This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! Dual ISP VPN failover with static route path monitor

Now that we have newer features like static route path-monitoring, is there a new recommended configuration for Dual ISP with VPN failover? I'm thinking SiteA (Dual ISP) to SiteB (Dual ISP) with IPsec VPN both using a single VR. I assume it will be one static default route with path-monitoring to fail over to the other ISP default route. Then ...

Palo Alto Mgmt Port Issue

Dear Friends, We are facing a issue that currently we are unable to console to firewall device. But traffic is passing through active firewall. Status is HA1 backup= Down Please advice Thanks,Lakshitha

Resolved! logs for Intelligence Sharing and telemetry

is there any way i can find from cli or from web gui that confirms my PA is sending all telemetry data ? any where in PA cli i can find the logs or data send to Telemetry? where it send this data to? is this function performed by the MP of the PA?

MP18 by Cyber Elite
  • 2655 Views
  • 2 replies
  • 0 Likes

URL Filtering block websites?

I have a URL filter profile with a list of URLs set to block (under Objects Security Profiles > URL Filtering), which is applied to security group profile. However none of the URLs are being blocked. Is there something I should check to confirm this is setup right?

URL Filtering different with browser and application

Hi We have a server, from where the user wants to go to, for example, abc.xyz.com.The certificate from the website xyz.com has a CN *.xyz.com. We dont have decryption for URL Filtering. In the URL Filtering category, we have allowed abc.xyz.com.The user on the server wants to use an application which initiates a connection to abc.xyz.com.Now,Whe...

FQDN as source address

Hi to all I have a problems with riles with FQDN For example i created rule: source ip - destination ip - destination port I changed ip to FQDN object - pc1.domain.com. Palo Alto can resolve name to IP. New Rule: source FGDN - destination ip - destination port. In first five minutes (more or less) rule works fine, but after that traffic not hi...

aaobuhov by L2 Linker
  • 4173 Views
  • 4 replies
  • 0 Likes

Resolved! Upgrade to 8.1 from 8.0.x

I just got off the phone with Palo support as I'm doing an upgrade from 8.0.9 to 8.1.4. They said all I need to do is download (not install) the base 8.1.0 image, then download and install 8.1.4 While on the line with them, I came across this from documentationIf you are already running a PAN-OS 8.0 release, download and install the latest PAN-...

ce1028 by L4 Transporter
  • 13107 Views
  • 10 replies
  • 0 Likes

Custom Vulnerability Signature Name in Panorama logs

Anyone using custom vulnerability signatures in Panorama? Simple example.Threat ID 41000Name SSH-Auth-Brute-Force Using existing signature 31914 with Time Attribute to block source IP if too many login attempts in specified time period. My issue is that I run reports in Panorama and in report Threat Name shows ID number (41000 and up) not SSH-Au...

Resolved! Skype for Business vs Skype

Hi All, is there a way for Palo to distinguish between Skype and Skype for business?Application list only suggests you single Skype application... Idea is to block regular skype and only allow skype for biz, maybe there are any weird workarounds.... like allowing/blocking certain miscorsoft URLs or tcp ports. Cheers,

Carve public Subnet without involving Vendor

Anyway to accomplish following without modifying routes at the router? I have a subnet 1.1.1.0/24 1.1.1.1/24 PAN ETH1 Need to route 1.1.1.50 from ETH1 -> ETH3 as it sits behind ETH3. I need ETH1 to reply back to router when it says arp who has for 1.1.1.50

junior_r by L3 Networker
  • 7868 Views
  • 7 replies
  • 0 Likes

Resolved! ip id in wireshark to confirm PA is not dropping the traffic

I am troubleshooting sharepoint connection to cloud on port 443pcap and global counters show no dropsi see no discards in the cli. when user access the website he sees blank page no contents if i confirm the ip id in pcaps of the PA is same from receive and transmit then we are good right?

MP18 by Cyber Elite
  • 4462 Views
  • 6 replies
  • 0 Likes

User lockouts in STS (external authentication service)

We are experiencing a high number of user lockouts with our externally accessible STS. The traffic is HTTPS so it is making it through our blocking policies. We are requiring MFA through DUO but the challenge/response for the username/password is happening before the MFA kicks in. After 5 failed attempts the users account is locked for 20 minute...

Upgrading from 8.0.6 to 8.1.4 Issue

I am trying to upgrade from 8.0.6 to 8.1.4. I can upload the image via the GUI and it states it saved. I use the cli to install the software package and it fails. I have downloaded 8.1.0 and 8.1.4. Do I need to upgrade to another iteration first? Side note: When looking in the GUI or CLI it doesnt show any software files.

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks