This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4485 Views
  • 0 replies
  • 0 Likes

Split DNS

Hello We would really like to see a "split DNS" configuration for Global Protect, where you can specify certain domains that are sent to the internal DNS Server (or DNS Proxy), and all other domains get handled by the user's normal DNS servers. ThanksMichel

MichelZ by L1 Bithead
  • 3303 Views
  • 1 replies
  • 0 Likes

Issue with WLC Radius request to NPS Server

Hi all,I have an issue with the radius request through the firewall,The radius request come from an cisco 1852-ME WLC and goes to an Windows 2016 NPS Server, both in different zones.An simular setup with an firewall works fine.The NPS Server does not react on the requests. With Wireshark I can see the request and Answer from the NPS. I suspect t...

Resolved! Running config not synchronized problem

Hey all!there are two pa 3020 with 8.0.7 in HA active passive.Three days ago, I switched the passive fw to active.Yesterday I switched back. I stated that the running config isn't synchronized, but I switched nevertheless.So I think I should "sync to peer" in the HA dashboard. But from which firewall to which firewall?

MPI-AE by L4 Transporter
  • 20791 Views
  • 4 replies
  • 0 Likes

Resolved! Proxy Configuration

Hello, Before switching to Palo FW from Cisco one of our customers could use proxy (http://10.x.x.x/optusproxy.pac). Can you please confirm how can we set this proxy setting in Palo because couldn't find any option on GP to put proxy? I tried using it on Network > DNS Proxy. But it didn't work. Thanks in advance.

ecmp

Hi community, Does anybody clarify my following doubts about preferred path in ECMP. I am able to see * mark in one of ECMP route ?. what is that means?.I have balanced round robin, so that each new sessions should take one path alternatively right ?. then what is the relevence of preferred path. Thanks in advance.

Resolved! show deviceconfig setting url - dynamic url filtering

When i run below command show deviceconfig setting url[edit] i see no output.I read that if above output is blank then we are not doing the dynamic url filtering on the PA? Need to know should i enable this and how it can effect the performance on the PA?

MP18 by Cyber Elite
  • 4470 Views
  • 4 replies
  • 0 Likes

Resolved! Merlin board mode?

Hello, everybody, I have come across a Palo Alto firewall that cannot normally boot up and remains in "Merlin board mode". I cannot find much information on the internet regarding this. Can someone clarify what this "Merlin board mode" is? And what is its cause? Thanks a lot!

Resolved! Route Decision in Palo Alto firewall without interface mentioned in virtual router

Hi There, Can we configure static routes in virtual router without mentioning what interface to use? Can Palo alto smart enough to identify the right interface based on the nexthop IP address? I am believing yes, could you please confirm me. especially in the case of Aggregated interfaces though, I have all AG interfaces on my PA device. Does it...

Resolved! Block Wetransfer Upload

I was doing a test on allowing wetransfer download, but not allowing upload. Ran into some issues. I have TLS decryption enabled. I have removed the *.wetransfer.com decryption exclusion. My security policy is looking for applications "wetransfer" and "amazon-cloud-drive-uploading". I have a file blocking policy that is set to block upload of an...

ce1028 by L4 Transporter
  • 28005 Views
  • 16 replies
  • 0 Likes

5000 Series not supported on PanOS 9

I'm quite disappointed in Palo Alto's approch to not make 9.0 supported on the 5000 (i.e 5020, 5060, etc.) For a customer that purchased their equipment right before th 5200s came out it seems we (and probably many others) were screwed over on this deal. Palo's approch when I discussed this was "you'll have to upgrade." Ya that's all fine and...

NickThen by L2 Linker
  • 11362 Views
  • 10 replies
  • 0 Likes

Response Page working or not for url filtering

We have configured the url filtering response page for one of our sites.Is there any way from CLI or GUI i can confirm that users when they go to blocked site are actuall getting response page? I see on GUI url filtering logs that they are blocked.

MP18 by Cyber Elite
  • 4416 Views
  • 2 replies
  • 0 Likes

IPv6 & User-ID

Hi guys, can anyone point me in the right direction to find out if User-ID supports IPV6 address and if so how does that work.I assume that the only the primary IP address which gets authenticated on the domain gets logged and therefore reported to the PA. So I'm guessing that in a dual stack LAN all of the possible addresses do not get logged...

JohnP by L1 Bithead
  • 6384 Views
  • 4 replies
  • 0 Likes

Resolved! Multiple Userid Agents

We are deploying UserID with username policy enforcement and the concern is agent resilience. We do not want to use the firewall built in agent and the server team does not allow agent installation on a domain controller. The plan is to install the agent on dedicated windows server and to monitor all domain controllers, but t if the server host...

BatD by L4 Transporter
  • 6244 Views
  • 2 replies
  • 0 Likes

Resolved! Upgrading PA200

Hello, We are planning to upgrade our PA-200 from 7.1.x to 8.0.x. What we are after is that when you upgrade to 8.0, there’s a RAM requirement of 6.5GB. How does the PA200 handle that? Is that limitation only for VMSeries or?

Aggregated interfaces on PA 5250

Hi there, We are implementing aggregated interfaces on PA 5250. I have configured 10 aggregated subinterfaces from two physical interfaces. when I enabled the LACP on the aggregated interface group, the maximum interfaces is set to 8 by default. I believe this is number of physical interfaces that are active at any given time right? if that is i...

  • 24380 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks