This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Allow downloading from Akamai or other CDNs

PANOS 8.1 Hi all - I have ongoing issues with trying to control downloading of files from CDNs. An easy example is .cab files used by Microsoft Office templates. When you download a template it goes off to a page off: templatesmetadata.office.net, but the actual file is stored in an Akamai cache. I have a policy matching a custom URL category, a...

SARowe_NZ by L3 Networker
  • 5516 Views
  • 2 replies
  • 0 Likes

Resolved! Multi VSYS, VRs and ARP tables?

Hello team, I will be deploying a couple of 3250s in HA and multi VSYS, and VRs. My main concern is that are we getting separate ARP tables per each VSYS/VR? Let me give you some more background about what we will try to achieve: We want to create 4 VSYS with their corresponding VRs, for example: VSYSa/VRa, VSYSb/VRb, VSYSc/VRc, VSYSd/VRd. I'm p...

clipboard_image_0.png

Resolved! Block all traffic but a single IP Address

Let me start by saying that I am not a firewall expert by any means but I think the task I have is simple. I want to block all traffic through a PA-500 except for a single conversation between a dedicated machine on each side of the firewall. Is there an easy way to do this? BTW the IPs are static on both machines.Thanks

hdaigle by L0 Member
  • 5628 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect VPN - Management Access

Hi, Does anyone know a way to get access to the panos web management interface over a globalprotect VPN? We are using three interfaces on our firewall; 1 - Management Interface2 - Trust3 - Untrust Global Protect is setup on the trust - and I have a rule in the Security Policy to allow access from my device to anything - however I can't get to th...

HyderB by L0 Member
  • 6349 Views
  • 2 replies
  • 0 Likes

Issues observed in PANOS 8.1

Hi All, I upgraded the PANOS from 8.0 to 8.1 last week, current version is 8.1.0. Now I am observing some issues. 1. Traffic logs are not showing source user.PA is connected with active directory via WMI, connection status is fine. Source User in security policy showing users from Active directory but traffic logs are not showing any user which ...

Resolved! Address to use for Tunnnel Monitoring with Azure VPN

I have used this KB article to configure an IPSec tunnel to an Azure networkhttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm6WCASThat has worked fine and the tunnel is up and passing traffic. However I want to enable tunnel monitoring. In the section "Tunnel Interface" point 2 says "Assign an IP on same subnet as th...

djr by L4 Transporter
  • 10260 Views
  • 2 replies
  • 0 Likes

Resolved! Log forwarding to Panorama from PAN-OS Firewalls for Threats

Hi Gang, Would like to clarify how one sees threat logs from the PAN-OS firewalls in Panorama. Panorama is deployed as follows: system mode = management-onlyVM Mode = VMware ESXi Firewalls = PA-3020 Version = All on 8.1.10I have configured log forwarding to Panorama but I never see any threat logs. Log forwarding profile below, it's set on polic...

clipboard_image_0.png

Resolved! Commit Function on Suspended PA

When PA is in active passive mode.I suspended the active PA and passive took over.This is fine. I did the config changes on the suspended PA and did the commit.I saw that config changes from suspended PA got syn with active PA?My understanding of suspended PA is that they are not in HA.IF they are not in HA then how come config syn happened fr...

MP18 by Cyber Elite
  • 3585 Views
  • 2 replies
  • 0 Likes

Default Trusted Certificate Authority missing some certificates

Hello Guys ... After enabling Decryption, I am facing issues while accessing some websites, most of the websites are working fine but some websites are not opening and i have to manually import the certificate of the website into Palo Alto trusted CA. Then only the websites are opening. Is there a way to update Default Trusted Certificate Author...

Upgrading

I need to update my firewall from 8.0.17 to the latest release of 8.1. In the past I was instructed to first upgrade to the base release for the PANOS, and then install the maintenance release on top. Is that still the way it should be done.? If I remember correctly, the base has to be there before you can upgrade to the maintenance release. I...

Application Override

Hi All,I have an application override setup and it is working fine. The reason for the override is because we changed the port number of the application to something other than the default. The way I have this setup is I created a customer application and then setup an application override policy.My question deals with the override policy. I h...

Resolved! SSL decrypt exclusion for url ec2-13-57-194-193.us.west-1

Hi Everyone, IP 13.57.194.193 ssl decryption exempt was failing and IIn ssl decrypt exclusion list I put *.amazonaws.com and still in traffic logs I see the IP 13.57.194.193 getting ssl decrypted. I have attached the nslookup for this ip. Can you please tell me how we can config ssl decrypt exclusion for below hostname?

clipboard_image_0.png
MP18 by Cyber Elite
  • 5287 Views
  • 4 replies
  • 0 Likes

Update to Notifications in Support Portal (CSP)

Attention Customers with Support Portal accounts: The Customer Support Portal's notification system has been updated to provide additional functionality and ease-of-use in responding to certain notification types. The updates to CSP notifications include the following: A much easier to read list of notifications with a more visible area The...

Resolved! GUI only works with Incognito

Hello -We replaced our palo last night and now the GUI will only open in Incognito mode in Chrome. I tried clearing the cache. That didn't help.

Shawverr by L3 Networker
  • 7318 Views
  • 6 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks