This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Resolved! moving policies and objects to another device group

Policies and objects are currently in the wrong device group. able to move everything successfully except for the address objects. i feel the move is pretty self-explanatory, but i have taken the time to read the user guide and still no luck. is there some particular order this needs to be done? any assistance would be appreciated.

SFP Compatibility

Hi I have got 3 firewalls. 5050 and (3020-1 & 3020 -2 HA pair). We are trying to replace the core 6500 switch with meraki 425. and we have got the MA-sfp-10gb-sr and we need to look for supported sfp in palo side. I found one good fit as PAN-SFP-PLUS-SR (AFBR-709SMZ ). from online. But, I am not sure that whether one end witht the cisco sfp...

Minemeld Installation on RHEL 7.4

Dear Team, I have successfully installed minemeld on RHEL 7.4 and Am able to access the web console from Local Machine but am not able to access from Network. Please help if anyone faced the same issue. Thanks and Regards,Ramprasath

Virtual IP address in HA- Active Passive Mode

Hi Experts, I've query about High Availability Active-Passive. As we know, interface IP addresses are same on both the firewalls and when Active device goes down, secondary firewall will take over by sending gratuitous arp to switches. So switches can learn about the new Mac addresses and traffic start forwarding. But this causes a blip in netwo...

5250's failing to pass traffic after AV software update

Hi, We are on the version 8.1.2 and If I upgrade to the latest ‘Applications and Threats’ version, currently 8044-4859, and then upgrade AV from 2678-3175 to 2683-3180 all rules fail, and traffic drops through the default deny. I do not see any particular logs except "HA peer Anti-Virus set to Unknown". 2018-07-25 08:49:54:user:admin,client:Web...

Bomi by L1 Bithead
  • 2899 Views
  • 3 replies
  • 0 Likes

Resolved! tcpdump - view whole packet in CLI

Hello. I know I can capture whole packets (snaplen 0) and select verbose (and verbose ++) output when viewing packet captures with tcpdump on mmt interface.But can I see whole packet in CLI? Verbose output only seems to add some header fields, I can't see content of a packet.I know I can export the files via SCP. But some customers won't agree t...

santonic by L6 Presenter
  • 4794 Views
  • 2 replies
  • 0 Likes

Upgrade to PAN-OS 8.0.11 causes device restart loop

I performed an upgrade on a HA Pair of PAN-5220 firewalls from PAN-OS 8.0.7 to PAN-OS 8.0.11 and once the firewalls booted up they would run for about 5 minutes, alarm (red LED on device) and then reboot, over and over and over. Even with only one firewall running on PAN-OS 8.0.11, it would eventually alarm and reboot. Thankfully the devices s...

mlinsemier by L4 Transporter
  • 15290 Views
  • 13 replies
  • 0 Likes

PA-3260 High Availability

We are migrating our Active-Passive PA-500 enviroment to an Active-Passive PA-3260 enviroment.In the PA-500 for the High Availability Control Link (HA1) was ethernet 1/7 and for the Data Link (HA2) it was ethernet 1/8.For the PA-3260 I can use HA1-A but for the Data Link I would like to use HA1-B but I'm only able to select the HSCI interface.Wh...

ZEBIT by L3 Networker
  • 3176 Views
  • 1 replies
  • 0 Likes

prevent file copy over ssl vpn

Hi all is there a way to prevent file copy over ssl vpn tunnel. user work from connects via SSL VPN and we want to make they cannot copy file to their personal PC. we have disabled RDP clipboard but thats not enough. regards

Wadhwani by L0 Member
  • 5162 Views
  • 4 replies
  • 0 Likes

SSL/TLS proxy

An internal client can only make sslv3 connections while an external server only accepts tls 1.2 so the goal is to create a policy that will allow this, using the PA as an SSL proxy. Is this possible? I was looking at decryption policies but I'm not sure how to fwd the connection attemt to be tls 1.2 to the external server. any help would b...

How do you completely remove a Firewall from Panorama

We are in a situation where we have over 50 Palo Altos that we have migrated to panorama over the years. Many of our Palos still have local rules on them as well as Panorama based rules. We would like to convert these firewalls to use only Panorama rules. To our understanding you can export the firewalls from Panorama and then import them again ...

panorama-error.png
CZellars by L1 Bithead
  • 10568 Views
  • 3 replies
  • 0 Likes

Filter security policies by no description

I am trying to view only security policies that do not have a description. I have found the following links but am unable to get the output i need. I need to show rules with no description and for all the operations i must define a valuen and all i am after is a NUL. https://www.paloaltonetworks.com/documentation/traps/4-2/traps-endpoint-secur...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks