This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Resolved! Is there a protoype that can read this XML format?

Before I go down the route of writing a prototype (or attempting to), I was wondering if there was a prototype that I could use to read an IP list in this XML format. I would be interested in pulling out the address and country: <?xml version="1.0" encoding="utf-8"?> <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" ...

Running MineMeld from OVA

Good afternoon! I have a quick question about running MineMeld from the OVA. We have some pretty strict policy against installing via GitHub and, the best way for me to get MineMeld installed, would be to use the OVA method. I'm new to running it this way. After I get MineMeld up and running on this VM, can I upgrade MineMeld to the latest ...

Not having a Threat license on panos and do the AV and anti-spyware functions even work?

I am a little new to PA firewalls. My question is, with an expired Threat license, or no Threat license installed at all, is all the functionality of the AV and anti-spyware components not active? Customer has one with expired license, but I am trying to be specific on what functionality they have lost due to the expired license. Another cust...

S_Gibney by L0 Member
  • 2581 Views
  • 2 replies
  • 0 Likes

Create new prototype for Rest API and simple URL

Hi Experts, I have a customer who wants to create new prototype for this customer. customer requirement is very simple but, it's very hard to me. first of one, customer said spunk is using Rest API, below is feeds from splunk curl -k https://splunk_IP_address/services/search/jobs/export -d "search=| inputlookup autofocus_lookup" -d output...

jilim by L1 Bithead
  • 4547 Views
  • 3 replies
  • 0 Likes

RTP fragment packet flowing is not allowed when fragment enabled on zone protection of PAN-OS

Hi All, I have an issue about sip/rtp traffic. Endpoints are using a calling application that used sip protocol . We have also enabled fragment feature in zone protection setting.I investigate this issue and when endpoint make calling, zone protection drops rtp packets because they are fragmented.Could you inform me is there another solution adv...

Resolved! How do you use the new predefined Dynamic IP lists?

Greetings all, I'm wanting to use the new Palo Alto provided dynamic IP lists to block known malicious or high risk IPs but, when creating a security policy, I can't seem to get it to appear in the list for selection. I've tried copy/pasting the name in there and it just shows the red underline. I'm doing this in 8.0.7 Panorama and both of my f...

jsalmans by L4 Transporter
  • 9424 Views
  • 11 replies
  • 0 Likes

SSL decryption non standard ports

Hello all, I am wondering if palo can identify and decrypt encrypted traffic on non-standard ports(other than 443)? In other words, does firewall decrypt all encrypted traffic traversing through that matches rule?

Resolved! show user group name not showing user list

Hello, We are not getting the list of individual users in the command: show user group name <name> > show user group name "CN=adminstaff,OU=staff,OU=security,OU=Groups,OU=College,OU=Schools,OU=CEWA,DC=test,DC=edu,DC=au" short name: test\adminstaff source type: ldapsource: TEST_AD_Groups We can see them in the Webgui. We followed t...

Farzana by L4 Transporter
  • 9169 Views
  • 1 replies
  • 0 Likes

PAN-2020 site-to-site with Meraki Cloud managed firewall

Hi all,Has anyone had success establishing a site-to-site tunnel between an PAN firewall and a Cisco Meraki Cloud managed firewall? I've been messing with it for most of the day and have not found much luck. I've added a third party peer on the Meraki, but it doesn't seem to make any connections back to PAN even an attempt to establish the tun...

cmateam by L3 Networker
  • 10077 Views
  • 7 replies
  • 0 Likes

Resolved! Configuring OCSP

I am trying to configure OCSP and I am a little confused. I have added an OSCP responder. It appears the second step is to allow the Firewall to use it by configuring Device-Management->Interfaces. However, for most of my settings, I am using a Service Route Configuration and I don't see HTTP OCSP listed as an option in Service Route. Is ...

Resolved! Minemeld with Proxy

Is there any way to perform the minemeld install from behind a proxy? I am deploying a minemeld node in a datacenter where internet access is only available via squid proxy. Thanks,Nasir

nbilal by L3 Networker
  • 19590 Views
  • 12 replies
  • 0 Likes

VPN SITE TO SITE PALO ALTO NETWORKS

Hello, I configure a VPN tunnel between two firewalls Palo alto Networks . The tunnel status is up but the other network is unreacheable.I configure the tunnel on the trust zone . I restart the firewalls without result . The first PA-500 with PANOS 7.1.0 and the second with PANOS 8.0.3Should I do an upgrade to the OS? Or there is any suggestion ...

ra7oub4 by L2 Linker
  • 9692 Views
  • 7 replies
  • 0 Likes

Error : Number of addresses ,dynamic groups, external-ip-lists.... exceeded platform capacity (2500)

While pushing policy from PAN to PA220 Firewall running 8.0.3I am getting attached Error. We have around 6kplus object in that specific template.As per PA support, 8.0.X pan version comes with a precheck that will not allow commit till the object count be below 2500 value for PA220.My Query...1. Does all objects get pushed from PAN irrespectivel...

Nischal by L2 Linker
  • 7547 Views
  • 2 replies
  • 0 Likes

Exception for threat type "file"?

Hi, I have following in my logs: Threat tpye: fileThreat name: CSV fileID: 52032Severity: lowFile Name: xyz.csv For Vulnerability Protection and Anti-Spyware I know how to easily create exceptions for specific IPs/URLs. Is there a way to easily create exceptions the same way for "file threats"?Furthermore I'm not aware that my file blocking prof...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks