This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4233 Views
  • 0 replies
  • 0 Likes

invalid interface

hello have getting a lot of 802.1q tag not configured and invalid interface message in global counters. I'm trying to find the cause, I have configured subinterfaces I see traffic in rx.pcap with properly tag, all traffic is dropped, I see as destination mac addres of the fisical interface when I have configured subinterfaces, could someone help...

Marivi by L2 Linker
  • 9057 Views
  • 8 replies
  • 0 Likes

Feature Request - Reporting

I just spoke to Jim Silha about reporting. Palo Alto comes with a user activity report. Under the section 'Browing Summary by Website' there is a 'Host' column. It is much more report friendly than say 'URL'. I would like to be able to use that in my custom reports but was unable to find that under the 'Available Columns' for any of the logs....

HA Active/Active and VPN

Hello, We have a scenario where a customer wants to deploy two PA3250s in two different locations which will be an Active/Active cluster. There will be a layer 2 link between the two sites and also customer wants a VPN as a backup if the layer 2 link goes down. Is this possible? How can we implement this if possible? Thanks.

sajidsil by L0 Member
  • 4004 Views
  • 3 replies
  • 0 Likes

LDAP interval

Hi,I have a question in reference to the LDAP interval time. Specifically what my goal is I want to be able to let the firewall know about my AD group membership changes quicker. For example if I have a specific AD group that is configured on the fw to control a specific PBF rule, when I add or remove a domain account from that AD group, what is...

Resolved! URL domain reports

Hello,I'd like to produce URL reports. I noticed that you can get report on the comlete URL but not based on the URL domain.i.e i get entry for www.pippo.com/cpp/layout.css and another entry for www.pippo.com/img/pippo.jpg and for report purpose is only www.pippo.com that is relevant for me ...That seams for me relatively usefull ..... Is possib...

Resolved! Meaning of different Interface states

I have scourred everywhere...... What are the differences between the interface states? I can't find anything anywhere!! ukn/ukn/down(power-down)disabled/downforced/uknforced/down If there are others I have missed, I'd love to be enlightened.

Weirdest thing I have seen

Having a weird issue. I installed an 820. I have internet traffic being NAT'ed. My gateway is set to the Palo. My hops to the internet look like this Windows Box ---> Palo 820 --> Cisco Pix --> Internet Provider Pretty basic.. I have a rule in place to allow all internal to 0.0.0.0/0 443, 80.. I can get to anything google even your tu...

Bad certificate _ inbound ssl inspection

Hi All we are using 3rd party singed certificate for inbound SSL inspection , once we imported the certificate it is not showing any error and commit is working fine . once we add the certificate to decryption policy it is showing error as bad certificate and commit is failing . The certificate is 3rd part signed CA and its not the CA or subordi...

Rameshwar by L3 Networker
  • 4082 Views
  • 3 replies
  • 0 Likes

Resolved! URL Category and URL Profile in same Rule

We have a default URL Filtering Profile that we use for general use. The default URL Filtering Profile has a couple dozen URL Categories which are set to alert. I need to allow EXEs from only five of the URL categories. If I add the five URL Categories to a rule on the Palo Alto under "URL Category" along with the URL Filtering Profile under ...

GlobalProtect remote access - some pointers

Dear All, I'm relatively new to Palo Alto firewalls and I am attempting to implement GlobalProtect to provide remote users with access to our internal network through the Palo Alto firewall and I am striggling to get even the most basic system working, so I wonder whether I could ask for some pointers for anyone who has got a working GlobalProte...

GlobalProtect Best Practices

I searched through previous threads to see what the best practices are for securing GlobalProtect but the only thread I saw was dated and didn't have too much information. Could anyone share what their best practice is with setting up GlobalProtect? I'm currently using Cisco AnyConnect and would like to transition to GlobalProtect. My enviornmen...

Resolved! LDAP not work if management interface IP address cannot reach Windows AD

Configuration as below 1. Mangement interface with IP 192.168.1.2 (non-PA device as gateway)2. Windows AD with IP 172.16.1.2 (PA device layer3 interface as gateway)3. Subnet 192.168.1.0/24 and 172.16.1.0/24 cannot reach each other With correct LDAP config (LDAP IP, Port, Base DN, etc.). Go to "Device > User Identification > Group Mapping S...

jeremylo by L3 Networker
  • 3266 Views
  • 2 replies
  • 0 Likes

Resolved! VPN not working

Hi, we are configuring a VPn between Palo Alto and PFsense. The VPN is configured properly but its nos getting up. No phase 1 up. We have treid to change all values proposals and lifetime. This is the log. We tried to change lifetime with no success. Whats happening? ====> Initiated SA: 1.1.1.1[500]-2.2.2.2[500] cookie:4ff9f28d21a8b446:cc5af...

BigPalo by L4 Transporter
  • 5288 Views
  • 4 replies
  • 0 Likes

Anti Phishing Continue Page does not redirect and shows certificate error

Hi All, The customer has deployed Credential Detection feature. They are able to view logs of the same on the firewall. They have the action as "Continue" for "Auction" URL category. On submission of credential Response page do not appear and " SEC_ERROR_UNKNOWN_ISSUER" error is displayed. I checked the certificate when the error appears in ...

chromeCapture.PNG
  • 24357 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks