This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Issue on updating cert on Palo Alto FW pair

I got an issue to update a cert on PA pair.The issue is very similar to what it describes underhttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldECASI import the new cert to both PA FW units and change config to use the new cert. However it comes with config out-of-sync issue and somehow the new cert on passive unit is...

PAN-OS 9.0 Static Route Commit Warning

Just a note here that I am getting a cosmetic warning during commit of a newly-upgraded PA-220 (my lab box) to PAN-OS 9.0. Prior to the upgrade, I had a static route in my virtual router, to redirect all traffic going to 192.168.1.0/24 to my tunnel.4 interface (which is an IPSec tunnel to another firewall). The route does not specify a next-h...

can't able to get response for show running security-policy command from the device via SSH

we are using Paloalto PA-5220 PAN-OS 8.0.7 virtual firewall. using a third tool we trying to fetch the policies using the command "show running security-policy". when the command is entered it stays still and the policies are not shown. It happens sometimes only. But other times we are able to fetch the policies correctly. couldn't able to find...

samgowri by L0 Member
  • 7911 Views
  • 6 replies
  • 0 Likes

NAT

HI,when do we use the destination nat ,source nat and identity nat I mean what is the use cases for the above Thanks

simsim by L4 Transporter
  • 5262 Views
  • 2 replies
  • 0 Likes

Interface issue - see traffic but no arp entry for gateway

We have an issue with an interface that is talking weirdly. We have changed ports to rule out hardware, and I can work ok with a laptop in the same switchport. The line comes from Verizon's media converter to a switch that is connected to the pair of HA firewalls and an HA pair of load balancers that use different addresses in the subnet. The ...

Document on VM information sources for Windows User-ID Agent?

Anyone have a good document or link on the windows user-id agent for monitoring VM information sources? Looks easy enough to setup on the windows agent, but how does it monitor/parse logs and what exactly does it do when making the connection/permissions for the account?

Sec101 by L4 Transporter
  • 3848 Views
  • 2 replies
  • 0 Likes

Resolved! PC connected to Management Port

Need to know this--- when we plug the Laptop on Management port and assign it ip 192.168.1.3 we can then access web gui 192.168.1.1 how?normally management port is up when you connect that it to switch that make sense to me.but here it is connected to PC with IP 192.168.1.3Here both ends of the cable are connected to PC and PA management port.Ho...

MP18 by Cyber Elite
  • 8179 Views
  • 8 replies
  • 0 Likes

Resolved! Is there any way I can make an "Easy Button" for help desk to enable/disable PBF rules?

I'd like to create a script or some kind of quick method to disable a PBF rule. We have a dual-ISP setup, and sometimes one ISP will get extremely slow. But it doesn't actually go down, so it doesn't trigger the PBF rule, and we're left with nearly unusable internet.As the only "firewall guy", they basically have to wait on me to disable a PBF r...

Maxstr by L3 Networker
  • 6480 Views
  • 5 replies
  • 0 Likes

Resolved! Security policy using wildcard destinations and NON http/https protocols

Dear community We are dealing with a request for a firewall rule which is supposed to allow SMB traffic (TCP 445) to a wildcard destination like *.subdomain.example.com out on the internet. So this made me think about how we should implement such a rule and I am not even sure it can be done or at least I don't know how. If this would be HTTP/HT...

TiborNad by L1 Bithead
  • 8916 Views
  • 3 replies
  • 0 Likes

App-ID - ms-rdp not allowed, traffic being blocked as cotp

Hi All, Were running 7.1.14. Ive created a rule to allowed ms-rdp to the rule. Ive checked first if ms-rdp has any dependencies, there is none. It implicitly uses cotp and t.120. So from what i understand from the meaning of Implicitly uses, i only need to allow the main application which is ms-rdp and in turn it will allow implicitly cotp and t...

Usage Difference between SSL Forward Proxy and Inbound Inspection Decryption mode

Hello i have read the articles regarding the types of ssl decryption: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV8CAKhttps://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/decryption/decryption-concepts/ssl-forward-proxyhttps://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/decryption/decryption-concepts/s...

Template Stacks for HA (Active\Passive)

Looking to deploy template stacks to all of our managed firewalls from our Panorama 8.1.x. I am wondering how to deploy STACKs with values unique to each individual in a HA (active\passive) pair. Some settings would include: Hostname,HA configurationsOther device unique settings When we create seperate stacks for each firewall we get an error (a...

Palo Alto 8.0.7 basic ospf configuration not working with aruba switches

Folks, We have 2 Palo Alto FW and 4 aruba switches in the same area (area 0), we are noticing that the aruba fw is loosing neighbor relationship with the routers every couple of seconds 30-60 seconds. The configuration is very simple, any ideas? guys i have palo alto and aruba switch in the same area and there neighbor relationshio ...

tpahuja by L0 Member
  • 3079 Views
  • 1 replies
  • 0 Likes

Adding filter "?v=panosurl" broken access to all websites

Custom URL category is configured to block phishing URLs collected from Linux MineMeld server through EDL. For some reason adding filter "?v=panosurl" (https://10.9.0.60/feeds/phishing-url?v=panosurl) to retrieve URLs in PAN-OS supported format (malware.com) is creating issue as all the websites are categorized as phishing and blocked. Using wit...

Resolved! PAN-OS Software Release naming?

Just upgraded to PAN-OS 8.1.9 on our PA-500 a few weeks ago. Just saw that 8.1.9-h4 is available now. Wondering what the significance is of the "h" in the name of the release version.

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks