This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Direct web traffic to internal proxy

For some reason oun of our MS GPO's is failign to apply ( or rather is wiping ) proxy server settings for our users. The users shoudl be hitting the proxy before going through the PA, but it's broken.USER-Website:80:443 --> PROXY:8080 --80:443--> --PALO --> WORLD I am trying to fatom how to get teh PA to transparently pass traffic to ...

fw1.jpg

Caveats for changing interface netmask?

I've got a client that wants to expand the network range on one of their interfaces for additional DHCP scope space, moving from a /24 to a /23. I wanted to check if there are any caveats to this on the PAN side? Will the update take effect as soon as the change is commited?I'm currently scoping out the rest of the network to confirm if anythi...

migrating configuration from physical appliance to Azure VM

Hi community, I´d like to check with you if there´s a way to migrate/adapt the configuration from a physical firewall to be imported into an Azure´s VM? Could it be possible importing into the Migration tool both configuration files...1. snapshot from physical appliance2. the sample configuration file from Github repositoryhttps://docs.paloalton...

Carracido by L4 Transporter
  • 4672 Views
  • 1 replies
  • 0 Likes

URL Filtering Issue

Hello Community, I want to block one specific https URL (without applying decryption rule) but the traffic is being allowed by the lower policy. I have applied many combinations with the wildcards but none of them works.Can someone please help me with this.

JAIDEEP by L0 Member
  • 2454 Views
  • 1 replies
  • 0 Likes

Asymmetric Routing and TCP Syn Check

Hello All, I have a scenario where I will be having two ISP's (ISP-A and ISP-B) connected to the PA Firewalls via eth1/1 and eth1/2 interfaces. Both these Interfaces will be in the same untrust-zone. ISP-A will be the primary one and ISP-B the backup with some prepends and local preference for incoming and outgoing traffic.However, ISP-B has con...

Anjush by L0 Member
  • 5601 Views
  • 2 replies
  • 0 Likes

Global Protect and google play traffic from mobile

Hi all , I am running PAN OS 8.0.19 and GP 4.1.12 and users cannot access google play store while they are connected to the VPN from androids . I have tried with spli tunneling including 63 subnets from google and I have tried full tunnel defining in the ACLs IP any any just for tshoot but it seems I am getting in but cannot download any app . ...

Resolved! SSL Exclude Option Missing in 8.1

Hi Community, I noticed, that in 8.1.x (7,8,9, 9h4) the "SSL Exclude Option" in Device > Certificate Management > Certificates is missing.The PAN-OS 8.1 guide mentions this option on page 198, and you can see it in a screenshot in this KB point 7:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUjCAK Does anyone...

Chacko42 by L4 Transporter
  • 5198 Views
  • 2 replies
  • 0 Likes

Resolved! LSVPN Satellite Deny specific subnet to Publish to gateway

In LSVPN VPN setup how can we deny specific subnet to not advertise to gateway. I have selected Publish all static and connected routes and I want to deny some of static routes of them , how can we do that ? I know we can disable public option manually and add each subnet apart from that with enabling publish option is there a way we can deny it...

Multicast with Chromecasts confusion

Background: I have a trust zone on ethernet1/2 192..168.1.0/24 and an iot zone on ehternet1/4 10.10.10.0/24 and I want to be able to cast things from endpoints (mobile phones and laptops) to the chromecasts on the iot zone. It seems like multicast (aka mDNS) is the trick however I am not sure I am going the right direction or if this is even...

multicast1.jpg
multicast2.jpg
secpol.jpg
hshawn by L4 Transporter
  • 10225 Views
  • 2 replies
  • 0 Likes

Resolved! Ubuntu

Hello, can anyone tell me what version of Ubuntu I should use for MineMeld ?

Autofocus MineMeld - how to access output node that requires authorisation

I need to create O365 IP/URL EDLs but when I try to access the output nodes I get "Unauthorised" message unless I sign into AutoFocus in the browser. Needless to say I cannot do the same on a firewall. How do I allow anonymous connections to a feed in Autofocus MineMeld or use authentication when configuring EDL on a firewall?

Config Files Backup

Hi.I have PA850. According to this link (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm7yCAC) I configured backup with local Superuser account. Everything is OK. But then I created new Admin Role named backupadmin and new account palo. This account's profile is backupadmin. I attached screenshots. The aim is I don't...

1.JPG
2.JPG
3.JPG
4.JPG
Outlaw by L0 Member
  • 3112 Views
  • 1 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks