This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4109 Views
  • 0 replies
  • 0 Likes

Resolved! Can I use PANOS software from a PA-220 on a PA-500?

I have new PA-220 firewalls that are replacing my old PA-500's. The PA-500's have v7.0.5-h2 of the PANOS installed. The Firewall Migration Guide states that I need to update the PANOS on my old firewalls to match the new firewalls at 8.1.0. The PA-500's are out of support, but I do have access to download the PanOS_220_8.1.0 (and earlier vers...

infoit by L1 Bithead
  • 4240 Views
  • 5 replies
  • 0 Likes

Resolved! asa to pan migration

i had a migration from asa to pan which failedcurent conectivity isasa (no change)<>switch (no change)<>asa (to be replaced)planned connectivity isasa (no change)<>switch (no change)<>pan (replacing asa) i reused ips from asa on new pan and cleared arp on no change asa but tcp sessions failed due to incomplete/aging out. ...

josggf by L2 Linker
  • 2225 Views
  • 1 replies
  • 0 Likes

Dynamic Updates only on Active HA Member.

Our active HA member failed last week, and that highlighted that the passive had a couple of minor issues with the Dynamic update configurationa and email configuration which we fixed. Howevr it's also highlighted another issue. Our "Content Updates" are set to update directly out of the firewall external interfaces, yet on the now "Passive" uni...

Resolved! 2 Step RADIUS Auth Reliability

We are trying to get 2FA RADIUS based authentication working with our Palo's and are seeing unreliable results. After much hunting and teeth gnashing we think we may have found the issue, but not the cause. The below is a debug dump from the RADIUS server (RSA AccessID) using Panorama GUI logon as the test case. The first shows a good 2FA auth...

apackard by L4 Transporter
  • 4192 Views
  • 4 replies
  • 0 Likes

Resolved! Zscaler and Minemeld

Hello, I'm using Minemeld 0.9.44 and I would to get 'range' from the URL https://ips.zscaler.net/cenr/json. After several attempts with JSON prototype, trying to set different extractor, field (indicator set as range). I'm still not able to get any information. Could you please let me know what is the best what to extract 'range'? Thank...

Destination NAT for mutilple of ports in a single NAT rule

So there will be a range of ports that need to be NATTED, but on the GUI, I can only specify a single port.Can anyone tell me if this will work if I leave the port empty like below: set service-group "Veeam Management" members [ "Veeam 2500-2600" "Veeam 9292-9293" ] set rulebase nat rules "NAT Veeam Backup Server" to outsideset rulebase nat rule...

JohnTang by L1 Bithead
  • 8123 Views
  • 7 replies
  • 0 Likes

Resolved! Creating a global, URL based whitelist rule

I'm trying to build a global rule for Sophos cloud based services. I've built a list of all the URLs they use, added the URL list to the URL category part of the rule with the applications web-browsing, ssl, sophos-update and sophos-live-protection, and generally it seemed to work with a small snag. I noticed a LOT of traffic was hitting this ru...

Getting started Panorama 8.1

Ok, let just star by saying I am new to Panorama and I think understand the concept but just doesn’t work as expected. So I will just explain the end goal, I currently have an active/passive pa-500 pair that I am switching to two 3220 in an ha pair. Panorama is just planning for the future if I roll out 25 more devices to my remote offices.Since...

Adding MFA to Pre-login GlobalProtect

Global Protect VPN Solution is defined with Pre-login and always-on VPN features. Workflow:Once machine is booted and before user login, Machine is authenticated based on certificate and identified in logs with (Pre-login) userPre-login access is restricted to Mac Management solution and AD.Once user is logged in, a new tunnel is initiated and ...

GP.PNG

Resolved! Asterisk Wildcard Error

When Creating a Custom URL Category, I am entering a wildcard infront of the url *lans.com.au However when attempting to apply this wildcard, I am getting this error URLBlock -> list '*lans.com.au' is invalid. Consecutive asterisks (*) in a URL wildcard pattern can severely impact performance and is not supported. Instead, use a single asteri...

Pooch87 by L0 Member
  • 4949 Views
  • 2 replies
  • 1 Likes

Resolved! Policy Export

Hello,Is there way to export a policy from a PAN device in a read-able format? We are in the process of cutting over a new PAN internet firewall and all the rules had to be created by hand (from the previous vendor model). I'm looking for the ability to take what shows in the webui policy and print it out so that we can more easily review the ru...

MGoodnow by L4 Transporter
  • 7309 Views
  • 5 replies
  • 0 Likes

VPN Issue Between PA and WATCHGUARD

Dear All I'm facing one issue relate to VPN between PA and WG.I am using 3DES/SHA1/PFS2, it is not working till i disable PFS-2 on Phase-2.2018-05-10 10:44:10.483 +0700 [DEBG]: { : 40}: keyacquire received: x.x.x.x[0] => y.y.y.y[0]2018-05-10 10:44:10.483 +0700 [DEBG]: { 14: 40}: processing acquire for IKEv12018-05-10 10:44:10.483 +0700 [PNTF]...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks