This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4228 Views
  • 0 replies
  • 0 Likes

Destination NAT is not working when PBF for dual ISP is enabled

Hi All, I followed the guide at this URL to setup the Dual ISP for outbound access. https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/use-case-pbf-for-outbound-access-with-dual-isps I have set the http/https services to use ISP 2 and other traffic to use ISP 1. It is working find and the redundancy also working fine. However...

hosting not ok when isp 1 up OK.png
hosting ok when isp 1 down OK.png

Custom Syslog sender From Cisco WLC

We have wireless users.Cisco WLC directly sends syslog to PA.We have to parse it correctly.But after doing we get the followingWe also implemented agentless AD integration.We want users authenticated through AD could connect to some internal resources passing through FW.But when we type show user ip-user-mapping all type SYSLOGwe see the following

Screenshot_6.png
Radmin_85 by L4 Transporter
  • 2733 Views
  • 2 replies
  • 0 Likes

Move zone and policies between VSYS

Hello, One of our customer wants to implement VSYS. Currently, the current firewall is Checkpoint appliance (around 900 rules)..The idea is to replicated the config from the Checkpoint to the PA with only one VSYS to avoid a big bang...So I will create all zone (in the only one VSYS in the beginning) and policy between zone.Until now, everything...

licenselu by L4 Transporter
  • 4343 Views
  • 3 replies
  • 0 Likes

SSL Inbound decryption and SMTP

Hi, does anybody have issues with ssl inbound decryption and setting the smtp decoder in AV Profile to reset-both (antivirus + wildfire)? When the firewall receives an email (with ssl/tls enc enabled) and successfully decrypt the message and found a virus the firewall is not sending a SMTP response code 541. The firewall just block/reset the ses...

iweltag by L2 Linker
  • 4492 Views
  • 1 replies
  • 0 Likes

How to factory reset VM firewall

I was downgrading the VM 500 firewall from 8.1.1 to 8.0.10 and booted the image with wrong config file. I am able to ssh firewall but maint mode username & password (serial #) is not working. How can I reset the password and bring VM 500 in factory default settings ?

Prakhar by L2 Linker
  • 4156 Views
  • 1 replies
  • 0 Likes

DNS query to problematic web site

PA itself was generated the DNS queue of the domain that the management interfaceWhy would it come up with this action, and DNS proxy do not enabled.Please kindly advise. Log:This host was detected performing a DNS lookup for the domain en[dot]wt1[dot]pw. Although no traffic was detected with the IP behind this domain, this domain is used to buy...

samhk by L0 Member
  • 2429 Views
  • 2 replies
  • 0 Likes

Redundant Interface

Is there a good way to make an AE act like an ASA redundant interface? Basically all traffic goes through one interface unless it fails, then goes to the other interface.I'm looking for the same functionality that the ASA redundant interface provides but don't see a good way to do it.Thanks.

Resolved! system alert:certificate validation failure

we have a new PA-850 in production from couple of days. but the wildfire lincense is yet to be subscibed. the syslog is generating a high alert saying public cloud certificate validation failed, destination: wildfire.paloaltonetworks.com.

Always -on OTP

I have an interesting scenario where I have a firewall protecting an extremely sensitive server and some dedicated users accessing it through another zone. I ran into a situation where only couple of users need access to it when remote. I thought of implementing always-on vpn but what if they loose their laptops? I heard OTP with always on vpn c...

Panorama support license upgrade

Hello,I am just trying to upgrade support license of Panorama VM from 100 devices to 1000 applying the Auth code received for PAN-SVC-BKLN-PRA-1K. It is failing with message "Failed to install licenses. An initial license cannot be applied for renewal of license." Also commands request license info or request support info are failing (not produc...

QoS on inter-vsys traffic

We have internet traffic and tunnels terminating on vsys1. While our servers are in vsys2. Traffic to internet or tunnels is passed through inter-vsys routing from vsys2. Server X which earlier used to be in vsys1 and had qos applied for it tunnel traffic was moved to vsys2.Is it possible to apply QoS on traffic from X in vsys2 going to vsys1 tu...

raji_toor by L4 Transporter
  • 1885 Views
  • 1 replies
  • 0 Likes

Inbound SSL Decryption

Hi, I have two questions for folks 1) I have setup Inbound SSL decryption as outlined in the documentation (Import Server Certificate, Create Decryption Policy, Create Decryption Profile), and expected that when I looked at my traffic log to the server in question, I would see the decrypted flag set. However, my entry doesn't list it. How shou...

Resolved! LDAP groups not populating correctly

PA220, PANOS 8.1.1Working on setting up GlobalProtect using AD/LDAP auth and groups to define access. I have userconfigs setup by AD Group and the log is "matching config not found" On digging into it some more, it appears that the user, in the PA, doesn't have the appropriate groups attached. Despite that they do in AD. AD Group has four member...

Nathan.S by L3 Networker
  • 16345 Views
  • 21 replies
  • 0 Likes

Resolved! PAN System Based Reports

Hi, I have question about some system reports requests. Can PAN firewalls provide config reports belonging to changes which users made? Also Can I get system resources report by historical? Thanks

Resolved! working process behind policy with multiple depended applications

I was little ambigous on how Palo alto processes a policy. let say i have a policy with 3 applications(a,b,c) in application field and multiple service ports(1,2,3) is there a chance that one of the application(a or b or c) specified in my application field is also being allowed on ports other than what it meant be allowed (say A must be allowed...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks