This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4475 Views
  • 0 replies
  • 0 Likes

Resolved! BGP Communities in Palo Alto Firewall

Hi, It's possible to use well-known communities in Palo Alto like in Cisco Router? I mean, community no-export, no-advertise, local-as or Internet. We need to propagate some routes to a peer but indicate to that peer that don't propagate outside the AS. Thank you in advance,

nanukanu by L2 Linker
  • 20697 Views
  • 6 replies
  • 0 Likes

Want to allow SFTP only and not SSH Traffic

Hi Team, I am trying to achieve my requirement however, unable to achieve it. Please review my requirement below and suggest your thoughts if there are any possible way to accomplish. I want to block SSH traffic and at the same time i need to allow SFTP traffic for our users. I have referred to some KB Article and that states in order to allow t...

SahulH by L3 Networker
  • 19125 Views
  • 5 replies
  • 0 Likes

Failed active/passive HA Upgrade from 8.1.4-h2 to 9.0.3

Hello community - I have a case open with support, but I am looking to see if anyone else has an idea for me while they are looking at my tech support files. I attempted to upgrade an active/passive HA pair following the Palo Alto Doc. I upgraded the secondary from 8.1.4-h2 to 9.0.3 and rebooted. I am now at the step where I would suspend the pr...

Rename Panorama template and template stack

Hello, We have a few firewall clusters managed by Panorama and are looking to change the naming schema for templates and template stacks. Does anyone know if changing these would have any affect on firewall operations? We previously changed the zone naming of firewalls and saw that it had major affect on VPN tunnels terminating on that zone as i...

URL Filtering Whitelist

Hi, We have a case that 1 user would like to access URL (example a.com) that is currently blocked in existing URL filtering profile. We know we can allow this by 1. clone existing URL profile and add a.com into allow list or add it through custom URL.2. create firewall policy above existing rules to internet to allow this specific user id / IP a...

L1_ENG by L1 Bithead
  • 5855 Views
  • 4 replies
  • 0 Likes

Resolved! DNS sinkhole database view or test

We are finding that even domains configured as malware/c2 are not getting sinkholed. I'm aware from other posts, that these are not the same database on the firewall. Why are these not persistent? Why would you not flag on a DNS lookup that is out to resolve a malware/c2 domain - and NOT sinkhole it? Is the DNS database something that get...

Sec101 by L4 Transporter
  • 8269 Views
  • 4 replies
  • 0 Likes

DNS proxy

HelloIn one of my subnets I'm using google 8.8.8.8 as DNS server (received via DHCP).But only form one entry I want to provide my own FQDN and IP.Could I use DNS proxy feature for this ? (enable DNS proxy with primary DNS server 8.8.8.8 and add static entry with my FQDN and IP) Thank youKonrad

polak71 by L1 Bithead
  • 2211 Views
  • 1 replies
  • 0 Likes

NFS datastore change

Customer integrated NFS datastore with panorama to store logs. Now they are planning to change old NFS data store with new NFS data store, But their concern is they want old NFS datastore logs to be retained in new NFS datastore after migration and then new logs need to be logged to new NFS datastore. Please let me know if this is doable, I’m no...

SSL decryption troubleshooting

I am trying to get SSL Forward Proxy working properly, generally it seems to be OK but I have a site I have tested is for the bank hsbc that gives an error.. Certificate ErrorThere is an issue with the SSL certificate of the server you are trying to contact.Certificate Name:IP: 91.214.6.22Category: not-resolvedIssuer:Status: unknownReason: I h...

HA traffic through Cisco Switch

Hi Team ,Can we route HA traffic between two 3260 firewalls through cisco switch using L2 vlan. My requirement is to run firewalls in HA and devices will be in different buildings. Buildings are connected with dark fiber. As PAN dedicated HA ports are ethernet i have to use another converter or switch to make them communicate in HA ports. i did ...

Resolved! Panorama Dynamic updates

HelloI use Panorama to manage my firewalls, I configured Panorama for Dynamic updates (antivirus, Application & Threats) but, when I go to "Device Deployment / Dynamic updates", all versions are in middle of December 2019. When I "check now", I have no issue about an connection error but the new version of antivirus, App & Threats are no...

Resolved! Minemeld O365 doesn't have latest IPs

Seeing an issue using minemeld and O365 IPs and not having the same IPs that Microsoft is advertising that need to be allowed. Is there any easy way to confirm what is there and and what isn't via minemeld? I've been using for awhile but only now did I notice that some of the CIDRs aren't coming across via minemeld.

drewdown by L4 Transporter
  • 12618 Views
  • 10 replies
  • 0 Likes

Resolved! 64-bit User-ID Agent Software

Hi,The Installation instructions for the User-ID Agent software remind you to ensure you've downloaded the correct version of the software (32 or 64-bit).However I can't find the 64 bit version of 8.1.10 anywhere, only of the Credential Agent. Anyone know where it is?? I've tried installing the 32-bit version to Windows Server 2016 instead but t...

Anyone else notice these "Load Config Partial" syntax changes in PAN-OS 9.0?

Doing my first migration to PAN-OS 9.0. We've migrated the config using expedition, but when I try to use the load config partial commands I keep getting a "Invalid syntax." error Example on how it used to work- load config partial from MT-fixed.xml from-xpath /config/devices/entry/vsys/entry/tag to-xpath /config/devices/entry/vsys/entry/tag m...

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks