This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4461 Views
  • 0 replies
  • 0 Likes

Global protect AD strange issue

I have a strange and critical issue. I have Always-on type global protect with cert based username and OTP authentication method on handful of user machines. I have set the captive portal timeout for 0 and enforce network access under portal app settings.these users each have 2 machines.whenever the user changes his AD password on a different ma...

Error when using stdlib.syslogMiner

Hi together, I am trying to import PANOS-Threat Logs into MineMeld using the syslogMiner. I have configured the Miner and the LogForwarding via Panorama and can see the incoming logs at the Minemeld instance using tcpdump. Still I see no indicators in my Miner-Node. The Engine Logs show following error that I think is relevant to the problem...

Resolved! Panorama External Dynamic Lists

I had to RMA our m-100 and when I did that I lost the external dynamic lists on the PANORAMA itself. They are still locally on the managed FWs but I cannot referrence them on the Panorama. Of course that broke all outbound traffic because the top rule to block all traffic to those lists wasn't matching anything on the destination side (thanks ...

drewdown by L4 Transporter
  • 4180 Views
  • 2 replies
  • 0 Likes

Question About Multicast Not Receiving, IP Flood (URGENT ACTION REQUIRED)

Hi Team, we have done multicast configuration and we are unable to receive multicast through firewall PA-3060. Also whenever we did add our LAN interface into multicast configuration “ other IP flood” critical threat gets started into that particular LAN as shown below. Kindly help me to resolved the same. Scenario as below,Requirement as per di...

1st network diagram.png
2nd.png
3rd.png
4th.png

Moving Panorama M100 function to M500

Seems M100 does not support PAN OS 9.0We have Physical M100 running as Panorama mode.Also we have M500 running as Log collector mode. Can we move config of M100 to M500 so they can manage all the firewalls?

MP18 by Cyber Elite
  • 3292 Views
  • 1 replies
  • 0 Likes

Panorama 8+: Can you override EDLs in child Device Groups?

Currently running Panorama 7.1. We'll be upgrading to 8.1 in October-ish. According to the documentation for 7.1 and 8.1, you can create an EDL in Device Group A, and it will be inherited by all child device groups below it. This is working. According to the documentation for 7.1 and 8.1, you can check the box "Disable override" to prevent chi...

fjwcash by L4 Transporter
  • 3585 Views
  • 1 replies
  • 0 Likes

High utilization caused by decryption

I dunno if anybody else has run across this or not but I just felt compared to share. I have been having fairly continious performance problems with a 5050 cluster and last night I isolated at least one culprit that's been adding to that problem. We are in the process of rolling out Windows 10 and a bunch of new Microsoft apps AND our firewall...

bwsaloum by L2 Linker
  • 5466 Views
  • 2 replies
  • 1 Likes

Resolved! Question About PA SSL vulnerability

Hello Team, Can anyone provide a solution resolve below vulnerability in PA. Port no.: 443 Summary: Weak cipher suites supported Analysis :The remote host running SSL using a weak cipher suite which can be exploited by an attacker to perform man in the middle attacks. All the updated and secured services will be transmitting data over the unencr...

Dynamic Block List - Limit on number of entries?

I've been experimenting with MineMeld and love it - brilliant product 🙂 That said, I'm struggling to get a clear idea what the size limit is of each blocklist. https://live.paloaltonetworks.com/t5/Learning-Articles/How-are-Dynamic-Block-List-Entries-Counted-on-the-Firewall/ta-p/62068 suggests even a PA200 can handle a list with 50k entries but ...

move from 4 internet lines to one single internet line

Configuration changes in case we move from 4 internet lines to one single internet line ?in Our Current scenario, We have 4 interfaces configured with 4 different Public IP address and each interface is linked to the different router( Internet),each interface has different services (Internet Email1, Email2, VPN) We are planning to get one new in...

MFayez by L2 Linker
  • 3407 Views
  • 3 replies
  • 0 Likes

Palo Alto Core Firewall HA Active/Active

I have found some issues in running HA Actvice/Active as it relates to config sync. It appears when a red dot on the firewall and an Admin connects their default reaction is sync config. So I noticed that something that replicated to the active-secondary was BGP peer groups which caused my BGP peering to become broken on my secondary PA. So I de...

One Internet line Multiple intefaces

Hi EveryoneIn my sinaro i have one internet line 10 MB and i have 5 zones configured in PA my question . and each zone for different purpose for example (IP SEC - Intenet -Email) 1- how i can provide the internet to multiple zones with a multiple services 2- How many Public ip address reqiued for this sinaro

MFayez by L2 Linker
  • 10301 Views
  • 14 replies
  • 0 Likes

Quality of tech support in recent months

Is it just me? I noticed that it became almost impossible to get a support person on the phone without being on hold for hours...When opening tickets online, it would sometimes take days to schedule remote session and some engineers just don't have enough knowledge.

PavloJCP by L1 Bithead
  • 10456 Views
  • 13 replies
  • 1 Likes

Resolved! Using External DNS server

We need to isolate the vendor traffic and we do not want this traffic to talk to our internal DNS server for DNS queries.Is it safe to use google dns server and then apply dns sinkhole?We can use the security policies app based and then apply app default.I can use all the security profiles for the security rules. This way can we protect the DNS ...

MP18 by Cyber Elite
  • 4000 Views
  • 2 replies
  • 0 Likes

Resolved! DNS security license and traffic flow

We have User where they access the Internet and traffic flow via say Corp PAWe have DNS server which is internal and the DNS traffic to Internet flows via say DMZ PA. On PAN OS 9.0 if i get DNS license on Which PA i should get for?As my understanding it should be for DMZ PA?

MP18 by Cyber Elite
  • 2969 Views
  • 2 replies
  • 0 Likes
  • 24378 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks