This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! PA VM 7.1.0 after set default gateway, can't ping any Internet IP including the gateway.

Hi All, I setup PN VM 7.1.0, my vmworkstation is pro 12.5.2. I bVMnet11 bridge my wire network card.I set 192.168.200.98 for the management interface of the PA VMNext I set IP, zone and default gateway for ethernet 1/1 Afther that, I am having problems. The default gateway can ping the IP of ethernet 1/1 of the PA VM ping 10.12.172.230Type escap...

1.jpg
2.jpg
3.jpg
Fred321 by L0 Member
  • 9344 Views
  • 3 replies
  • 0 Likes

Import XML configuration into MS-SQL

I couldn't determine the correct place to discuss this topic, so please forgive me if I have improperly located it. I need to know if there is a way to import the XML config file into a MS-SQL database. One of the challengs of auditing a firewall is not only to know which rules have been used or not, but also to know what objects within a rule...

runas command and user-id monitoring

How are you guys managing the "runas" command alongside user-id. In our test environment, I'm finding with the user-id windows agent, you get the last login event from the domain controller, with the new "runas" user. Once that times out- no more internet access to the original user, unless you generate an authentication event to the domain co...

Sec101 by L4 Transporter
  • 5153 Views
  • 4 replies
  • 0 Likes

Resolved! Configuring HA2 interface on a non-HSCI port?

With a pair of 5220s, how does one set up HA2 on a port that is not HSCI, for an Active-Passive HA environment? When I go to configure HA2, either with the GUI or CLI, the only interface I can choose is the HSCI port. But I do not have the quad transceivers, nor do I yet require the use of the HSCI bandwidth capabilities. Here is what the CLI...

Port Translation very slow

Hello, We setup a inbound NAT to direct port 443 to a server on-site on 10.x.x.x and it all worked fine and fast - then it turned out we needed to adjust it to port 4443 as the customer was using port 443 for inbound client VPN connections of course. Anyway, after I adjusted the NAT inbound for this one rule (a simple change of 443 to 4443) - th...

URL blocked - Application "incomplete" and Flag 0x400019 in traffig log

Hello, everybody! I have a problem with a URL that is being blocked despite being explicitly allowed in the white list. I have seen the traffic logs and for that destination IP address (i.e. a website on the internet) I see that Application is "incomplete" and the Flag 0x400019. What does this flag mean? I only know the usual flags as listed in ...

Resolved! A few questions

Afternoon Firstly I want to say I really like this product, it has endless possibilities in improving internal security in our environment. I have a few questions I hope you can help me clarify so I understand how to use the product better. I am using a syslog miner to send syslog TRAFFIC and THREAT data to Mine Meld from my Paloalto firewal...

Resolved! Auto populate portal address global protect

We are looking at internal only with no tunnel for global protect for user-id. Is there a way to autopopulate the portal address so a user would only have to enter credentials and not enter portal address manually? Looking to push this out, and thinking users may not be aware/know of that portal address.

Sec101 by L4 Transporter
  • 4824 Views
  • 1 replies
  • 0 Likes

Resolved! HA Link and Path Monitoring

We've configured HA Active\Passive on a pair of 5250's running PAN-OS 8.1.5 and it works a treat and pre-emption also works as expected. I've configured Link monitoring so if we get an HA failure if the trusted links fail which works and it fails over to the passive as expected but when the links come back it doesn't fail back again to the activ...

JonHill by L1 Bithead
  • 10249 Views
  • 11 replies
  • 0 Likes

Use XML API users in policies

Hallo,I successfully configured an WLAN-Accesspoint to send users via the xml api.I can see the users in the log entries but I cannot select the users in particular policies. Looks like the users are not known to the firewall.Do I need to create local users with the same username? Or how can one use these submitted users in policies?Thank you.Re...

tsauter by L0 Member
  • 2882 Views
  • 3 replies
  • 0 Likes

Resolved! Dedicated Logging Export Interface on PA 5220?

By default, I know that you can send all of your logging messages out the onboard management interface, on a platform like the 5220. However, I would like to avoid the extra noise on my management network, by configuring separate, dedicated interfaces to handle and offload the logging operations, to remote systems. Ideally, I would like to pair...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks