This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4228 Views
  • 0 replies
  • 0 Likes

How to set up two HA (active / passive mode) firewalls to be managed by panorama

Hi All,I already have two firewalls to set HA and use Active / Passive mode.But when I put both devices into the same Device Groups and Templates and push the configuration file to both devices, the HA settings of the second device will be overwritten by the HA settings of the first device.I saw this "Migrate a Firewall HA Pair to Panorama Manag...

Resolved! Connect to Two Palo Alto VPNs

I have an employee who travels often with a need to simultaneously connect to two Global Protect VPNs, neither of which are clientless VPNs.The first connection is to the main office.The second connection is to another company, which has whitelisted our main office external ipaddress and that of our vpn ipaddress.The second connection must be ma...

SSL VPN REDUNDANCY

Hello everyone, I want to make redundancy ssl vpn for two ISP.I have two ISP.I will use DNS failover.And write nat rule for two publıc to loopback interface.(I use loopback interface for globalprotect).I write symmetric return for two external interface to loopback interface.But doesn't work.After that ı try with vlan interface but nothing chang...

Resolved! HA Active/Active Mode with Multi VSYS

Hi All, Is it possible to use a Multi-VSYS Palo Alto to have the active-primary on one Palo Alto and a second VSYS Active-Primary on the second Palo Alto in Active-Active HA mode. I've done this on Cisco Active-Active firewalls but I need to do this on a Palo Alto pair. RegardsAdrian

a.jones by L3 Networker
  • 19852 Views
  • 18 replies
  • 0 Likes

Palo Alto URL Filtering Test Pages unreachable via HTTP

Anyone else notice that the Palo Alto URL filtering test pages (example: http://urlfiltering.paloaltonetworks.com/test-command-and-control) are no longer reachable using http? This article describes the pages and why you would want to use them to validate your URL filtering policy : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=...

PeteS by L1 Bithead
  • 4260 Views
  • 3 replies
  • 0 Likes

Resolved! BGP Communities in Palo Alto Firewall

Hi, It's possible to use well-known communities in Palo Alto like in Cisco Router? I mean, community no-export, no-advertise, local-as or Internet. We need to propagate some routes to a peer but indicate to that peer that don't propagate outside the AS. Thank you in advance,

nanukanu by L2 Linker
  • 20508 Views
  • 6 replies
  • 0 Likes

Want to allow SFTP only and not SSH Traffic

Hi Team, I am trying to achieve my requirement however, unable to achieve it. Please review my requirement below and suggest your thoughts if there are any possible way to accomplish. I want to block SSH traffic and at the same time i need to allow SFTP traffic for our users. I have referred to some KB Article and that states in order to allow t...

SahulH by L3 Networker
  • 18845 Views
  • 5 replies
  • 0 Likes

Failed active/passive HA Upgrade from 8.1.4-h2 to 9.0.3

Hello community - I have a case open with support, but I am looking to see if anyone else has an idea for me while they are looking at my tech support files. I attempted to upgrade an active/passive HA pair following the Palo Alto Doc. I upgraded the secondary from 8.1.4-h2 to 9.0.3 and rebooted. I am now at the step where I would suspend the pr...

Rename Panorama template and template stack

Hello, We have a few firewall clusters managed by Panorama and are looking to change the naming schema for templates and template stacks. Does anyone know if changing these would have any affect on firewall operations? We previously changed the zone naming of firewalls and saw that it had major affect on VPN tunnels terminating on that zone as i...

URL Filtering Whitelist

Hi, We have a case that 1 user would like to access URL (example a.com) that is currently blocked in existing URL filtering profile. We know we can allow this by 1. clone existing URL profile and add a.com into allow list or add it through custom URL.2. create firewall policy above existing rules to internet to allow this specific user id / IP a...

L1_ENG by L1 Bithead
  • 5817 Views
  • 4 replies
  • 0 Likes

Resolved! DNS sinkhole database view or test

We are finding that even domains configured as malware/c2 are not getting sinkholed. I'm aware from other posts, that these are not the same database on the firewall. Why are these not persistent? Why would you not flag on a DNS lookup that is out to resolve a malware/c2 domain - and NOT sinkhole it? Is the DNS database something that get...

Sec101 by L4 Transporter
  • 8101 Views
  • 4 replies
  • 0 Likes

DNS proxy

HelloIn one of my subnets I'm using google 8.8.8.8 as DNS server (received via DHCP).But only form one entry I want to provide my own FQDN and IP.Could I use DNS proxy feature for this ? (enable DNS proxy with primary DNS server 8.8.8.8 and add static entry with my FQDN and IP) Thank youKonrad

polak71 by L1 Bithead
  • 2193 Views
  • 1 replies
  • 0 Likes

NFS datastore change

Customer integrated NFS datastore with panorama to store logs. Now they are planning to change old NFS data store with new NFS data store, But their concern is they want old NFS datastore logs to be retained in new NFS datastore after migration and then new logs need to be logged to new NFS datastore. Please let me know if this is doable, I’m no...

SSL decryption troubleshooting

I am trying to get SSL Forward Proxy working properly, generally it seems to be OK but I have a site I have tested is for the bank hsbc that gives an error.. Certificate ErrorThere is an issue with the SSL certificate of the server you are trying to contact.Certificate Name:IP: 91.214.6.22Category: not-resolvedIssuer:Status: unknownReason: I h...

HA traffic through Cisco Switch

Hi Team ,Can we route HA traffic between two 3260 firewalls through cisco switch using L2 vlan. My requirement is to run firewalls in HA and devices will be in different buildings. Buildings are connected with dark fiber. As PAN dedicated HA ports are ethernet i have to use another converter or switch to make them communicate in HA ports. i did ...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks