This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

Source and destination based on NAT using DHCP

Hi, I am setting up a PAN device. On ethernet1/1 I have it set up to DHCP. I then will have a computer connected to ethernet1/9. I want to set up both source and destination based NAT. From what I understand in order to do this I would need to create an object. Is there any way to set up an IP based object that will be whatever the IP is that an...

golariu by L1 Bithead
  • 2278 Views
  • 1 replies
  • 0 Likes

Resolved! Change physical port in Active PAssive PA going to ISP

PA is in Active Passive mode. Current uplink connection from active PA going to ISP is 1Gig.We need to change the uplink port on the active PA that can support 10gig. What is best method to do this without causing least amount of outage?

MP18 by Cyber Elite
  • 6350 Views
  • 12 replies
  • 0 Likes

Need to clear traffic or reset the tunnel to access

We had site to site vpn tunnels and traffic is always stuck and until unless we reset or clear the traffic the access is not working. Any one have experience . The VPN tunnel never go down only the traffic PA to Sonic wall any recommendation on how to troubleshoot this issue ?

NavidAlam by L3 Networker
  • 7498 Views
  • 4 replies
  • 0 Likes

Decryption Broker with Policy Based Forwarding

Hello, I'd like to know if it is possible to use decryption broker with policy based forwarding on the same interface of the policy based forwarding as the scenarios is as the following :We have a Bluecoat proxy connected to Palo Alto firewall using Policy Based Forwarding/Routing (PBR) so we want to know the possibility of making ssl decryption...

Palo Alto - GPVPN - IPSEC b2b

My current role is as a Network Architect and I am working with our security team to get some Palo Alto firewalls setup to provideGPVPN access and also IPSEC b2b connectivity. Our initial design has a single external public address to host the GPVPN traffic and the IPSEC b2b traffic and works ok. We are currently discussing the option of impleme...

mcronin by L0 Member
  • 5778 Views
  • 3 replies
  • 0 Likes

Limit Download per IP

In NG firewall, is there a way to limit the download per IP per day.For eg, One Ip should have only total 1GB download/upload usage a day.It's like somewhat ISP does.

unable to access internet from vlan

Hi,i am configuring PA-220 software version 8.0.9. i wan to create a vlan and allow them to access the inter net i have seen some video but i am unable to access the inter net i am even unable to ping my vlan gateway. is there any thing i can do ?

Screenshot (9).png

MineMeld into Proofpoint TRAP

I am trying to integrate MineMeld and Proofpoint TRAP. It should be relatively simple and feel I am overlooking something. The first step was easy. Create an output using stdlib.taxiiDataFeed. Because this is the community edition auth is turned off by default. (Leaving this off until things are working) In TRAP you have the following fields: UR...

Romans6 by L1 Bithead
  • 3981 Views
  • 1 replies
  • 0 Likes

Resolved! Threat Map Bubbles

Hi,When I view the threat map, It shows a large bubble in the middle of the atlantic ocean that is labelled "reserved" what is this?Any help is greatly appreciated.M

charger by L2 Linker
  • 4689 Views
  • 4 replies
  • 1 Likes

Kill Login Sessions

Hi,Is there a way I can kill or log out other administrators that is authenticated in Palo Alto Management? Hoping for your assistance.Thanks,Xer

Windows based user ID Agent Setup

Hi Everyone, Hope everyone doing well. we have setup a windows based User ID. but one problem I saw with that is, it is receiving accounts with $ sign in the last. I believe these are service type accounts and if yes we would like to exclude them on the firewall as we don't want the service accounts to be allowed to go to internet. we have 5650...

Global Protect 5.0.4 portal not found

hello team, we have this client running his ISP thru E1/3 (secondary ISP service), he wants to allow the Global Protect client thru this conection, however, after configure the portal and gateway in the PA-500, we test in the agent installed and we got the follow logs from the GP Client engine: (T22764) 09/26/19 19:56:27:735 Debug(4523): No need...

Template Variables

I didn't find the documentation that helpful regarding template and template stack variables, so I'm writing this post that will hopefully help someone out with creating their first variable. In my example below, we used a template variable to change the next hop IP address in a static route used by the virtual router. Each branch had a differen...

1.jpg
2.jpg
3.jpg
kalakai by L2 Linker
  • 10474 Views
  • 2 replies
  • 5 Likes

Users connect to Global Protect even with expired certificate.

Hi.I've been detecting that some users have their VPN certificate expired and still manage to connect to the Global Protect VPN.The Global Protect settings are correct, since most users if their certificate is expired do not let them connect.Globalprotect version: 4.1.9PAN-OS version: 8.0.15 Will it be some configuration error?

SaulGlz by L1 Bithead
  • 6671 Views
  • 2 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks