This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Trigger/logs DoS policy

Hello, We would like to be notified when there is a high number of requests to our servers, and even to control them in time. Aside to be able to see an event in the logs (as it is the case with the flood in the sessions) The configuration we are looking for does not require (and should not) limit the number of concurrent connections. We should...

BigPalo by L4 Transporter
  • 3467 Views
  • 2 replies
  • 0 Likes

Can't Update License from License Server

I recently bought a used PA-200 off ebay just to play with and learn on. It's been factory reset and has no licenses loaded. I am unable update the license from the license server. I do not have a support contract. I suspect I'm just hosed, but wanted to ask just in case whether I have any options.

Resolved! GlobalProtect with Certificate Profle

I have configured GlobalProtect to use Authentication Profile using LDAP (sAMAccountName) and a Certificate profile. I have user certificates pushed through Group Policy. The configuration works. However, I noticed a few things 1) If I login as UserA and delete the certificate from UserA's personal store, VPN will not connect (this is expected...

ce1028 by L4 Transporter
  • 7189 Views
  • 5 replies
  • 0 Likes

Resolved! Received conflicting ARP on interface ethernet

Hi all, after exporting the old config from my old pa500 to the 820, I had an old interface that was for my wifi vlan, that used to be a physical int on the 500 but I needed to remove it since now the 820 only has 4 ethernet ports, I reset it as a sub-int on the 820, but now I'm getting this message "Received conflicting ARP on interface ethern...

cdcirexx by L3 Networker
  • 18619 Views
  • 7 replies
  • 0 Likes

502 Bad Gateway Errors

I've recently noticed that I've started to receive '502 Bad Gateway' errors when trying to connect to a couple of specific websites (two so far). I use a PA-200 as my home network boundary device, running 8.0.3. I know that it's an issue with my firewall because I've tapped into the ISP feed directly, bypassing the firewall, and the site conte...

Sbarlock by L1 Bithead
  • 17161 Views
  • 5 replies
  • 0 Likes

Guest Captive Portal Auto-Registration Page

Hi, my customer have an PaloAlto 5050 , and he need to configure captive portal wifi guest access,my question is : is it possible using palo alto captive portal to have a form with the following information to fill (by the guest) first namelast nameemailphonethe customer have to accept the terme and the use condition ; before getting access , an...

Resolved! SSL Decryption just some users

Hello everybody, I'm struggling thinking how i can do this. I've implemented SSL Decryption in the Palo Alto FW and i just tried with two IP's with a succesful result. Now i would like to open the range. I want to apply that decryption rule to an OU of my domain but i don't know how to do it. Well, actually, i don't know if it's possible. So, t...

Deleting Security-Policy Rules from CLI

I'm trying to find a way to mass delete a couple of rules from the CLI. Is there a way to do this?I know you can run something like: > show running security-policy | match Minemeld|MineMeldBut I have not found a way to actually remove one of the matches the command above returns.

fospina by L0 Member
  • 5168 Views
  • 1 replies
  • 0 Likes

Resolved! Office 365 and SSL decrypt

Hi I have my PA's setup with O365 ip address and URL's using minemeld. Cool. But I would like to decrypt that traffic and I find that de crypt ssl breask lots of O365 stuff. Does somebody have a list of stuff I can de crypt or what I can't decrypt or is there a way of asking MS O365 to change my tenant to allow decrypt ? Or do i have to just put...

PA 820 MM Fiber interface will not come up with WAN Provider

I have a palo alto 220, a switch with fiber port, and a palo alto 820 with fiber port. We use AT&T 1G fiber for wan connectivity. If a palo alto is connected directly to the MM fiber wan the interface will not come up. When a switch is used as a media converter, the fiber interface/sfp on the switch does come up, and using a copper connx ...

pstrazza by L0 Member
  • 3772 Views
  • 1 replies
  • 0 Likes

DMVPN router traffic through DMZ to trusted LAN

We are setting up DMVPN routers for on-demand VPNs from our remote sites to HQ. our DMVPN routers have the front end exposed to internet and the back end is on our special DMVPN DMZ. When the VPN is built from the remote site traffic from the site comes into the DMZ and needs to be routed through the PA (5050) to the trusted interface (HQ LAN ...

Resolved! GP 4.1.1 wanting me to downgrade to 2.1.1 as an "Update"

I haven't had this issue with any other 4.1.1 clients I have installed for my users. We have been slowly rolling out 4.1.1 while upgrading machines and replacing them with users. This morning when I came in to finalize a deployment GP 4.1.1 is now prompting me that I haven't heard from my users that this is happening to everyone so I am thinki...

wtf gp.png
nrhoades by L0 Member
  • 3421 Views
  • 3 replies
  • 0 Likes

Query on wildcard certificate

Hello, Our wildcard certificate doesn't have any SANs associated with it. Is this a requirement for usage of a wildcard cert?Can I use the same certificate for both web management and GP? Thanks in advance.

Farzana by L4 Transporter
  • 2984 Views
  • 2 replies
  • 0 Likes

Resolved! HA Connectivity between 2 Data center with Fiber connection

Dear All, Can anyone please help regarding an HA configuration between 2 different data centers far in distance from each other, and connected to each other using a Fiber link. is that configuration possible? how to do this over only one link between the 2 locations? Thanks,

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks