This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4234 Views
  • 0 replies
  • 0 Likes

Resolved! PA to ASA Proxy-ID Mismatch

Hi all, We have a standard IPSec tunnel one of our smaller sites with a strange issue related to the Proxy-IDs defined on the PA side of the tunnel. Our ASA side (10.7.0.0/16) is set to inherit all policy settings from the PA side, and our PA defines the "policies" with the Proxy-ID. Normal behavior with a policy based firewall (ASA) and a route...

PA_Proxy-ID_Details.PNG
ASA_Ses_Details.PNG
ASA_Ses_Details.PNG

Resolved! Best way to save new config, so they can be loaded and committed later?

Hello friends, I have a question about saving my firewall changes and then applying them at a later date. What I want to do, is enter all my changes into a production firewall, but then not commit them. I want to save just my changes, ie a small configlet. And then at a later date, "load" my changes and commit them (during out of production hou...

Jedi_D by L2 Linker
  • 10969 Views
  • 8 replies
  • 0 Likes

Captive Portal can't redirect HSTS Session

Hi All, i want to ask you about HSTS Session,i just installed Captive Portal with Transparent mode because Palo Alto run in Virtual Wire mode, but Captive Portal can't intercept https session.based on article : Captive Portal Not Working with HTTPS Sessions i trying to decrypt the session. and the problem is when the session intercept web with ...

2018-04-24_16-44-47.png

Resolved! How to solve "CWE-693 : Protection Mechanism Failure" in Paloalto firewall

Hello Geeks, During our compliance scanning (PCI-DSS External Scanning) process on our paloalto 3020 firewalls, the scanner found new vulnerability, "CWE-693 : Protection Mechanism Failure" and suggested to fix it ASAP to comply. Hence, I started googling to solve this issues and found no useful solutions for this yet. Is there any way to solve ...

Wayne88 by L1 Bithead
  • 20979 Views
  • 7 replies
  • 0 Likes

Resolved! Blocking Web Advertisements with an External Dynamic List

Hello everyone, I am attempting to block web advertisements on our PA-3020. We have two of these devices which utilize Panorama. We have blocked anything categorized as "web-advertisement" on the firewall, which is great, but a ton of ads are still getting through. What we would like to do is as follows: Utilize an external dynamic list (a text ...

Upgrading PAN OS from 7.1.X to PAN OS 8.0.X

Hello ; We have been using PAN OS 7.1.x for months and now due to some requirements I am planning to upgrade our PAN OS to 8.0.x but not sure what the possible problems will be. Therefore, will be good if you share your ideas and comments on 8.0X and what problems you faced during the use so I can consider all these steps before taking any actio...

Ghafar by L1 Bithead
  • 4774 Views
  • 5 replies
  • 0 Likes

Quick Note on 8.1.0 Deployments

Since its release we've seen an uptick in folks deploying 8.1.0 to their firewalls, and that's a great thing. I just want to throw out a word of caution before doing so however; while 8.1.0 is one of the most stable base releases Palo Alto Networks has published, you need to do your homework before deploying this in any environment. LAB Devices...

BPry by Cyber Elite
  • 13423 Views
  • 15 replies
  • 6 Likes

Resolved! QOS and internet traffic

Can PANOS controll / rate limit internet downloads ? On my squid boxes I can ratelimit and it does this by delaying acks. Can the PA QOS do this work as well ?

Resolved! How to Change network address of running MineMeld server

Hello, I have a MineMeld server working perfectly with different nodes (O365, Zeus, etc). It has an IP address like: 192.168.1.xxx but now I want to change to a different VLAN ex: 192.168.99.xxx So what is the process to change this correctly to work again with the new IP? I tried to change the IP in /etc/network/interfaces but then the minemeld...

aitorms by L1 Bithead
  • 17578 Views
  • 6 replies
  • 0 Likes

Resolved! How-to delete a policy-based forwarding rule from CLI

I'm trying to find the correct syntax to delete a policy based forwarding rule from a PA firewall via the CLI. having a really hard time formulating this from the CLI reference. How would i do this by referencing the ID. also, this firewall is managed as part of a Panorama template. would i need to use the 'override deviceconfig system' comman...

Resolved! Global Protect include a specific URL?

Hey folks, This is a follow up question from one of my other posts. We are using PAN-OS 7.1.15 and GP client 4.1.https://live.paloaltonetworks.com/t5/General-Topics/GlobalProtect-and-general-Internet-access/td-p/207888 We are moving to Okta as our IDP for our applications. When logging into Okta it recognizes your client public IP and we have ...

OMatlock by L4 Transporter
  • 5099 Views
  • 2 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks