General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 430 Views
  • 0 replies
  • 2 Likes

VPN to Azure dropouts

I have searched high and low for this and found a few articles regarding IKE configuration and nothing seems to fix it.

 

PAN 3020 v7.0.5. IKE 2 VPN to Azure. The VPN works but around every 50 mintues the tunnel drops out for a few minutes then re-esta

...

dmann2 by L2 Linker
  • 24359 Views
  • 35 replies
  • 0 Likes

different content of backup files.

Hey!

I'm using curl and the xml api to automtically backup the config of my PA-3020:

https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Backup-of-Config-Files-Periodically-without-Panorama/ta-p/77312

 

However, the content of that file looks

...

MPI-AE by L4 Transporter
  • 4023 Views
  • 6 replies
  • 0 Likes

Resolved! Confidence level in logs

Hi, 

 

In minemeld logs from the nodes, taking AF-Ransomware node as an example,  I have 2 questions regarding the confidence, thanks!

 

1. does the confidence level come from the source feed?

2. can customers change this confidence level?

 

 

chtoh82 by L2 Linker
  • 4932 Views
  • 2 replies
  • 0 Likes

Resolved! Questioning about agentless user-id.

Hello!

I have questions about user-id functions.

1. How much user-id be supported by agent-less user-id? I guess that 64K user-id and 640 user-group would be supported on all of PAN model. right?

2. When using user-id collector, How much user-id and use

...

GP Always on VPN - Except if on internal LAN?

Is there a way to implement this? I have seen the internal host detection option but as far as I can see that is only to choose whether you connect to an internal or external gateway.

I want all remote site users to go through the Palo Alto, but I can...

welly_59 by L3 Networker
  • 3022 Views
  • 2 replies
  • 0 Likes

Sharefile custom URL site allow

We block access to sharefile.com as a whole.  But we do have a sharefile.com company site which we allow access to.  The problem that I am running into is this, when a user attempts to download a file from our sharefile site a random number will be g

...

Self-signed Root CA Certificate FQDN?

I’m planning a test deployment of a globalprotect vpn, so currently going through the guides to see what’s needed. Part of the requirements if not using a trusted CA is to generate a self-signed root CA.

What should the FQDN be on this cert? The deplo...

welly_59 by L3 Networker
  • 2117 Views
  • 1 replies
  • 0 Likes

Resolved! Valid Object Name Requirements Documentation Wrong

When creating an Address Object (as well as other object types) the documentation for Palo Alto 8.1 says this, "The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores."

 

The popup that appea

...

JasonKC by L1 Bithead
  • 3330 Views
  • 2 replies
  • 0 Likes

Confused about zones

I'm currently migrating from a pair of Cisco ASAs and the zones have me a little confused.

 

Right now I have interfaces on the ASAs of inside, wireless, outside, dmz-private-web, dmz-private-db, dmz-public-web, dmz-public-db, dmz-dev-web, dmz-dev-db.

 

...

HA sync times

Recently I have noticed that it is taking longer to commit and sync the changes from my active PA to my passive PA and the management plane ramps up to 38%. any suggestions

jdprovine by L4 Transporter
  • 2943 Views
  • 7 replies
  • 0 Likes
  • 23698 Posts
  • 110 Subscriptions
Top Solution Authors
Labels