General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1797 Views
  • 0 replies
  • 0 Likes

Blocking TLDs with a URL filter

Hello all,

 

I'm attempting to block about 1340 TLDs with a URL filter.  However, I can't seem to get the URL filter to not block any URL where the TLD string is part.

 

For example:

If I want to block the .able TLD, I block "*.able" via a URL Category th

...

mbrownnyc by L1 Bithead
  • 13758 Views
  • 11 replies
  • 2 Likes

Radius & OTP Globalprotect VPN

So if I am configuring a a VPN to use radius & OTP (multi factor authentication) and LDAP. Do I add the radius authentication to both the portal and the gateway? and if so where and how does the LDAP authentication occur?

jdprovine by L4 Transporter
  • 8176 Views
  • 13 replies
  • 0 Likes

static routes remain valid even when ipsec tunnel down?

I discovered that static routes associated with ipsec tunnels that are down remain valid and continue to be redistributed by, in our case, OSPF. This is not the behavior we desire. We'd like the static routes to become invalid and not be redistribute

...

gmparis by Not applicable
  • 7579 Views
  • 3 replies
  • 0 Likes

ICMPv6 Custom Apps

 PAN-OS has a gap in AppID for ICMPv6 apps.  Working against RFC4890, I created custom apps for the recommended ICMPv6 types/codes.

 

Sharing here for other's benefit.

 

set application icmpv6-echo-request category networking subcategory infrastructure t...

DrJonBane by L3 Networker
  • 3454 Views
  • 2 replies
  • 1 Likes

Custom Syslog sender From Cisco WLC

We have wireless users.Cisco WLC directly sends syslog to PA.We have to parse it correctly.But after doing we get the following

We also implemented agentless AD integration.We want users authenticated through AD could connect to some internal resource

...

Screenshot_6.png
Radmin_85 by L4 Transporter
  • 2463 Views
  • 2 replies
  • 0 Likes

Move zone and policies between VSYS

Hello,

 

One of our customer wants to implement VSYS. Currently, the current firewall is Checkpoint appliance (around 900 rules)..

The idea is to replicated the config from the Checkpoint to the PA with only one VSYS to avoid a big bang...

So I will crea

...

licenselu by L4 Transporter
  • 3804 Views
  • 3 replies
  • 0 Likes

SSL Inbound decryption and SMTP

Hi,

 

does anybody have issues with ssl inbound decryption and setting the smtp decoder in AV Profile to reset-both (antivirus + wildfire)? When the firewall receives an email (with ssl/tls enc enabled) and successfully decrypt the message and found a

...

iweltag by L2 Linker
  • 4287 Views
  • 1 replies
  • 0 Likes

How to factory reset VM firewall

I was downgrading the VM 500 firewall from 8.1.1 to 8.0.10 and booted the image with wrong config file. I am able to ssh firewall but maint mode  username & password (serial #) is not working. How can I reset the password and bring VM 500 in factory

...

Prakhar by L2 Linker
  • 3916 Views
  • 1 replies
  • 0 Likes

DNS query to problematic web site

PA itself was generated the DNS queue of the domain that the management interface

Why would it come up with this action, and DNS proxy do not enabled.

Please kindly advise.

 

Log:
This host was detected performing a DNS lookup for the domain en[dot]wt1[do

...

samhk by L0 Member
  • 2176 Views
  • 2 replies
  • 0 Likes

Redundant Interface

Is there a good way to make an AE act like an ASA redundant interface? Basically all traffic goes through one interface unless it fails, then goes to the other interface.

I'm looking for the same functionality that the ASA redundant interface provides

...

Resolved! system alert:certificate validation failure

we have a new PA-850 in production from couple of days. but the wildfire lincense is yet to be subscibed. the syslog is generating a high alert saying public cloud certificate validation failed, destination: wildfire.paloaltonetworks.com.







Always -on OTP

I have an interesting scenario where I have a firewall protecting an extremely sensitive server and some dedicated users accessing it through another zone. I ran into a situation where only couple of users need access to it when remote. I thought of

...

Panorama support license upgrade

Hello,

I am just trying to upgrade support license of Panorama VM from 100 devices to 1000 applying the Auth code received for PAN-SVC-BKLN-PRA-1K. It is failing with message "Failed to install licenses. An initial license cannot be applied for renewa

...

QoS on inter-vsys traffic

We have internet traffic and tunnels terminating on vsys1. While our servers are in vsys2. Traffic to internet or tunnels is passed through inter-vsys routing from vsys2.

 

Server X which earlier used to be in vsys1 and had qos applied for it tunnel tr

...

raji_toor by L4 Transporter
  • 1716 Views
  • 1 replies
  • 0 Likes
  • 24239 Posts
  • 117 Subscriptions
Top Solution Authors
Top Liked Authors
Labels