This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Resolved! the show interface command

Hello!I have a question regarding the show interface command.When you enter for example "show interface ethernet1/3" to see the information of that interface, you can eventually see counters for receive errors or drops. Are these errors counted from the last time data plane was restarted?And is there an option similar to "filter delta yes" for p...

Panorama

Hi Everyone,Is anyone aware of any plans by Palo to introduce a Cloud based version of Panorama?Devices could be licensed in a similar way to the update subscriptions annually? Ideally if this were integrated into the Customer Portal management of Assets/Licenses/Panorama etc could all be done in one place? What would be the "Pro's/Cons"? Welcom...

Resolved! Dynamic Object Sourced from Physical Interface

Is it possible to create an object in panorama that can be reused in multiple templates that is literally just tied to the ip of an interface on that device? For example, eth1/1 has address 1.1.1.1Object should just reference eth1/1Object can be used in template that can be reused for multiple devices.

Rule with Deny action Allowing traffic

Hi, We facing an strange issue regarding filtering to some destinations. We have a rule with 2 kinds of destination address:1. Static Group Address defined in Palo Alto2. External dynamic list (2 of them)Those address are attached to a deny rule because are malicious url. When take a look to the traffic log, we see that traffic hits the rule but...

nanukanu by L2 Linker
  • 9441 Views
  • 10 replies
  • 0 Likes

How Security Policy works with Combination of Application vs Services ?

Hi Experts , We have existing rule for "Syslog" application ,our current security polcy with App-id and services configured as below , Application - "Syslog" ( default application which allows TCP 1468, TCP 1514, TCP 6514, UDP 514 and UDP 1514 ) Service - "application-default" Now we have a requirement to additionally add TCP-514 and U...

Resolved! HA A/P Failover - Interfaces not UP

Hi, I am some what confused and reaching out for a little help. We have a pair of 3020s in Active/Passive mode with two interfaces, DMZ (Ethernet1/1) & Public (Ethernet1/3). HA is configured to use dedicated HA Ports and all indicators on the dashboard are Matched and UP. When I manually suspend the Active device, the Passive device becomes ...

SPS by L1 Bithead
  • 6873 Views
  • 2 replies
  • 0 Likes

Resolved! Login to Traps Management Service with AD User

Hello,We are going to migrate from Traps ESM to Traps Management Service.After this, we want our helpdesk to administrate Traps, but we do not want to create a palo alto account for every user. Now I found some information about the Palo Alto Directory Sync Service, but unfortunately a login to TMS is not mentioned in the documentation.Is this n...

TimNie by L0 Member
  • 4000 Views
  • 2 replies
  • 0 Likes

Resolved! Calculate the flag from logged value of Traffic Log PanOS 8.1

According to Documentation, https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields.html The field Flags is a 32-bit field that provides details on session; this field can be decoded by AND-ing the values with the logged value. In my Traffic Log: <14>Apr 3 ...

gnikesh by L1 Bithead
  • 12574 Views
  • 1 replies
  • 0 Likes

Resolved! Website: itsalmo.st is not being blocked

I'm trying to block users from going to the site: itsalmo.stI go to: Objects > Custom Objects > Url Catagory > Blocked Urls and then add *.itsalmo.st/Then I commit.I waited a while, can see it inthe list but users can still reach it and use the page.I tried it again, no go.An hour later it's still not being blocked. I'm a new admin to t...

Resolved! Pingdom & Management Profiles

Quick write here. We currently use Pingdom to monitor external reachability to services and our remote office edge devices. In some scenarios such as new office deployments, we may need to utilize the WAN interface to setup the device. The problem here is the All-or-None approach of management profiles. We want only ping from pingdom's probe...

Resolved! Geographic block by region, China - CN blocked but need to ensure Taiwan is available for traveler

We currently block incomming regions such as China - CN however we have some traveling teammates that will need to be able to VPN connect back to us in US who will be in Tawain. The crux of my question is if CN is blocked but TN= Taiwan ROC by the abbeviation lookup is NOT blocked will this traffic be allowed if attemped from Taiwan? I could fi...

RobYoung by L0 Member
  • 3101 Views
  • 1 replies
  • 0 Likes

IP Directed Broadcast

Hello,We want to use wake on LAN in a vlan attached to a layer3 interface on the firewall. The magic packets are sent from a server outside the vlan to the broadcast address. I allowed WOL-packets in the firewall policies, and I see them in the logs, but the computers don't start. Do we have to configure something else in the firewall to allow i...

Resolved! PA3050 cant ping next hop and has dropped all client traffic heading outbound.

I have tried a lot, and at this point I think I just must be missing something obvious that for whatever reason wont come to mind. From the PA3050 I can not ping outbound from the public IP. When I run captures, all outbound traffic is in dropped stage. There is no network functionality at all, and I am unable to find the issue. Security ConfigN...

tmp.PNG
tmp2.PNG
lschs-s by L2 Linker
  • 16309 Views
  • 19 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks