This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Resolved! DPD bug with ipsec on 9.0.5

I have a IKE1 tunnel setup.Life time for ph1 and ph2 is 8 hours. For some reason the other end drops at 6 hours .. not sure why. But the PA keeps the tunnel up. I have confirmed this numerious times screen sharing situation and I can confirm that no packets have come from the other side for over 30 min. My DPD is set 10 2 ... in 20 sec it shoul...

HOW TO Allow interface to access ethernet interface configured as Managment

We have a 2 system (firewall and RHEL7 server) configuration that has been set up to allow management access through ethernet1/11. What i am trying very unsuccessfully to do now is configure ethernet1/12 to be able to connect to the managment interface.1/11 is set up to do DHCP so our laptops can connect for GUI use. I would like the RHEL7 serve...

rwolsen by L1 Bithead
  • 10208 Views
  • 6 replies
  • 0 Likes

Resolved! Log forwarding issue

Hi team, i have deployed palo alto firewall on AWS environment and ran into some issues when trying to send the logs over to a syslog server.when i use a syslog server that is not in the same subnet as the management interface and tried to manually set the right 1.interface in the service route configuration it didnt let me choose any of mu inte...

Suspicious traffic from internal to External IP

Hi All, Recently on my SIEM console. I could observe the web traffic from the internal host machine towards the blacklisted IP over the port 443. Alert was flagged by the PaSeries (Palo alto firewall). Two events I have observed 1) CryptoMiner.Gen Malicious Script Detection2)Traffic End First event contains below informationApplication=web-brow...

GlobalProtect on Android - what a pain

Hi everyone! I'm in the process of implementing VM-50 along with GP on a small network with adults and children. The idea is to make successful parent control of what kids can and cannot do and, at the same time, grant more privileges to adults/parents. To have this implemented all packets from/to kids' phones/laptops have to go through the PA F...

ovel by L2 Linker
  • 3486 Views
  • 1 replies
  • 1 Likes

Resolved! Restoring a saved configuration to new hardware

I'm getting together information for an upcoming disaster recovery test at our DR vendor's location and I'll be bringing up a PA firewall. I was curious if there is information about version compatibility. For example we are currently on version 9.0.4 and I'm exporting the named configuration candidate-configuration, the latest configuration ver...

Updated Azure JSON Miner?

So I'm looking at the Azure miners and they are referencing https://www.microsoft.com/EN-US/DOWNLOAD/confirmation.aspx?id=41653 which is being deprecated by MS and discontinued in June 2020. It says to use the following links for the new JSON files Public: https://www.microsoft.com/en-us/download/details.aspx?id=56519 US Gov: http://www.microso...

Resolved! can we configure a data interface to perform HA path monitoring?

I would like to configure HA failover condition that utilizes my data interface to perform path monitoring. this way, firewalls will failover when there is a routing issue. I don't see an option to use a source interface/ IP under HA-path Monitoring-Add virtual router path.is there any way to accomplish this?Thanks.

No logs on PA-200

I have inherited a PA-200 and recently just upgraded it to PAN-OS 8.1 and installed it. I have activated the licenses and subscriptions committed changes and reboot the device, but i am getting no logs at all with the exception of system logs. Have i missed something or are there bigger issues going on?

Resolved! Dynamic updates schedule from Panorama

I see PA have changed the behavior of dynamic updates push from Panorama to managed firewalls from PAN OS 7.x to 8.x. As per PA, in 7.x panorama will push the updates to managed devices. But from 8.x, managed device itself retrieve the updates from Panorama. Can someone please help to explain in brief on how firewall will come to know about the ...

PA.PNG
Rajesh12 by L3 Networker
  • 13396 Views
  • 8 replies
  • 1 Likes

Need to decide method of Paloalto firewall deployment L3 or vwire in an existing network infra

Hi, I have many sites with different network infrastructure in different countries and i would like to deploy Paloalto firewalls below wan link, please help to to decide method of Paloalto firewall deployment L3 or vwire in an existing network infrastructure I have been assigned to study the infrastructure and decide L3 or Vwire and to give th...

How Do You Authenticate Users From Specific IP Ranges for Admin Device Access?

Palo Alto integrates with a number of products; which usually require specific user accounts on the firewall. If your firewall has management access exposed to the internet all of the accounts can be used to log into the firewall. Would it be possible to limit device management for certain users access to specific subnets, such as RFC 1918? Exa...

blwavg by L2 Linker
  • 5316 Views
  • 3 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks