This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4239 Views
  • 0 replies
  • 0 Likes

Integrate a DMZ with virtual F5 to the PA FW

I would like to add a virtual F5 as a proxy to our exsiting 5220 PA FW. As I have never done a DMZ to a virtual device, I am jsut wondering there a sample scenario or configuration. If my F5 was a physical device, I will just assign an IP address to my FW interface with zone as DMZ. But if my DMZ device is virtual (setup in the datacenter in the...

Capture.JPG
jac101 by L2 Linker
  • 9254 Views
  • 8 replies
  • 0 Likes

XML User ID

One of our engineer setup XML to pull the user id and ipaddr mapping, which works with no problem. The problem is he left the organisation and we are not able to determine the source from where the input is coming into the firewall. The log on the PAN does not tell you exact source ipaddr.irtual Systemvsys1Timeout2700Data Sourcexml-apiSource Nam...

Policy rules based on hostname or windows hostname

Hi I can create a policy based around the username, what about linking to a hostname . windows hostname - verify in MS AD. I have a management VM, I would like to move, but it has some policied based around location - specific network. It would be nice to allow it access based around windows name as long as named is in MS AD.

unknown-tcp for Exchange 2016 when decrypted

Hi, I'm doing decryption for Exchange 2013 OWA web part and it was doing good - was seeing mostly applications like ms-exchange, activesync, outlook-web which makes sense.Customer upgraded their infrastructure to Exchange 2016 and after trying to decryot that I'm getting a bunch of unknown-tcp traffic after decryption instead of ms-exchange and/...

nikoo by L3 Networker
  • 3038 Views
  • 2 replies
  • 0 Likes

Configuring ldap for mgmt.

I have customer firewall running 8.0.x . I have AD configured for customer using service route going into trust zone as required.But I would like to manage the firewall at the moment managed wth single local superuser. Is it possible to use AD auth for this as well.

Connecting to mapped shares - most of the time very, very slow

I work with a company that uses Global Protect as their VPN solution. When I work from my offsite office, I'll fire up the VPN, login and get to work. For the past year, I've suffered from very long connection times re-establishing access to an important shared folder. In mapping this share, I usually go through Windows Explorer and just clic...

CharlieG by L1 Bithead
  • 7000 Views
  • 7 replies
  • 0 Likes

Resolved! M500 Change Log Collection Interface from the Management to the Dedicated Eth 1 and 12

Currently we have 2 M500 running in log collector mode. All the Firewalls are sending logs to M500 on its Management interface .Panorama M100 also talk to M500 via its Management interface. Currenly seems our traffic has increased and we are send lot of logs to M500 on its Management Interface. So I need to use Eth1 and Eth2 on each M500 for lo...

MP18 by Cyber Elite
  • 3028 Views
  • 2 replies
  • 0 Likes

Resolved! Disconnected from Log collector Server

Tonight we got email alerts that our firewalls are disonncted from the log collecors-M500 Below is ms log from the PA 2019-04-05 01:38:55.024 -0600 MS: disconnected from log-collector. waitcount=12019-04-05 01:38:55.024 -0600 lcs agent: channel teardown (to 10.7.1.139) complete.2019-04-05 01:38:55.035 -0600 Error: pan_conn_ext_send_base(cs_conn....

MP18 by Cyber Elite
  • 12949 Views
  • 6 replies
  • 0 Likes

Resolved! Suspending Passive PA to fix the connection to uplink when link monitoring is enabled

We have PA 3020 in Active PAssive mode.We have link monitoring enabled on both PA for uplink and downlink. For some reason I need to change the uplink connection from passive PA to the uplink switch. Need to know if we unplug the fiber connection from PAssive PA and replace it with new fiber connection before doing this 1>Should I suspend th...

MP18 by Cyber Elite
  • 3483 Views
  • 2 replies
  • 0 Likes

Resolved! VPN remote peer with a LAN address

I need to create a VPN tunnel between my PA firewall with a regular external IP address and a remote non-PA peer that is behind some equipment (no details) and only has a local 172.17.x.x address. Is this possible? If it is possible, do I use the external IP of the remote site even though the VPN connection will not be with that IP address? I'm ...

mike406 by L2 Linker
  • 5431 Views
  • 4 replies
  • 0 Likes

Resolved! the show interface command

Hello!I have a question regarding the show interface command.When you enter for example "show interface ethernet1/3" to see the information of that interface, you can eventually see counters for receive errors or drops. Are these errors counted from the last time data plane was restarted?And is there an option similar to "filter delta yes" for p...

Panorama

Hi Everyone,Is anyone aware of any plans by Palo to introduce a Cloud based version of Panorama?Devices could be licensed in a similar way to the update subscriptions annually? Ideally if this were integrated into the Customer Portal management of Assets/Licenses/Panorama etc could all be done in one place? What would be the "Pro's/Cons"? Welcom...

  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks