This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4115 Views
  • 0 replies
  • 0 Likes

Resolved! Diasble 7.1 Administrative session cipher suites

Hello, A recent PEN Test has advised we disbale the Arcfour when connecting via SSH to manage the Palo Alto via CLI. We are on release 7.1.6 (pending upgrade). https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/supported-cipher-suites/cipher-suites-supported-in-pan-os-7-1/cipher-suites-supported-in-pan-os-7-1-admin-sessi...

Resolved! IPSec S2S VPN between Palo Alto and 3rd party Security FW Vendor -> ISAKMP Negotiation

Hi, I am trying to setup a Site to Site VPN between a Palo Alto FW and a 3rd Party Security FW Vendor; I would like to undestand under which condition the Palo Alto FW would attempt to start an ISAKMP negotiation (for Phase 1) with the IPSec peer counterpart. I'm familiar with the Cisco ASA setup - where, for ex., the tunnel is brought up only w...

CarloInt by L0 Member
  • 3706 Views
  • 1 replies
  • 0 Likes

User-ID Statistics

We have a cenario where the Firewall control the Internet access from users in the local network and we control these access with URL profiles and security policies.We identify the user session with USER-ID Agent installed on Windows AD Servers.I'd like to count how many users the Firewall identify per day in the Internet Access.How can I get th...

mmcastr by L1 Bithead
  • 3934 Views
  • 3 replies
  • 0 Likes

Setting "log at session start" on multiple rules

I found a KB but it's from 2016 and is no longer applicable. I want to enable 'log at session start' on thousands of existing Security Pre-Rules across several Device Groups. I remember a multi-edit function but something's changed and I can't figure out how to do this. We're running Pano 8.0.8 and 7.1.8 on the firewalls.

Resolved! app not show on application field on policy based forwarding

Hi community, what is the reason one app not show applications field/We need create one policy with one app that show on applications, but when I check in PBF the app is not show. The app name "supremo" use default port tcp/443 and Implicitly Uses: web-browsing.What is the reason ?

Cacti Host Template: From PA500 to VM100 - failing

We have enjoyed Cacti statistics from our PA-500 box for years. But when I replaced the PA500 with a VM-100 then Cacti could no more connect to fetch data via SNMP. I thought both models used the same protocol and version. Below you'll see a screenshot of the cacti settings that worked with our PA500. What do I need to change here to connect ...

CactiHost.jpg

Why public cloud users did not need Palo Alto before ?

Dear all We can see heavy public cloud users since 2016. But we did not have Palo Alto on public cloud until recent. Does that mean public cloud does not need 3rd party security solutions like Palo Alto? Because if public cloud users really need 3rd party security solutions like Palo Alto, they should not survive 2016-2018, should they? They sur...

Re: user-id agent issues

We are using windows user-id agent for parsing the user and user group mapping info. often i see in the logs that the user is being not recognized and hitting the deny rule. after couple of minutes it starts recognizing the user and allows the traffic i am skeptical what could be the reason for this disparity. why would any user info and user...

Sanssj by L2 Linker
  • 2416 Views
  • 2 replies
  • 0 Likes

Resolved! Errors in installing Minemeld on Ubuntu 14.04

I am trying to install minemeld on ubuntu 14.04. here the steps I did: I made iptables inactive I Added and verified successfuly the repo GPG key I added the minemeld APT repo I verified that minemled APT is added in /etc/apt/sources.list However, we I do the last step: sudo apt-get update && sudo apt-get install -y minemeld rsyslog-mi...

Capture.PNG

PAN-SA-2018-0015

Hi guys, Just saw the notice about PAN-SA-2018-0015. Doesn't seem like this vulnerability is a real issue. Am I correct? Or is there a viable way of someone exploiting it?

YoniLeit by L0 Member
  • 4616 Views
  • 2 replies
  • 0 Likes

Resolved! How to generate traffic reports for a specifi interface

Hello Palo experts, I want to create a report which tells me what bandwidth has been used on an outside interface, for say the past month. Something that can display the average bandwidth being used during a day would be good. I see on my PA-3050 that under Network>QoS, that live bandwidth stats can be displayed, but can't see where I can exp...

rchung54 by L2 Linker
  • 23482 Views
  • 4 replies
  • 0 Likes

Deleting Panorama templates

Hi, A firewall has been configured with a template from Panorama, the template was then deleted from Panorama.Can i safely remove the template from the firewall without deleting the config applied through the template?

Add device in Panorama

Hi, We are trying to add a devices in Panorama. We have checked the conectivity FW-> in port 3978. We can see the packet running tcpdump in Panorama about packets comming from FW. so connectivity is OK. Everything looks ok. And we have another FWs in PAnorama correctly. This is the status "DIsconnected": FW versions is 7.1.6Panorama 7.1.9

Panora.JPG
BigPalo by L4 Transporter
  • 2120 Views
  • 2 replies
  • 0 Likes

Resolved! What is the value of a Backup Peer HA1 IP Address?

In some of our firewalls I note a secondary IP address is assigned to a single HA group ID. What is the value of having this second IP? The problem it's introducing is that SNMP Trapsare getting gerated once or twice a day noting that the secondary IP address couldn't be reached. But there is never a problem with HA failing over - the primary is...

  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks