This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

inbound ssl decryption - multi cert to single ip

Hoping to get a little feed back regarding inbound ssl decryption. We have beeing doing inbound ssl decryption to our public presense on version 8.0.7. Things have been going realitivley well but I am running into some issues and not sure if I can fix it at the firewall level. Where I am running into issues is when we have multiple certs applied...

clewis1 by L3 Networker
  • 4734 Views
  • 4 replies
  • 0 Likes

Resolved! user-ID cache timeout vs idle timeout on firewall

Hi 1- On firewall, what is the different between cache timeout value (1 hour that cannot be configure) and idle timeout value (which is equal to user-ID agent timeout value)? 3- if idle timeout value is 480 minutes (8 hours) then what will happen to user-IP mapping after one hour in firewall?2- Also what events reset both timers?3- Also I noti...

AD Integration not working after upgrade to 8.1

I recently updated to 8.1 from 8.0.8 on one of my PA-220s. My UserID isn't working any more. I can't login with AD creds either. When I go to the User Identification area the Server Monitoring says "Not connected" This is my secondary device in my HA pair. The primary is still on 8.0.8. I'm not sure where to look to start troubleshooting. Any th...

Resolved! Designing Networks with Palo Alto Networks Firewalls

Hi All technical people , I have a simple query . I want to use PA firewall in HA and with a single ISP . In this case , as obvious, I need to use a switch in between my firewall and ISP and my understanding is clear upto this point but the real problem starts when I have to use two switches in between firewall and ISP for redundancy. 'My query ...

IPsec Tunnel

This might be a dumb question but I am going to ask it anyway, otherwise I may never know. I want to replace an ASA 5510 firewall IPsec VPN into a PCI network using Palo alto. What is the best way to approach that?

jdprovine by L4 Transporter
  • 4801 Views
  • 10 replies
  • 0 Likes

Resolved! Configuring DNS proxy - interface is invalid

I have network sub interface with DHCP enabled, I'm trying to attach DNS proxy to it because I need to resolve a name which is not resolved by the DNS server we are using (say 8.8.8.8) but I'm getting erros: Details:. Validation Error:. network -> dns-proxy -> TV_DNS_INTERNO -> interface 'ethernet1/7.302' is already in use. network -&gt...

ibge by L1 Bithead
  • 4259 Views
  • 1 replies
  • 0 Likes

Resolved! Disabling GP client but where are the logs kept?

Does anyone know if anything is logged on the firewall side when someone disables the GP client? We require a password to be entered when the client is disabled but I am not finding anything in the system logs that can be related to the event. Obviously we dont want to allow users to just bypass all fo the security provided by the firewall by d...

hshawn by L4 Transporter
  • 3608 Views
  • 3 replies
  • 0 Likes

Commit with warning

Hi,when I attempt to apply a commit I receive this warning:The following component(s) are mismatched with the peer device:Application ContentThreat Content Why this? If I apply the commit what is the result? Do I have to worry?I have 7.0.9 version.

s_quasar by L3 Networker
  • 3602 Views
  • 6 replies
  • 0 Likes

Kerberos SSO

Hi community,I'm trying to setup kerberos sso for captive portal authentication and all my attempts are unsuccessfull. I always redirected to the captive portal web-page. So sso is not working. All configs was done step-by step by the guide.Kerberos Server ProfileAuthentication profileCaptive PortalAuthentication policyGenerating a keytabAny hel...

Kerberos Server Profile.png
Authentication Profile.png
Captive Portal.png
Authentication policy.png

Is it possible?

Is it possible that the traffic which fall under the rule interzone-default get action ALLOW ?How it is possible?

Screenshot_1.png
policies-security.jpg
Radmin_85 by L4 Transporter
  • 2061 Views
  • 2 replies
  • 0 Likes

Create or clone an application

I would LOVE to create an application/AppID for SSh on an alternate port, e.h.10022 rather than 22. I thought cloning the ssh AppID would be the way, but Clone is greyed out and unavailable. Creating or adding an Application seems straight forward until I get to the Signatures tab. Can someone give me some guidance on this please?

BoDollis by L1 Bithead
  • 4554 Views
  • 1 replies
  • 0 Likes

Filter rules with no log forwarding profile configured

Anybody knows a trick how to filter for rules with no log forwarding profile configured? (log-setting eq 'Profile-Name') => all rules with Profile-Name !(log-setting eq 'Profile-Name') => does not work, shows all rules(log-setting neq 'Profile-Name') => does not work, shows no rules(log-setting eq none) => does not work, shows no rules

Anon1 by L4 Transporter
  • 14137 Views
  • 9 replies
  • 0 Likes

Resolved! Deploying Minemeld in AWS using cloud-init

Team, I'm attempting to delpoy a MM instance into AWS and running into issues which appears to stem from rabbitmq. I have a firewall and other Unbuntu instances deployed so I know my network settings are good. When I deploy the MM instance I can validate that all network services are operational but the install comes to a scretching halt when ra...

jnewsome by L2 Linker
  • 15504 Views
  • 8 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks