This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Static Route monitoring and NAT

I'm having an issue with my NAT policy. I've configured a backup ISP connection with a static route and a higher metric. When the primary ISP connection fails the routing portion works correctly and I can see the primary default route get removed from the routing table and the secondary kick in. However, the NAT policy is still trying to use p...

Modo2016 by L1 Bithead
  • 2968 Views
  • 2 replies
  • 0 Likes

Change interface virtual router cause network down

My network has 2 outgoing data lines. Using one virtual router and set static default route for the 2 interfaces. The 1st interface has its Metric set to higher priority. As I want to divide the traffic. Some zones were force to use the 2nd interface by setting "Police Based Forwarding".Above settings work until I found that the 2nd interface wa...

jeremylo by L3 Networker
  • 3794 Views
  • 3 replies
  • 0 Likes

Force to Use Certificate

Dear Friends !as i study PAN 7.0 if there is no Certificate installed in Client PC, PAN can not read https secure sitesin this is if i block youtube or other social websites and client uninstall CA from its browser he/she will be able to open blocked websitesis there any solution to configure PAN to force user to use CA Certificate, otherwise bl...

Blocked WebSites

Dear Friends ! i am using PAN 7.0 and blocked some secure websites, but PAN is not able to block websites by namefor exmaple when i access 53.55.125.73 it is blocked succesfully but when i type https://www.mydomain.com Certificate is verfying by PAN by not block, even i mentioned exctly my website in blocked catagyry like: https://www.mydomain.c...

Upgrade 3020 to new version?

Hey guys,There are two 3020s in HA that run 8.0.7I'm wondering if I can upgrade to a new version in 8.1.X train? Or should I stay at 8.0.7? Can someone share their experiences? Thank you.

MPI-AE by L4 Transporter
  • 5675 Views
  • 10 replies
  • 0 Likes

Resolved! GlobalProtect when Palo behind ASA

Hi All I've been tasked with getting GP working and as I'm not as skilled as many of you, I thought I'd ask the brains trust if this is possible.We have a PA-3020 which sits behind a Cisco ASA. The ASA is the edge firewall and is a yes/no gateway, the PA then filters the requests based on port and destination.This config isnt changing in the sho...

PAN-OS 9 - Wildfire Updates skipping; claiming that a newer version already is installed

I have upgraded to PAN-OS 9 yesterday, so far without 'bigger' issues, except: EDL updates keep failing, claiming that the downloaded file is not a ext file thus using the old version-> interim fix was to remove the checkmark "block unknown certificate status" on the certificate profile for the EDLsNTP updates keep failing without further inf...

Bildschirmfoto 2019-02-13 um 19.38.33.png
Bildschirmfoto 2019-02-13 um 19.38.12.png
pan219 by L2 Linker
  • 7388 Views
  • 11 replies
  • 0 Likes

Log Forwarding / Dynamic Address List

Hi, We are trying to use the cool new "built-in actions" / tagging feature available through Log Forwarding to tag source IP addresses that generate high/critical threat events to build a dynamic address list that will ultimately be used in a policy to block offending traffic. We have a PA 3050 which allows up to 5000 dynamic address list entrie...

SARowe_NZ by L3 Networker
  • 3606 Views
  • 2 replies
  • 0 Likes

VM-100 on VMware Worksataion 15

Hi there,I have no issues spining up new VM-100s in my VMware Workstation 15.0.2, however, when I try to add a third vNIC to the VM, the VM will not boot any longer. I get an error on the CLI (VM console) indicating that the configuration is not supported and I have to connected PAN support. Anyone have tried this and perhaps come across the sam...

incorrect browse time-user activity report

I have a question regarding reporting.When I generate user activity report, it is showing me browse times inaccurately. I have logging at the end of the session. if I enable log at start, will I address the issue? TIA>

NAT translation help

For the life of me I can't figure out something that should be simple. I'm having a problem with a nat translation setup. Here is the requirement: I have various computers/devices on several IP addresses and different subinterfaces, for example: Device 1:IP address: 10.47.5.21Subinterface: Ethernet1/1.5Zone: Control_NETDevice 2:IP address: 10.47...

NAT Rule.png
GIT_Sean by L1 Bithead
  • 3135 Views
  • 3 replies
  • 0 Likes

Reg Case _reg 01075000

Hi Team , I have a problem with connecting paloalto with minemeld via EDL, i have installed the minemeld according to documentation and the certificate with the feed user. The result is the next: 2019-02-06 12:03:42.234 -0500 EDLRefresh job started processing. Dequeue time=2019/02/06 12:03:42 2019-02-06 12:03:43.353 -0500 client authd reporte...

alal by L2 Linker
  • 5512 Views
  • 3 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks