This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4228 Views
  • 0 replies
  • 0 Likes

Restrict GlobalProtect connection from a single Linux computer

Hi everyone, I must to implement some VPN access control based on computers. By this way, a user will only be able to connect to VPN if agent is executed from a specific computer. I have read the documentation but I don't find if I can restrict the computer from where a user connects to VPN. All VPN clients are Linux and the control can be based...

Resolved! "Wrong" IP netmask object definition

Hi,I am a new bee in PA. Can any answer very basic question.I have seen IP Netmask object defined with non-zero host portion and mask smaller then /32 in some firewall configurations..Like this: 192.168.1.1/24 . How does this work. Is that host object 192.168.1.1 or network object 192.168.1.0/24 . RegardsRoman

mikesr by L0 Member
  • 4477 Views
  • 3 replies
  • 0 Likes

Https traffic to http

Hi Guys, I have a webserver hosted for public access using http. Now I want to know is it possible to NAT traffic entering to palo alto as https from outside to http as inside. So user will try to connect server using public IP on port 443 their port would get transalated to port 80 and go to internal destination server using destination NAT. IN...

User-ID in multiple vsys failing for vsys2

Both vsys1 and vsys2 are using same agentless settings and are accessing same DC servers. While vsys1 shows as connected vsys2 shows nothing under status and system logs show 'connect-server-monitor-failure'. I have rechecked password in both vsys but that doesn't seem to be the issue. or is the issue just cosmetic in GUI. Server: dc(vsys: vsys2...

raji_toor by L4 Transporter
  • 3186 Views
  • 1 replies
  • 0 Likes

Resolved! What traffic will be generated when select "Collector Group communication" on ethernet1/1 on panoram

Hello Everyone, I deploy two VM Panoramas for ha, and checked the setting "Enable log redancy across collectors" under Collector Group. Because of the both two log-colllector can copy logs each other, so I would like to separate function "Collector Group communication" to ethernet1/1, and use a cablle to connect directly for two vm panorama. My ...

Cisco Policy Based VPN - ProxyID Query

Hi everyone, I am receiving the below error on a Palo to Cisco policy-based VPN. 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 10.45.33.253/32 type IPv4_address protocol 0 port 0, received remote id: 10.104.58.0/24 type IPv4_subnet protocol 0 port 0.' Does ...

baz00r by L0 Member
  • 2885 Views
  • 2 replies
  • 0 Likes

Resolved! Security Policy destination and/or URL category clarification

Hello, can someone please tell me the best way to implement minemeld custom IP and URL blacklists? We have just built a minemeld server and have both a list of IPs and URLs. Currently have just one OUT rule like below but should we have 2 - 1 for IP destination and 1 for ANY destination but for particular URL category? We are unsure if the URL c...

michelle79_0-1575864515370.png

Generating SSL Decryption Forward Trust Cert for an HA Pair via Panorama?

I've successfully rolled out SSL Decryption on a bunch of non-HA firewalls via Panorama. Generating the .CSR, signing it with my CA, and then importing the .CER but I'm wondering if this is going to work with my HA Pair because I'm guessing that I'll have to have two different certs because there's two different physical boxes. Has anyone done t...

Resolved! Force Template Values

Hi If someone overrides a setting locally on firewall, can this be further overidden by Panorama using force template values? ... and is that instance what happens to the green and orange cogs? Thank you

nawaza by L2 Linker
  • 8691 Views
  • 2 replies
  • 0 Likes

Router on a stick with VLANs

I have a single HPE 5400 that links to a PA-820. I have an untagged p2p VLAN on a Layer3 interface on the PA. I use this as the "MGMT/LAN" side. The HPE is doing routing for internal networks. To add another VLAN, I tagged that same port on the switch, and I add a sub-interface on the PA with the appropriate tag.So, the uplink between the switch...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks