This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Unable to find interface configured in vm machine in vmware

I’m new to Palo Alto VM series deployment and it’s the new project .. we’re trying to deploy Palo Alto HA in VMware environment . Deployed ovf template and configured management interface . Connected to GUI and all looks ok . But I’m not able to configure any other data interface because there is no other interface available in Palo Alto . But i...

Hari007 by L1 Bithead
  • 8172 Views
  • 6 replies
  • 0 Likes

Resolved! DH group 15 IPSec tunnel

HiI must build up an IPSEC tunel between PA and Watchguard XTM. The other Side gives me ike phase where DH Group is 15. On PA I only can choose Group 1—768 bits, Group 2—1024 bits (default), Group 5—1536 bits, Group 14—2048 bits, Group 19—256-bit elliptic curve group, and Group 20—384-bit elliptic curve group Is there a way to build up a "custom...

PPTP VPN can not be connected to external devices

I have built a VPN server in company domain and I have tried to connect it in the domain computer. Now I need it can be connected to external computer. I have search many information in Internet to know how to do this setting in firewall. But it still not work. Please help me to solve this problem.below is the NAT rules and security rules I set ...

Jacky.Yi by L0 Member
  • 2869 Views
  • 2 replies
  • 0 Likes

Resolved! Radius authentication for Global Protect

Hi community! I have encountered a "problem" with our Global Protect authentication while we were doing some maintenance works.We have an Authentication Profile with 3 RADIUS servers for authenticating the users, and the number of retries is set to 5.So, according to Palo Alto documentation, after 5 authentication attempts against server 1, it s...

Feature request thoughts - around nat selection

Hi I have 2 NAT pools, actually 4, cause for HA each pool is doubled - does that make sense. 1 pool is on a.b.c.13 and the second is on a.b.c.113. All good. what I would like to do is say going out internet interface from src group "out via non prod" nat to a.b.c.113going out internet interface from src group "inside ip address" nat to a.b.c.13 ...

DNS Proxy in Active Active cluster setup

Hi I am looking to setup 2 IP address I want to use for DNS proxy - I was planning on having each ip as a HA VIP - in fail over mode - 1 priotised to one node and the other to the other node Then I tried to setup the DNS proxy - can't attach it to ip but to interface. so I bound it to the same interface I have the HA VIPS on. some times it wo...

Routing issues LDAP AD server profiles

Hi, Im trying to set up Group mapping and foudn an interesting issue that I wabnted to put out here see if theres any ideas that can help us out. This is the situation: Hardwareethernet1/12 is trunk with subinterfacesethernet1/12.2 vlan 2 tagged subinterface with IP = PAethernet1/12.3 clan 3 tagged subinterface with IP = YAD server is on vlan 3 ...

rcaduser by L0 Member
  • 2713 Views
  • 2 replies
  • 0 Likes

Resolved! Security Rule Behavior when Applications selected with Service select in same rule

I have littel confiusion, need to know about that what will happen if i have rule where i have seleted application and custom (home grown application port) port in service tab. Ex- in applicaiton tab i have- Ping,icmp and ssh. in Service Tab- port 8080 and 8081 (custom web services object) Will this work or traffic will Drop. Thanks in A...

PA220 routing issue

I have three PA220s, let's call them PA220-APA220-BPA220-C They are connected in the following manner: PA220-A ---- PA220-B ----- PA220-C All three have an Inside and Outside Interface. All the Outside interfaces are connected via a Layer2 network. My IP addressing, let's say it's the following: PA220-A - Outisde - 172.16.10.1PA220-A - Inside 19...

Palo Alto change source port with communication Cloud Meraki

Hello,We have a client with 300 branch that use Meraki. These branchs has DSL link on WAN 1 and MPLS on WAN 2.We have a follow problem.The meraki send a packet UDP each 10s by interface ip WAN 2, for example 10.200.2.10:3009 , the traffic goes to network MPLS and throght to datacenter of my client and before of out by internet on Palto Alto itse...

How can we troubleshoot high transmit utilization or high utilization issue on interface?

How can we troubleshoot high transmit utilization or high utilization issue on interface? we recieved alert from solarwind like below for our palo firewalls: Summary: itsg_GSOC-XXXXX-Priority:-P3 ALERT: | Hostname | ip address | PA-3020 | serial number | 7.1.18 | 2 | 83 % High Transmit Percent Utilization Description: Interface ethernet1/1 · In...

Old spyware signatures are not sinkholed

I have dns sinkhole in place but the issue here is firewall is not stopping dns resolutions of old spyware(previous dynamic update version) sihgnatures/domains at dns level. Palo threat databse shows the domain as malware but no sinkhole action is taking place. Is this a known behaviour?

Aggregate Interface Throughput limit - Multi VSYS - Shared Gateway.

Hi Community I have multiple VSYS setup that also uses Shared Gateway for collating access to my Data Centre to and from each VSYS. I have a PA5250 setup running OSPF with a 40G routed connection to my Data Cente (Northbound) - in the shared gateway area on a dedicated P2P 40G interface.. Each VSYS has a secure zone and an unsecure zone. The Uns...

mcnairi by L1 Bithead
  • 9608 Views
  • 9 replies
  • 0 Likes

Syslog - Collecting Internal DNS

Hey Everyone, I noticed my Syslog box isn't receiving internal DNS information from the Palo. I originally thought the URL log type would capture internal information (yes i'm aware what URL stands for, but I could hope). However that doesn't seem to be the case. Is there a particular field, log type, or severity level I can enable to collect ...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks