This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4126 Views
  • 0 replies
  • 0 Likes

FW Logging Prefix list

Can any one confirm that when we configured log collector group with two managed log collector (both active and passive Panorama's) and if see the logging status on the firewalls does it show only the Active Log collector or both Active and Passive log collector.thanks

Sanssj by L2 Linker
  • 2531 Views
  • 2 replies
  • 0 Likes

Resolved! Filtering for security policies with DSRI enabled

Has anyone found the syntx to search in the security rule-base for any rule that has "disable server response inspection" enabled.I attempted using disable-server-response-inspection eq 'yes' and other modifications of that similar syntax with no luck. I know searching for log settings is possible through the similar syntax log-start eq 'yes' et...

URL recategorization

Hi, I would like to know how I can receive details on why a URL is placed in certain category and not another. I have a specific one that I submitted (nbcnewyork.com Palo Alto states is Entertainment and Arts) however the employees submitting this for recategorization state this is a news site. I would like the details so I can supply a reason...

Resolved! Custom Report - Generating a Traffic Volume per Hour report, sorted by date/time

I've been attempting to create a report requested by a client using the Custom Reports module. The client is requesting a weekly report, containing 7 days of volume usage broken down by hour. I've managed to get the data I require, using the Traffic Log database, grouping by day - however the Sort By options leaves much to be desired. Are there...

NAT allocation during a pool configuration.

Team,We have a NAT pool configured for one of the ongoing requirements. Is there a way to force this pool to allocate IP address from start to end as per new requests come in? e.g. NAT pool configured is 10.10.10.1 to 10.10.10.10IP source is anything between 192.168.10.1 to 192.168.10.10 We noticed that if the traffic source is 192.168.10.2 it c...

nson2139 by L3 Networker
  • 3514 Views
  • 4 replies
  • 0 Likes

Security Policy not HIT after work for 1 month

I got setup 6 AWS VPC with direct connect connection to on prem panorama, which is working fine for a month, and now suddently all 5 VPC disconnected from panorama in the same time. i checked the BGP and IKE all established, i can ping the panorama IP, and make sure the right security policy with specific ssl and panorama application allowed. my...

Resolved! PANOS 7.1.x Internet Explorer web management slow

Hi, I upgraded our FWs from 6.1 to 7.1 a few weeks ago and ever since the web management access from Internet Explorer is painfully slow to load - takes around 1 minute to bring up the dashboard after logging in or contexting from Panorama to a firewall. Running from Chrome and it loads in 10secs. I've been through multiple combinations of setti...

JackGray by L1 Bithead
  • 4267 Views
  • 3 replies
  • 0 Likes

Resolved! Session Timeout Settings

Hi,we are using a PA environment in combination with Bluecoat Proxy SG for caching and user authentication. Bluecoat describes on his knowledgbase KB3323 the differences for session timeouts on proxie servers and firewalls.From our proxies I have many retransmissions to the Internet and so I want to change my timout settings on the PA in a bluec...

PA System Logs

Dear Expert , I need to get all System messages of PA in case of the below Events CPU Errors, warnings.Memory, RAM utilization warning, problem.Hardware failure, problem. .(Physical Events)Links , interfaces down.Processor warning.Disk warning.Fan warning.Power supplies warning.Restart, reboot events.Shutdown event.Your support is highly apprici...

hi Community

Hi all, We have upgraded globalprotect version 3.1.4 to 4.1.2. Its connected successfully . But after some time it saying portal not available. username take as portal name. anyone experience with globalprotect 4.1.2???

Resolved! Palo-Cisco VPN Logs

Im setting up a s2s vpn between a Palo and a Cisco ASR. The GUI is showing it all as up - green lights and ike tunnels. But the logs are showing the below: IKEv2 child SA negotiation is failed message lacks KE payload I am not sending traffic down the vpn yet so i am unable to ascertain if this is important message or not (would rather know it w...

welly_59 by L3 Networker
  • 8842 Views
  • 5 replies
  • 0 Likes

Custom HIP Check for Linux

Hey guys, I've been tasked to have Globalprotect only allow company owned devices over the VPN. I know I can create custom HIP checks for Windows/Mac (reg/plist value). How would I do the same for Linux clients? I have two end users that work remote, and are on a Linux machine. Still having issues with getting the GlobalProtect client for linux ...

PA-VM guest ethernet1/x in VMWare Workstation can't communicate with the host OS or any other hosts

My topology is as follows.Client (10.1.1.11) <--> (10.1.1.10) PA-VM (172.16.1.10) <--> (172.16.1.11) Server ethernet1/1 ethernet1/2 PA-VM-ESX-8.0.0.ova image was downloaded from PA support site and installed on VMware Workstation.I was able to ssh and accessing web GUI via management interface. No...

prenatip by L1 Bithead
  • 2529 Views
  • 1 replies
  • 0 Likes

Resolved! BlueCoat Proxy Health Checks Failing through Palo Alto - App-ID "incomplete"

Hi guys, We have migrated our production web infrastructure to run through Palo Alto (previously running through Checkpoint) and although we have no issues with production traffic we are seeing some intermittent failures on our health checks between Child and Parent bluecoat proxy devices. The health check is purely doing a TCP connection on por...

rds-r2d2 by L2 Linker
  • 9140 Views
  • 6 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks