This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

advertising a default-route to a single eBGP peer in the Palo Alto.

Folks,we want to work on some specific BGP advertisements. Our aim is to propagate the deault-route to only on specific eBGP peer. So far what we have already done is configured a static route redistribution profile. This is done under "Redistribution Profile" under the particular virtual router. The we have attached this "Redistribution Profile...

nson2139 by L3 Networker
  • 4410 Views
  • 1 replies
  • 0 Likes

SPI Value in phase 2

I wanted to know that I could see the SPI value in the wireshark in site to site policy based VPN. So basically in base two there are two SPI value inbound and outbound, so if the attacker is capturing my traffic then he'd able to see my SPI value. that can be used by him to decrypt the traffic? Could you please explain why and how SPI are sent ...

Vpn access using GlobalProtect with AUTENTICATION TWO-FACTOR

We haveThe company want that all people accessing from GLOBAL PROTECT vpn CLIENT use the two-factor autentication. We have released an U2F USB security usb key for the email. Does PaloAltoNetork support an external Two-Factor Autentication for the VPN? If no there are plan to develop it? For us is very important the VPN GLOBAL PROTECT client ca...

panorama Device template HA setting error

Hello, I am getting an error pushing a template from panorama to a device as below Details:. High-availability ha1 interface needs a prefix length(Module: ha_agent). Commit failedWarnings: This is related to a HA settings. However i have manually set HA setting on each of the A/P PA pair so i have not configure any HA settings into the panorama ...

KarimSN by L1 Bithead
  • 4289 Views
  • 1 replies
  • 0 Likes

AD Server Showing "Connection Timed Out" So Captive Portal Redirection not working

Hi Team, I am having an query regarding the Captive Portal issue. Herewith, I have network flow diagram to understand better on the scenario. Network Schema: **** Both end Firewall are of same device Palo Alto only. => From Head Office Firewall, we are able to reach the AD Server residing on Data Center Firewall without any issues. However wh...

Network Schema.PNG
SahulH by L3 Networker
  • 5432 Views
  • 6 replies
  • 0 Likes

Panorama logging quotas

Does anyone know if you can configure logging quotas per device group(s) or firewall(s) My panorama is running 9.02 in legacy mode.

wibba by L1 Bithead
  • 2550 Views
  • 1 replies
  • 0 Likes

Source user column not populating

Source user column is empty under the monitor tab - traffic logs. We have checked all the settings from our end and couldn't see anything wrong with that.It was working before, no changes been made. Noticed it stopped working recently.No proxy server in use.Traffic is not NAT'ed before it traverses the firewall.Do we need to restart any process?

Resolved! Multi-category URL in PanOS9

Can you please help me with understanding the new PanOS9 URL multi-category feature? Now URL can have up to 4 categories. If the four categories have different actions, I assume that the firewall will take the most restrictive one, however I could not find any reference in the admin documentation explain this. Is this correct and can you share d...

BatD by L4 Transporter
  • 6566 Views
  • 2 replies
  • 0 Likes

Global Protect N-FACTOR authentication

Hello,I have the following question is it possible to assign multiple authentication profiles to globalprotect. I wan't to accomplishg the following: Users of LDAP GROUP X.: Use LDAP authentication only.Users of LDAP GROUP Y: User RADIUS auth with MFA capabilities. Is this possible an how can i accomplish this? If somebody could point me int...

GOMEZZZ by L2 Linker
  • 3004 Views
  • 1 replies
  • 0 Likes

enabling interface ping

Hello, We have a vlan.101 interface with profile permiting ping (ping service selected) enabled on it.However, hosts on this vlan.101 cannot seem to ping this interface. Arp entries of some of the hosts are seen. Appreciate all help.Thank you.

Resolved! Minemeld Regex

I want to only use the url portion of this feed ignoring the protocol portion http:// https://ransomwaretracker.abuse.ch/downloads/LY_DS_URLBL.txt My regex is below: regex: ^(http:\/\/)(.*)transform: \2 This works fine outside Minemeld as python regex. However, Minemeld uses the full match which includes the protocol portion not just group 2 of ...

bokeke by L0 Member
  • 7209 Views
  • 3 replies
  • 0 Likes

Default deny logging question

I notice that if a connection comes in and does not hit any policy correctly I do not see the deny in the logs. I think this is because the default behavior of the intrazone-default rule is not to log anything. Is there a down side to setting this to log events so that we can see when a connection fails? Sometimes from a troubleshooting perspec...

dstjames by L2 Linker
  • 6939 Views
  • 4 replies
  • 0 Likes

Skype SIP 5061 port allow

Hi,I have Skype for Business Edge server, it has DMZ private IP and translated to Public NAT IP. This IP should open TCP-5061 Port to Internet and we opened. It seems traffic is passing correctly. But in real, when i do telnet test, it's fail.It's not about destination side. At destination side, TCP-5061 is open and accessible.People say; So in ...

image.png
image.png
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks