This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4447 Views
  • 0 replies
  • 0 Likes

cache usage after licence expire

Hi Community, What happens if URL and Threat licence expire in paloalto?. From PA kb ( https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloiCAC ) , i am able to understand that the cache will be used until it expires, but what is the cache timeout duration for URl and threat ?. I am able to see the local db category info...

GP Recommended Version

What is the current recommended version of Global Protect? I am assuming its not 5.0 since they released 4.1.10 after they released 5.0.

Nodes keep stopping - how to start and keep them started?

Just spun up a new Minemeld server and its working however the nodes like to just stop and I am not sure how to get them to start up and stay started. Rebooting will bring everything back up and they wiull be started for about a minute then they all stop (see screenshot). At home I dont have this issue, all the nodes stay running/started and do ...

2018-06-04 12_09_24-MineMeld.png
hshawn by L4 Transporter
  • 16897 Views
  • 22 replies
  • 0 Likes

Geolocation ip address blocking | Different access for different user groups

Hallo, I am new in PA matter, coming from Fortinet / Cisco (regarding to Firewall / UTM matter) and like to know if it is possible to have different geo location ip blocking restrictions / rules for the same service. e.g. Access with Global Protect VPN - Usergroup A: Only access with GP from Germany- Usergroup B: Access with GP from whole Euro...

licenses for URL filtering

Folks,Our requriement is to allow specific URL's on SSL for outbound communication. Is there a need to purchase a URL filtering license for this requirement? Regards,N!!!

nson2139 by L3 Networker
  • 6510 Views
  • 5 replies
  • 0 Likes

Resolved! Port/Bandwidth Usage and Overhead

We have a few firewalls and we are using Wildfire, Threat protection, routing and other features on the firewall. Our question is with all these features turned on will this affect the port traffic flow. We are looking for a scale or formula that we can refer to regarding these features and best practices for the configuration on our devices.

Resolved! Can't access the Migration Tool from browser

I have downloaded the migration tool, unziped it and started it in vm player workstation 12.the vm comes up, and I get login prompt and information on which IP I can access with browser. When I try to connect with browser, then i get Page not found. How can i troubleshoot this? BRDavid

dl-nnit by L1 Bithead
  • 4269 Views
  • 3 replies
  • 0 Likes

Panorama modular configuration

I had a few scenarios where we needed to push configuration from Panorama to different geographic locations where most of the configuration is common but small part might be different for each geographic location while the configuration is part of the same object. For example:I want to use Panorama to configure global protect gateway on multiple...

Internal Gateway Tunnel Mode

What are the implications of using Internal gateways in Tunnel mode? I have 3 Palos on-prem at my datacenters. I have 7 total locations connected via MPLS. I am thinking about using the Internal Gateways in Tunnel mode to prevent cross talk within subnets and force all communications to go through the firewalls. Thoughts?

Natting Palo Alto's Management Address?

Hello. I currently have the management interface on my PA configured with a IP address on my outside/untrusted network. I would like to change the management address to an IP on one of my inside/trusted networks. When I change my management address, how do I configure NAT for this new management address to allow access to outside for Panorama...

JoelGuy by L0 Member
  • 6651 Views
  • 6 replies
  • 0 Likes

Resolved! How to Deploy Scripts Using Msiexec

I want to know how to create a custom MSI or MSIEXEC script to install the VPN client and set up and run a log on script to map to network shares then remove the drives on diconnect... I am told it is possible but I cannot find any how to's on it. I have Orca and have edited the msi installer to include my portal information. and I have go as fa...

Fowarding to syslog- best practice

Currently we forward nearly all of the firewall's logs to our syslog server, but the amount of irrelevant minutiae is over-whelming the syslog server. Is there a best-practice for what information should be forwarded to syslog? I don't want to miss anything important but I ready want to eliminate the un-important. Thanks

fmurray by L1 Bithead
  • 4693 Views
  • 3 replies
  • 0 Likes

Resolved! How to determine link and transceiver status on AUX ports on a PA 5220 via CLI

I am trying to figure out how to determine the link and transceiver status on the AUX ports on a PA 5220, when used in HA1 mode. I know that via the CLI, you can determine the transceiver status with the following command, but I do NOT see the AUX ports listed: show system state filter sys.s1.p*.phy Is there another CLI command to show link and ...

  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks