This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 306 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3650 Views
  • 2 replies
  • 14 Likes

Resolved! Allow internet only after HIP fail

We are looking to configure the firewall rules where if a known user fails the HIP check, the user has access to only the internet, and not the intranet.

 

I currently have the rules configured such that failing the HIP check allows the user to access

...

mikembau by L0 Member
  • 1715 Views
  • 1 replies
  • 0 Likes

Pan-configurator predefined.xml

Hello,

 

I am using Pan-configurator to create some scripts, and i am wondering how to update predefined.xml file.

 

Can we update this file manually or automatically?

 

Kind regards.

Resolved! Hardware Requirements to PA - 5050

 

Hi, i need Hardware Capabilities ( type of Cable, Chassis Height , Data Ports , managment ports ... ) of Palo alto PA-5050 to install in Data center of our customer in cluster with two WLC.

 

Thanks,

RosVerde by L0 Member
  • 2004 Views
  • 2 replies
  • 0 Likes

IP pool problem

Hello,

I have an IP pool for GP users  and IP are no being clearing when users disconnect the VPN, to clear this IPs we have to reboot the FW,

Is there other way to clear this addres ? 

this must be cleared automatically after disconnect?

 

Regards

 

Marivi by L3 Networker
  • 4948 Views
  • 9 replies
  • 0 Likes

Resolved! AWS Multi-VPN Tunnel with Palo Alto NGFW - Flow Issue

My PA NGFW managed to setup VPN tunnels with AWS VGW. AWS given 2 sets of VGW where each of the VGW comes with 2 links that will connect to NGFW 2 ISP link respectively with different set of public IP Address.. Below are the setup flow:

NGFW ISP1 -> A...

Resolved! Migrate config from Panorama template to local device

Just getting my head around the ins and outs of Palos, and some initial lab setup we had leveraged a couple of PA-220s and a virtual instance of Panorama. 

 

Using that config, I'm building a standalone PA-220 and want to recycle the bulk of the config

...

cdawson by L0 Member
  • 1979 Views
  • 2 replies
  • 0 Likes

CRL revocation traffic identified as ms-update

Is this an expected behaviour? We where somewhat surprised that the application included this traffic. It includes all SSL CRL traffic (like establishing remote desktop or visiting websites), independent if its related to Windows Update.

Resolved! PA220 as a router?

Hi,

We are planning to have paloalto PA220 firewall in our new sites and instead of purchasing new cisco routers (ISR 4000 series), we will just use the PA220 as a router.

Our link is via ipvpn (not IPSec) with GRE tunneling. And we will be using EIGRP

...

bentot by L0 Member
  • 2730 Views
  • 2 replies
  • 0 Likes

IPSEC VPN IKE Phase 1 Goes down after couple of hours

Hi Guys,

 

Got a quick query. We have implemetmented new pa 3050 firewall in our perimeter. Two IPSEC vpns configured and working fine. We notice, after couple of hours, the Status of first led goes red. but, the second status led stays green. During t

...

irshad.n by L1 Bithead
  • 3766 Views
  • 3 replies
  • 0 Likes

Decryption with Wildcard SSL-certificate?

Does Palo Alto support decryption with Wildcard SSL-cert?

Ref.:
In order to determine if a connection needs to be decrypted or not, the firewall relies on the (CN) common name configured within the certificate and compares that to the security policy.

...

pivvre by L2 Linker
  • 8103 Views
  • 12 replies
  • 0 Likes

Global Protect Auto Start

We are looking into adding Global Protect as part of our deployment of newly reimaged computers. Within my company's work environment, we want Global Protect to start up only when the user clicks on the shortcut icon for the application. We do not wa

...

Resolved! Security Policy - with Service\URL category configuration

 I have a Security policy rule configured as below

1.source and destination any

2. User - any

3. Application - Any

4. Service ports open for http

5. Url category allowing access to custom created URL category in which only search engines google and bing's

...

krdeepu by L0 Member
  • 3544 Views
  • 1 replies
  • 0 Likes

Force remove Devices from Panorama

I'm taking over a Panorama from someone else and there are a lot of devices in it that are no longer connected, all showing as disconnected. They were all migrated over to a new Panorama without properly removing them from this one.

When I try to remo

...

  • 24185 Posts
  • 100 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks