This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Resolved! load config partial - from local file to security ruleset

First issue:I am trying to get load config partial working from local file , address objects , address groups, service groups and security and NAT rules, to local firewall. I am used to doing load config partial on PANORAMA to device groups.. but not local file to local FW.. cant quite pin down the API XML format, even when looking on local ...

Global Protect UpGrade Windows Installer

Pushed the global protect client out through SCCM. Which works, but when the auto update is applied, we end up with the windows installer issue. the msiexec /Option error I have checked to make sure no other installer is running, and there is nothing. Has anyone been able to solve this issue?

Resolved! Security Profile - Mass change - Is there an easy way?

I received a request to change the current security profile on 3,502 policies (spanning three VSYS) from a shared profile to a local profile. Is there a better way to do this than doing them individually through the GUI? I don't even want to think about how long this would take if I have to do it through the GUI, not to mention the arthritis I'l...

Resolved! AlienVault taxii miner versus prebuilt reputation data miner

AlientVault has the OTX with a taxii feed configuration which looks like it could be handy. However the miner for the alienvault reputation has a link which 404's. Does anyone have any idea if this overlaps? Also the AlienVault taxii feed would require an API key, I'm not entirely sure how to set up a new miner for taxii which requires an API ...

chirss by L3 Networker
  • 25090 Views
  • 21 replies
  • 0 Likes

Path Monitor... source IP must be within the same subnet as destination?

I'm trying to monitor the availability of one tunnel, to re-route the same destination traffic into a second tunnel. The other side can't do routing protocols right now--which would solve this easily. I hoped to find a non-manual way to fail over. I read in a discussion that the SOURCE IP and destination IP have to be in a single network. The d...

Royalfr by L2 Linker
  • 7625 Views
  • 2 replies
  • 0 Likes

Allow techblog.netflix.com without allowing netflix-base?

Good day, if you try to open http://techblog.netflix.com our PA currently recognize it as netflix-base.Is there a way to declare it as normal web-browsing if they try to open the techblog page since we don´t want to allow netflix-base for our users? Thanks

TZwoll by L0 Member
  • 3299 Views
  • 1 replies
  • 0 Likes

Global Protect pass OpenVPN traffic?

We have deployed GP full tunnel VPN across the enterprise. We have some departments using OpenVPN, My question is why can't users use OpenVPN without having to disable GP first. thanks,

URL Filtering Response Page

Hi All, I have created a custom response page for a vsys but I need two of these within a VYS so they are served depending on the source IP address. Example, if user comes from within 10.10.10.0/24 I want to serve a response page with policy details for customer Aif user comes from within 10.10.20.0/24 I want to serve a response page with policy...

a.jones by L3 Networker
  • 2502 Views
  • 2 replies
  • 0 Likes

Security Policy Actions- Vulnerability

Dear All, Kindly help me understand below query - We would like to configure Security Policy Action "Block IP" for Critical, High and Medium level Vulnerability signatures for 3600 sec. As per understanding traffic from source-destination pair; Configurable for a 3600 seconds (period of time) will be blocked. However request you to clarify whet...

Resolved! Global Protect Windows 10 issues

Hi folks. I'm running into an annoying issue with some Windows 10 workstations and Global Protect. Global protect will install, and run for an unspecified (and variable) time on a given workstation. Connected, working, no problems. After some period of time, for no reason, it just won't connect. Sits at "Still Working" in the status box and neve...

darren_g by L4 Transporter
  • 19599 Views
  • 2 replies
  • 0 Likes

Resolved! Implicit Applications with cotp/ms-rdp in security policies

Hello everyone, Been testing some PA firewall functionality and noticed that ms-rdp has the implicit use of "cotp" defined, but the cotp application matches to a rule further down the policy list. When I review the logs, it looks like this Am I misunderstanding having cotp as implicitly allowed by the ms-rdp application? Not sure why ms-rdp is a...

PAFWRDPCOTP.PNG
MathewRD by L0 Member
  • 7354 Views
  • 1 replies
  • 0 Likes

Up gradation of PANOS 8.0 to 8.1

We have PA-820 deployed in Active-Passive HA mode running PANOS 8.0. Today i received a notification that PANOS 8.0 will be End of Life on 31st Oct 2019. Hence I have to upgrade the PANOS of both firewalls, preemption is enabled on both firewall. Please share the procedure / best practices of upgrading OS in HA (Active-Passive) with no traffic o...

  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks