This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Resolved! How to create multiple policy objects using Panorama

Is there any quick way to configure multiple policy objects on Panorama? especially looking to configure hundreds of fqdn objects to push them to firewalls managed through panorama so using GUI is quite a lot of work. e.g. for standalone PA, it is quick using CLI commands

Migration of Palo Alto VM series from one host to another

Two PaloAlto Virtual appliances has been deployed in HA mode on Customer site. Device models: VM-200We plan to migrate the virtual firewalls to another host via VMWare Vmotionfeature. Issue is: the status of licenses of the firewalls. We have information that the licenses will be lost in that case. What is essential to do to recover remove...

Radmin_85 by L4 Transporter
  • 5135 Views
  • 2 replies
  • 0 Likes

Traffic flow

Is there a good way to determine if the traffic flow through you firewall is optimal and the most efficient?

jdprovine by L4 Transporter
  • 5997 Views
  • 8 replies
  • 0 Likes

Active/Active HA with OSPF is dropping packets when innactive member becomes active

I am seeing an issue where upon pulling the plug in an active/active setup, OSPF does it's job. A few packets are lost but it is within an acceptable range. My issue stems from when the innactive member comes back online and joins the HA. I can't confirm this, but it feels as if the OSPF routes are coming up before the FW services are ready t...

ImBatman by L1 Bithead
  • 4235 Views
  • 4 replies
  • 0 Likes

Resolved! Outputs Limit! Service restart loop @ 30+

So the title is a slight misnomer.Have a dev server with 59 miners, 42 procs, and 32 outputs, works fine.Have a prod server with 58 miners 41 procs and 29 outputs, does not work fine. The two devices are set up with "identical" configs the dev server having a few extra test nodes.On the prod box, as soon as I add a 30th output node the service g...

0isac0 by L1 Bithead
  • 5850 Views
  • 5 replies
  • 0 Likes

Resolved! Security policy that permits traffic to any *.office365.com ?

I see there is an FQDN option for Destination Address when I create a security policy.I want to permit port 993 to any host in office365.com. Will it work if I just put office.comin the FQDN destination? Trying to put the * wildcard causes the widget to gray out theOK button. Thanks!

Resolved! Adding Address object to GlobalProtect split tunnel access route list

Hi. In the Palo Alto firewall, I've created a new Address object with the type set to FQDN and with a valid DNS record. Saved and committed the change. Then I try to add this newly created address object to the access route list in the GlobalProtect's split tunnel list (we using split tunnel for the VPN connection). However, I am not seeing...

Block outbound NTLM auth

With CVE-2018-0950 from Microsoft, if an outlook user clicks on an OLE object in an RTF email, the client will send credentials try to logon. Our security group is quite concerned about this. While allowing ports 445, 137 and 139 out to the internet is a really bad idea, they want to make sure that it is explicitly blocked. Is the application "m...

Resolved! Antivirus Dynamic Update fails PAN-OS 8.1.0 Cluster

Hi Community, I have a PA-850 Cluster with PAN-OS 8.1.0 and a valid Threat license.The active firewall is configured to download and install antivirus updates and sync them to his peer. Unfortunately, the update failed lately, so we were 4 days behind the current versions.After manually using "check now" the new updates were found without proble...

Chacko42 by L4 Transporter
  • 15017 Views
  • 10 replies
  • 1 Likes

Resolved! Disabling Indicator Expiration

@lmori, thank you for your help so far. I am migrating my data to the "stdlib.localDB" miner, per your suggestion here. I have two questions now: First, I noticed that the default expiration for indicators added to this miner is just one day. How can I change this to one year? What about disabling expiration by default? Second, I am trying to pu...

Resolved! TAP mode interface drop

Hi. I have a question about TAP deployment I set the TAP mode which I used just one interface, set the zone TAPSecurity policy TAP-TAP any any permit. Then, regularly I'm checking the global counter, but I don't know why the drop packet occured.When I checked first at the 'packet capture' on the firewall, then I could see some packets are droppe...

drop-count.PNG

IKEv2 renegotiation on acceptor gateway reboot

Hi community, I have a site-to-site IPSec connectivity with Palo Alto gateway (PA-VM 8.0.5 on kvm hypervisor - CentOS 7 host) on one end as initiator and Vyatta OS based gateway on the other end as acceptor. When IKEv2 and IPSec (and BGP) are in established state, and the Vyatta OS reboots, it takes about 6 minutes for PA-VM to detect outage and...

rameshgi by L0 Member
  • 2309 Views
  • 2 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks