed.xml from-xpath /config/devices/entry/vsys/entry/tag to-xpath /config/devices/entry/vsys/entry/tag m...

VPN

Hi. who can help me this topic?Person A must configure vpn with person B. Person A must configure two vpn connection and all data flow to vpn 1 node but if vpn node1 goes down, aoutomatic all traffic must flow through with node 2.

URAN_725 by L1 Bithead
  • 2443 Views
  • 1 replies
  • 0 Likes

Free space in /dev/md2 partition

HelloWe have a Firewall PaloAlto with free space 509MB in partition /dev/md2, and 609MB in partition dev/md5, actually we need to upgrade the PanOS since 7.1.18 to 8.1.12, and there are 5 PANOS to upgrade, so the information is keep in /dev/md5 but before the installation We would like to know if the /dev/md2 root partition has little free space...

How to block Internet Explorer

I am trying to block Internet Explorer traffic going out to the internet from my internal users. I have decryption in place and followed this article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEdCAKI am seeing some websites being blocked but some of them are not despite decryption. Has anyone tried blocking IE?P...

Resolved! Block External Email

Hello -Basically I would like to start blocking external email access from the internal network such as Yahoo Mail. I don't want to block access to Yahoo itself, just inbound email from Yahoo and other sites like that. Is there any documentation on how to best accomplish this? Thanks in advance!

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks