This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4222 Views
  • 0 replies
  • 0 Likes

Resolved! ospf route tie breaker in PA

Hi all, I am trying to make sense of tie breaker in case of equal cost ospf routes on palo alto ( all the route below have the same metric and all of the same type). Note ECMP is not use so only one route is choosen for routing. Couldn't find on the rfc what would be the tie breaker on such case and on some forum some people refer to the lowest ...

KarimSN by L1 Bithead
  • 5253 Views
  • 4 replies
  • 0 Likes

Resolved! Traps client - uninstall password

Hi all, We are currently testing Traps and during client installation, one of my colleague configured a wrong IP for ESM serveur. Traps client is installed but as it is unable to reach server, uninstall password in not set. Does anybody know how I can unistall Traps client on laptop or change ESM server IP ? What is the "default" uninstall p...

VinceM by L5 Sessionator
  • 19302 Views
  • 8 replies
  • 0 Likes

Resolved! Unexpected behaviour URl filtering web

Hi, We are having a unexpected behaviour with PA identifying a web: "rose.pharmaintelligence.informa.com"This web is categorize like "news". We have in our URL profile "continue". But we are seeing that this web is being denied with reason "policy deny". Why PA is not allowing this web?

URL.JPG
url news.JPG
traffic.JPG
BigPalo by L4 Transporter
  • 6577 Views
  • 10 replies
  • 0 Likes

Resolved! Bulk import applications into application group

Hi Lazy request here... Im trying to create application groups which will have a lot of applications in them and i wonder is there a way of easily importing a load of apps into a group, rather than typing it in one by one? I have exported the logs so i have the correct name of every app i just want to know if can then add all these app into one ...

CRDF18 by L2 Linker
  • 6935 Views
  • 6 replies
  • 0 Likes

Global Protect Client software version

Hi all, We upgraded client vpn 3.1.4 to 4.1.2. We are having 200 end users. I just need to check how many users accessing new Version. because still old version also available. How many of using Globalprotect version 3.1.4 ?How many of using Globalprotect version 4.1.2 ? Thanks,Lakshitha.

Resolved! Adding device serial number to Panorama with API

I am trying to add a PA-VM to the Panorama using the Panorama API. I try: https://1.0.20.30.40//api/?key=LUFRPT0zAndSoOnAndSoOnAndSoOn=&type=config&action=set&xpath=/config/devices/entry[@name='all']&element=<serial>12345678012345</serial> and I get : StatusCode : 200StatusDescription : OKContent : <response status...

Resolved! Question about outbound hostname restrictions

I'm familiar with user based restrictions to outbound resources, such as youtube, but is it possible with say, a regex expression, to block access to a site like youtube through a list of machines that include a name like kiosk, as in cakiosk01, cokiosk02, flakiosk03, etc. ?

murphyca by L1 Bithead
  • 5585 Views
  • 7 replies
  • 0 Likes

Resolved! Single firewall with core connections

I have a single firewall no HA at the moment which is connected to my 2 core routers which the routers running HSRP. How does Palo device know which device to send traffic to as it seems its sending too both causing asymmetrical routing.

clydef by L0 Member
  • 2653 Views
  • 2 replies
  • 0 Likes

Resolved! TAXII into QRadar

Hi there, Is there any guidance for how to set up TAXII output for QRadar to ingest? I see in the latest release notes: - TAXII DataFeed now translated IP Ranges into CIDR for better compatibility with 3rd party TAXII clients (read IBM QRadar) So I figure it must be possible 🙂 but when I put the discover service URL into the Threat Intell...

Resolved! How to use Aggregate interfaces LACP?

Testing a PA-220. Create an Aggregate group with 2 interfaces.Both interfaces connect to an unmanaged D-Link switch. And it connected to the company network.The aggregate interface can up when LACP is not enable.After enable LACP. It down and hover the mouse on it show below info: ethernet1/2: not active (negotiation failed)ethernet1/1: not acti...

jeremylo by L3 Networker
  • 9608 Views
  • 5 replies
  • 0 Likes

Resolved! Is LDAP server signing request supported on the latest PAN-OS version for the User-ID Group mapping.

Hi All, I would like to know if we started to support the LDAP server signing request on our latest PAN-OS versions for the User-ID Group mapping. I tried searching for latest docs and verified the latest admin guides but could not find a supporting document for it. We have a document which is pretty old: >> https://live.paloaltonetworks.c...

Need help determining why something is blocked.

I am getting the following items blocked, but I can't tell why. I am not blocking the games category with my URL filtering. I also can't find a way to specifically allow Microsoft PE file transfers. I have also tried whitelisting the site, but nothing I do will allow this. Sorry I'm new to Paloaltos but it seems like it should be easier to de...

Palo-Deny.GIF
dsmall by L0 Member
  • 3137 Views
  • 3 replies
  • 0 Likes

Resolved! How to add a new admin user via the API

I'm working on a script to deploy new Palo Alto firewalls in vmware from template, using powershell.I'm doing this with API calls in the powershell code. for instance, change hostname: $hnURL = "https://myPA//api/?key=" + $apiKey + "&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/syste...

ICAP support with PA for DLP

Hi Team please advise if DLP , ICAP is supported with PA . There is no document found as such , but i have found few fourms which says it is not supported but wanted to check as a confirmation.

Rameshwar by L3 Networker
  • 5987 Views
  • 1 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks