This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

GlobalProtect Agent

Hi I want to know if there is a way not to allow old GlobalProtect Agent to connect to the Palo Alto network firewall?But allowing to update the client before logging on to the VPN? Thank you

Cyon by L0 Member
  • 2453 Views
  • 1 replies
  • 0 Likes

Rule Viewer

Hi folks, I was wondering if there was some kind of rule viewer, that can render the rules in a table from the exported files. Why I need this: Our managed service provider sends us an export of the firewall rules every month and we have to review them every 6 months. Since we don't have a Palo Alto ourselves this is very tedious. I have tried E...

JayArr by L0 Member
  • 4162 Views
  • 5 replies
  • 0 Likes

PaloAlto 3rd party captive portal integration

Hi! First of all sorry if this question is explained anywhere else; I've dedicated a few hours to browse docs and posts but I cannot find a proper answer. I work for a company that deploys hotspot solutions over premises using different hardware solutions. It turns out to be that we need to integrate Paloalto appliance in our solution. Our appro...

Inbound NAT with Port Redirection for port 443 using a single outside interface IP ?

My ISP only provides a single ip address for the outside interface via DHCP.I would like to forward port 443 to and internal host, but Palo keeps dropping the packets. It seems as if the device management restriction is responsible for this, but I have removed that policy from the external interface so I am not sure why this is getting filtered....

aarato by L1 Bithead
  • 3341 Views
  • 2 replies
  • 0 Likes

Captive portal bypass

New to Palo Alto. is there a simple way to disable/bypass the Captive Portal for a pc based on IP or IP range? Please be detailed since I rarely deal with the PA.

Total number of profiles (xx) exceeds platform capacity (xx)

Some of our smaller PAs are starting to have their commits fail do to the number of profiles configured in Panorama. The error I receive is "Total number of profiles (xx) exceeds platform capacity (xx)". I followed this link but it does not seem to have helped: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm0DCAS T...

Resolved! no common encryption algorithms

When trying to access my PA-220 through my browsers I getting an error for no common encryption algorithms. I have attempted to enable all forms of TLS/SSL, I have tried Firefox, Chrome, Edge, and IE11 none of which work. Could someone please advise on what the issue may be.

ENOTFOUND api.nodesecurity.io api.nodesecurity.io:443

I am getting the below ERROR when installing on Ubuntu 16.04 using the instructions on the below SITE. The URL's that are referenced api.nodesecurity.io do not resolve to an address which seems to be the issue, does anyone know how I can continue this install? SITE: https://github.com/PaloAltoNetworks/minemeld-ansible COMMAND: ansible-playb...

JDomNY by L1 Bithead
  • 4925 Views
  • 1 replies
  • 0 Likes

Should I use BFD when in active/passive HA with OSPF?

I am setting up some new OSPF adjacencies between my PA and a pair of Dell switches. Should I be using BFD? Will BFD make things better or worse? What I currently do is set LACP in HA passive state. OSPF graceful failover is configured on my switches and on firewall (which is default). I am using default grace period of 120 seconds. My OSPF hell...

Resolved! Maintenance Page redirection via Palo Alto?

Hey folks, We have an HQ site and Colo site. We are moving our Colo site to a new datacenter. We have two firewalls in HA. I've already broken HA and taken the PA#2 over to new datacenter for early standup. Leaving PA#1 at current site Active with user connections, until move day. On move day, I have this request (requirement) from management...

OMatlock by L4 Transporter
  • 6638 Views
  • 6 replies
  • 0 Likes

Resolved! NAT rule best practice for a mail server?

Hello folks, We changed our public ips recently and we have a few recipeints that are blocking our new mail IP. I am suspecting has something to do with either our TXT (SPF) record or the fact that we are using a destination NAT rule instead of bi-directional. I've included a diagram and notes below, but trying to get some feedback on what the ...

mail3.jpg
mail2.jpg
mail.jpg
OMatlock by L4 Transporter
  • 10997 Views
  • 7 replies
  • 0 Likes

Client IP Connectivity Issues

Hi All, I have a PA-200 running Version 8.1.0 and providing DHCP addresses to about 175 clients. The pool is a /24 and recently, the clients have been getting messages stating another device is using your computers IP address. I've been tweaking the DHCP server settings and have set the leases to unlimited but users are still getting the dupli...

Resolved! Panorama System Alert - failed exporting config bundle via ssh

we are getting system alert for Panorama M100 saying 1 - SYSTEM ALERT : critical : Failed exporting config bundle via ssh to 10.71.16.210. No RSA host key is known for 10.71.16.210 ....Host key verification failed....lost connection On Panorama sch config export has no config configured.

MP18 by Cyber Elite
  • 6283 Views
  • 5 replies
  • 0 Likes

Resolved! debug dataplane packet-diag clear log log

on 5220 we can see the packet diag logs via less dp0-log pan_packet_diag.log IF i run below command debug dataplane packet-diag clear log logwill that clear the pan packet diag from the DPO?less dp0-logbfd.log brdagent.logdp-monitor.log dp-monitor.log.1dp-monitor.log.2 dp-monitor.log.3dp-monitor.log.4 masterd.logmasterd_apps.log masterd_detail.l...

MP18 by Cyber Elite
  • 6605 Views
  • 4 replies
  • 0 Likes

GlobalProtect - Authentication Issues

Hi all, Fairly new to PAN and in the process of an ASA migration. Despite TAC/VAR assistance, I'm still having some issues with my GlobalProtect user experience. Fortunately it's not in production yet but the feedback has been inconsistent. Business Requirements:-Use GlobalProtect to tunnel all external user traffic back to HA pair for web filt...

AdamSC by L1 Bithead
  • 18849 Views
  • 9 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks