This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4229 Views
  • 0 replies
  • 0 Likes

Active/passive vs active/active recommendations

Hello, We are about to work on a Paloalto cluster deployment, which will be sitting next to the internet (we will have two separate providers) and we need to make the decision whether we configure it as A/A or A/P.I keep reading in quite some places (forums and so) that A/P is Paloalto preferred way. That is also my first option, but I would lik...

Resolved! SSL Decryption for Office 365 and Sharepoint

We want one user to access sharepoint and sharepoint only via the internet, everything is to be locked down. We have gone through the KB below.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTDCA0 It says to enable SSL Decryption. Do we need any certificate, Decryption Profile setup for this? Or the following setup is...

SampleScreenshot.jpg

Global Protect External Gateway - saying only manual gateway exits

All of the sudden, in our global protect setup(Pre-Logon-Always-On, internal host detection, we were able to switch between internal and external networks and Global Protect would always reconnect. For about a month this has not been working. I got around to looking at the logs and see the following: (T14316) Debug(4604): All external gateways...

Certificate for gateway

My CA is Portal / Gateway firewall it is having different template group and LSVPN HUB firewall on different template group. I have created new certificate for HUB gateway on Portal/GW template , exported it from template group and imported it on HUB firewall template group it is giving below errorupload--private key - passphrase invalid inpu...

Resolved! Unable to view Global Protect Authentication Logs

Logged into Panorama CLI and typed this is:show log system eventid equal globalprotectportal-auth-succ No logs showed up. Also tried from the gui:Monitor > Logs > System and filter using (eventid eq globalprotectportal-auth-succ) Still nothing...is there a setting that needs to be enabled in order to view the GP auth logs? Thanks!

Resolved! IPSEC VPN NAT issue

I have a VPN request where peer's IP range is conflicting with one of my internal IP range. They are asking me if I can do a NAT on my end to resolve it but based on my experience it must be them who should do a NAT. please correct me if I'm wrong.

Not able to introduce "?" in log-link

Hi, Im trying to configure a log-link web with the character "?" in the middle but the PA is deleting this character "?"Do you know if there is any way to put the question mark character "?" in the URL for example this:set deviceconfig system log-link VirusTotal.Dst url https://www.virustotal.com/en?/ip-address/{dst}/information

BigPalo by L4 Transporter
  • 7363 Views
  • 7 replies
  • 0 Likes

Auto switch between internal & external gateway

If I mix external and internal gateways in the same portal.Does GlobalProtect automatically switch gateways when users work in the office or work outside? In the current situation, when I use GlobalProtect in my office or office, I need to manually switch portals.It does not automatically switch.

Resolved! Pending changes are not coming up in “Preview Changes” Tab

Hi Team, pending changes are not coming up in “Preview Changes” Tab.This is seen every time we try to commit changes and multiple Palo Alto firewalls are showing same behavior.A blank page is coming up when there should me details displayed regarding the changes made from last saved configuration state. Note:Model: PA-3050PAN-OS: 8.0.9 Does any...

123.png

Policy Optimizer Additional Apps

Hi, we have Policy Optimizer enabled and looking at the data there appears to be 'seen' apps that are not actually allowed by the rule: I'm thinking someone edited the rule (from perhaps 'any' to 'sip') but cannot confirm in the logs (rule is also set to application-default). Can anyone otherwise explain this? cheers, Simon

spi.PNG

Understanding AppId Dependency Implications

I've run in to a few instances where I need/want to allow a specific App with a specific policy, but it has a dependency I don't want to include with the same policy. I'm wondering if I need to rethink how I arrange these rules. The most recent example is actually Palo Alto Traps. There is a traps-management-service AppID. I've setup a rule for ...

PANORAMA PA Firewall Management -> entire backup of the Firewall Running Config

Hi, we are managing a pool of PA Firewalls using Panorama. Some of the settings are pushed to the managed devices via Templates (i.e. several additional users, shared objects, etc.). Device Config is saved on a regular basis on the device itself as well as on the Panorama. However what I do not understand is that, if I save and export the device...

Resolved! SFP Compatibility PA3050

Hi We have a PA3050, and we have 4 SFP like this: SFP HP X121 1G SPF LC LX So we would like to use 2 SFP to do a aggreagete link in PA. Is this SFP compatible with PA3050? thanks a lot

SFP + modules for PA 5220

Hello we have PA 5220and we need to connect SFP+ modules.We have Finisar SFP plus module but it does not workCan you recommendme any third party SFP+ module which is sure to work

Radmin_85 by L4 Transporter
  • 13719 Views
  • 9 replies
  • 0 Likes

Resolved! Palo Alto is not reading full URL

We have an in house mail server which have different URLs to access its web mail and administration center. We want to block administration center access from Internet. I tried using URL Filtering but Palo Alto is not reading full URL and only showing host name in URL Filtering logs, I have also imported the the email server ssl certificate on P...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks