This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Panorama support license upgrade

Hello,I am just trying to upgrade support license of Panorama VM from 100 devices to 1000 applying the Auth code received for PAN-SVC-BKLN-PRA-1K. It is failing with message "Failed to install licenses. An initial license cannot be applied for renewal of license." Also commands request license info or request support info are failing (not produc...

QoS on inter-vsys traffic

We have internet traffic and tunnels terminating on vsys1. While our servers are in vsys2. Traffic to internet or tunnels is passed through inter-vsys routing from vsys2. Server X which earlier used to be in vsys1 and had qos applied for it tunnel traffic was moved to vsys2.Is it possible to apply QoS on traffic from X in vsys2 going to vsys1 tu...

raji_toor by L4 Transporter
  • 1863 Views
  • 1 replies
  • 0 Likes

Inbound SSL Decryption

Hi, I have two questions for folks 1) I have setup Inbound SSL decryption as outlined in the documentation (Import Server Certificate, Create Decryption Policy, Create Decryption Profile), and expected that when I looked at my traffic log to the server in question, I would see the decrypted flag set. However, my entry doesn't list it. How shou...

Resolved! LDAP groups not populating correctly

PA220, PANOS 8.1.1Working on setting up GlobalProtect using AD/LDAP auth and groups to define access. I have userconfigs setup by AD Group and the log is "matching config not found" On digging into it some more, it appears that the user, in the PA, doesn't have the appropriate groups attached. Despite that they do in AD. AD Group has four member...

Nathan.S by L3 Networker
  • 16084 Views
  • 21 replies
  • 0 Likes

Resolved! PAN System Based Reports

Hi, I have question about some system reports requests. Can PAN firewalls provide config reports belonging to changes which users made? Also Can I get system resources report by historical? Thanks

Resolved! working process behind policy with multiple depended applications

I was little ambigous on how Palo alto processes a policy. let say i have a policy with 3 applications(a,b,c) in application field and multiple service ports(1,2,3) is there a chance that one of the application(a or b or c) specified in my application field is also being allowed on ports other than what it meant be allowed (say A must be allowed...

Who vets External Dynamic Lists (EDLs)

The Knowledge article on blocking TOR, https://live.paloaltonetworks.com/t5/Featured-Articles/How-to-Block-Tor-The-Onion-Router/ta-p/177648, references a list on panwdbl.appspot.com. This website has a number of lists that can be used to filter traffic, including the list of TOR exit nodes. What process is used to ensure these lists are accurat...

Autofocus Minemeld Advantage vs wildfire?

My understanding is that wildfire autoupdates some URL categories within 5 minutes if you have the correct licensing. With a current wildfire/URL filtering subscription, and without traps on our network, what is the real advantage to autofocus? My understanding is that it lists malicious IP's/domains/URL's, but if you have wildfire updating, an...

Sec101 by L4 Transporter
  • 3855 Views
  • 5 replies
  • 0 Likes

RSA AM and PA Configurations

Want to know if anyone has configured a PA to use the RSA Authentication Manager yet? I have seen an RSA document from 2010 that states it can be done.

Resolved! Inter VLAN routing - best practices/suggestions

Hi guys, I've got about 7 or 8 VLANs that segregate my various departments. I want to inspect the traffic that goes from these VLANs to my server VLAN. What's the best way to do that? The only article I could find suggests creating a zone for each department. They are all currently configured as Layer3 subinterfaces on the same VR but this isn't...

Current Interface Config.JPG
Konos44 by L1 Bithead
  • 12702 Views
  • 5 replies
  • 0 Likes

Guest Access via Captive Portal - problem with page not always appearing

I have set up a guest wifi network with an access point on an ethernet port of the PAN firewall. The guest wifi network is unsecured. I am using a web-form to ensure the guests see our logo, terms, and type in the correct password to proceed.The setup works most of the time. On occasion when using this setup via an Apple iOS device (iPhone, i...

cenders by L3 Networker
  • 20341 Views
  • 17 replies
  • 0 Likes

Captive Portal - Terms of Service

I would like to configure my PA-200 in such a way that when the user tries to browse a web site, he is presented with the captive portal. On this page I would like to display a "Terms of Service" banner telling him about acceptable use etc. I do NOT wish to authenticate individual users.A simpe banner and an I Accept/Cancel button would suffice....

u13001 by Not applicable
  • 22450 Views
  • 36 replies
  • 2 Likes

Captive Portal NTLM and responce page

Hello Today I configured for one of my zone insted of default-web-form default-browser-challenge.When I try to open new session on computer that isnt a Windwos AD machine i got:and when I clicked Cancel: I'm pretty sure that above message is possible to translate/personalse. Unfortunetelly in Responce Pages I can't find that option. Is is possib...

2018-06-20_203000.jpg
2018-06-20_203012.jpg
_slv_ by L4 Transporter
  • 3874 Views
  • 2 replies
  • 0 Likes

limitation when monitoring uptime with snmp

Hello Community. I have an inquiry with which maybe you can help me. This is the situation: In order to know the uptime I´m using the OID 1.3.6.1.2.1.25.1.1.0 to get the value of object hrSystemUptime. This is a counter of 32 bits and considering it´s counting in hundreds of seconds, the maximum uptime without overflow is: 2^32 = 4294967296 (hun...

Carracido by L4 Transporter
  • 5190 Views
  • 4 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks