This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Resolved! MineMeld can not get O 365 JSON format list

Hello [Failure event]In the case of O365 's xml format, when MineMeld received traffic after ClientHello, I got a list but if I set config for JSON support I can not get a list. [Prerequisites]MineMeld will go through Paloalto and do Internet communication. [Question]I think that the packet flow that can be checked with Paloalto is incorre...

OSPF, VPN, routing and distribution

I'm trying to solve a routing conundrum to improve a remote site and provide redundancy, and hoping others may have some solutions. The short version is that we have the remote site with basic commodity internet using VPN to connect back to two datacenters. The datacenters in turn have direct links to each other, and all are running OSPF. The is...

PAN OSPF.PNG

Resolved! 802.1x wired authenicaton with MS CA and paloalto

Dear Sir,I am beginner in 802.1x authenication and paloalto.So please help explained and guide.I want to use 802.1x with MS CA.Can i use paloalto firewall as a policy enforcer for 802.1x authenication ?can use PA as a radius server for user log and mornitor ?

crypto by L2 Linker
  • 5515 Views
  • 1 replies
  • 0 Likes

Authtenticate non web services such as Telnet/FTP without Global Client

Migrating a Cisco fw to a Palo Alto and the Cisco has the ability to authenticate users to external Radius for FTP transfers based upon policy rules - the end user simply gets a user name and pass prompt which works across all platforms and can be scripted for automation. I know the Palo Alto has the ability to auth requests that are web based ...

Juan_R by L0 Member
  • 3130 Views
  • 2 replies
  • 0 Likes

Resolved! MFA "SSL Connect Error"

I am testing Multi Factor Authentication with Okta. I have configured everything (including certificate profile) as per the guide as well as Okta specific YouTube video, The first factor (active directory auth) is working fine, however, I am getting "SSL Connect Error" in the authentication logs. I could see the 443 connections going to Okta. Ho...

Arris (AT&T Fiber) to PA-220

All, I have an Arris (BGW210-700) set up as 192.168.2/24 (DHCPed) and have successfully configured the IP Passthrough to the PA-220. However, I am unable to get outbound from the PA-220. Has anyone run across this? I have the Arris going into 1/1 (as WAN), and then providing internal routing / DHCP, etc. This was working when I had Frontier / V...

ckg1999 by L1 Bithead
  • 3298 Views
  • 2 replies
  • 0 Likes

Resolved! Allow internet only after HIP fail

We are looking to configure the firewall rules where if a known user fails the HIP check, the user has access to only the internet, and not the intranet. I currently have the rules configured such that failing the HIP check allows the user to access to both the internet and the intranet. We tried blocking RFC1918 in the destination address field...

mikembau by L0 Member
  • 2408 Views
  • 1 replies
  • 0 Likes

Pan-configurator predefined.xml

Hello, I am using Pan-configurator to create some scripts, and i am wondering how to update predefined.xml file. Can we update this file manually or automatically? Kind regards.

Resolved! Hardware Requirements to PA - 5050

Hi, i need Hardware Capabilities ( type of Cable, Chassis Height , Data Ports , managment ports ... ) of Palo alto PA-5050 to install in Data center of our customer in cluster with two WLC. Thanks,

RosVerde by L0 Member
  • 3008 Views
  • 2 replies
  • 0 Likes

IP pool problem

Hello,I have an IP pool for GP users and IP are no being clearing when users disconnect the VPN, to clear this IPs we have to reboot the FW,Is there other way to clear this addres ? this must be cleared automatically after disconnect? Regards

Marivi by L2 Linker
  • 6975 Views
  • 9 replies
  • 0 Likes

Resolved! AWS Multi-VPN Tunnel with Palo Alto NGFW - Flow Issue

My PA NGFW managed to setup VPN tunnels with AWS VGW. AWS given 2 sets of VGW where each of the VGW comes with 2 links that will connect to NGFW 2 ISP link respectively with different set of public IP Address.. Below are the setup flow:NGFW ISP1 -> AWS Tunnel1 (vgw1)NGFW ISP1 -> AWS Tunnel2 (vgw1)NGFW ISP2 -> AWS Tunnel3 (vgw2)NGFW ISP3...

Resolved! Migrate config from Panorama template to local device

Just getting my head around the ins and outs of Palos, and some initial lab setup we had leveraged a couple of PA-220s and a virtual instance of Panorama. Using that config, I'm building a standalone PA-220 and want to recycle the bulk of the config from what I'd tested with, however, importing that is shown as the config from Panorama, which w...

cdawson by L0 Member
  • 3603 Views
  • 2 replies
  • 0 Likes

Resolved! URL filtering action preference when a same URL is included in 2 different custom categories.

Hi All, What action would URL filtering prefer if the same URLs are placed in 2 different custom categories with different actions in a profile. Example custom_URL_category_1 = *.somesite.comcustom_URL_category_2 = *.somesite.com On the URL filtering profile custom_URL_category_1 = alertcustom_URL_category_2 = block which one would take preferen...

CRL revocation traffic identified as ms-update

Is this an expected behaviour? We where somewhat surprised that the application included this traffic. It includes all SSL CRL traffic (like establishing remote desktop or visiting websites), independent if its related to Windows Update.

Resolved! PA220 as a router?

Hi,We are planning to have paloalto PA220 firewall in our new sites and instead of purchasing new cisco routers (ISR 4000 series), we will just use the PA220 as a router.Our link is via ipvpn (not IPSec) with GRE tunneling. And we will be using EIGRP as routing protocol.Is this a good move? or not? Appreciate your advise. Cheers! Ben

bentot by L0 Member
  • 4131 Views
  • 2 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks