This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

All traffic through LSVPN (or LSVPN route metric)

I want all satellites to route all traffic through VPN tunnel when it's available. In GP gateway if I leave Access Routes emtpy or if I publish 0.0.0.0/0 to the satellite I get the default route with metric 100 on the atellite. But that means the static default route entered on initial configuration of satellite will still remain the active rout...

santonic by L6 Presenter
  • 8343 Views
  • 6 replies
  • 0 Likes

Policy Optimizer Apps

Is it possible to add the apps seen by the policy optimizer to an application group already created? I feel like this should be easy, but I can't seem to be able to do it. It appears you can create new app groups but cant add to current? Am I missing something?

Resolved! HA2 connection with HSCI port and distance of 30 km

On PA 5520 with active passive mode is it possible to use HSCI port for HA2 connection if distance between active and passive PA is 30 km.I read some QSFP+ transceiver support 40km with single mode? Need to confirm here if this is possible ?

MP18 by Cyber Elite
  • 5920 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect setup frustration

Hello -Originally, I was going to setup GP with RSA MFA using this document: "RSA SECURID® ACCESS Implementation Guide Palo Alto Networks Next Gen Firewall 8.0" It is written by RSA and is woefully lacking in detail and after seven hours on the phone with Palo support I decided to abandon that idea for now. At this point I'd just like to get GP ...

Shawverr by L3 Networker
  • 16710 Views
  • 23 replies
  • 0 Likes

Resolved! multi vsys security policy with ANY zone

I am testing multi vsys configurations in my lab and noticed that I am unable to use a source/destination zone of "any" in the device group security policy associated with vsys2. The default vsys1 accepts "any" zone. When I attempt to commit/validate to the device i get a error like the following attached. It seems as I can only have defined ...

Resolved! SQL Cluster Through PA Firewall

We have Palo Alto firewalls with version 8.0 and need to allow SQL Cluster synchronization from one zone to another. The servers are Windows 2016 with MS SQL 2016. I'm not a SQL expert but tasked with a firewall rule between these clusters. I appreciate any advice or help. Jeff

URL filtering behavior when used in conjunction with web proxy

Hello guys, I'll make it as short as possible. The summary of our system is below.Client PCs use must use an internal web proxy ("Proxy" in the diagram) when they want to access the internet.The internal web proxy then forwards the proxy connection to an external proxy. ("WSS" in the diagram)Palo Alto's ("PA" in the diagram) URL filtering is use...

Firewall receiving a HTTP 401 error when trying to access the Minemeld server

Hi All, I've configured an external dynamic access list with the relevant account username/password to reach our minemeld server. When I test the connection however using 'test source url' in the external dynamic list configuration, this fails with a URL access error. On the minemeld server log: 127.0.0.1 - - [26/Sep/2019:14:25:45 +0100]...

6.1.3 update issue: Threat database handler failed

Hey all-I tried updating a test box to 6.1.3 and encountered the error in the title. Per other threads, I tried manually downloading the latest content version and installing but it resulted in an error during install. Has anyone else encountered this with 6.1.3 yet?

SDorsey by L4 Transporter
  • 6227 Views
  • 3 replies
  • 0 Likes

Panorama pushed zone not applied to subinterface

Its a new firewall, with 2 interfaces in AE, zone configured and pushed through panorama template.When configuring L3 sub-interface for this AE interface, i can configure ip, vr but the security zone would not get applied to it.Both firewall and panorama at 8.1.8

raji_toor by L4 Transporter
  • 12642 Views
  • 6 replies
  • 1 Likes

Mac taking very long time connecting to global protect gateway and sometime they gets dropped

Mac taking very long time connecting to global protect gateway. We are using the clinet version 4.1.11-9.Pre-log on always on VPN. It tries and tries until it connects. Sometimes it drops the VPN and tries to reconnect. All I see suspicious from the logs are below. Can anyone please assist with this ?P 98-T7431 Sep 18 10:11:16:160862 Info ( ...

Nvempati by L1 Bithead
  • 6625 Views
  • 4 replies
  • 0 Likes

show objects registered-ip all

What does the below mean:received from user-id agent #: persistent I'm finding that some addresses are registered to a tag that I don't believe I've created, - a "Palo-URL-and not entirely sure where it came from.... however I'm reading that a restart may be required for a clearing of dynamic addresses? https://knowledgebase.paloaltonetwor...

Sec101 by L4 Transporter
  • 3481 Views
  • 2 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks