This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4130 Views
  • 0 replies
  • 0 Likes

commit status warning on rules that are working the way I want them too

I have a rule that has webex enabled but dones not have ssl enabled and i keep getting a warning on that rule when i commit that says "Applicaiton 'webex-desktop-sharing requires ssl be allowed? But I don't want to allow ssl, so how can I get rid of these warnings so i can tell when i have a legitimate commit warning?

jdprovine by L4 Transporter
  • 12023 Views
  • 40 replies
  • 0 Likes

Enforce Connection for Network Access

I want to see traffic over GP. In my understanding GP Portal configuration Enforce Connection for Network Access is Force networt traffic via Portal IP. But it connected and not traffic registered under PA.

ASA 5510 VPN

I want to replace a IKE1 VPN serviced by a ASA 5510 with a IKE2 VPN serviced by the palo alto what i the best approach?

jdprovine by L4 Transporter
  • 7324 Views
  • 16 replies
  • 0 Likes

Cisco SFP+ Twinax Copper Cables to PA-5050

Hello.Has anyone tried connecting Cisco SFP+ Twinax Copper Cables (sfp-h10gb-cu1m) to PA-5050 device? I've tried to find some info about it on PA KB but wasn't successful. Is there any document issued by PA listing all the supported 3rd party devices?Best regards, Simon

santonic by L6 Presenter
  • 12540 Views
  • 6 replies
  • 0 Likes

Hub and Spoke IPsec VPN design with Dynamic Routing

Looking to properly setup Dynamic Routing over a hub and spoke IPsec VPN network. The hub will have 40-50 spokes. The Hub is running a PA-820. Spokes will be PA-220. Voice and data traffic. There will be minimal traffic between spokes. My questions are; Is the PA-820 robust enough to handle 40-50 spokes?Is there any real advantage to using ...

Global protect users dont pass authentication

Hello allwe have PA in production.The problem is VPN users dont pass by certain authentication profile.The issue is that when we point user it is ok but when we point some group it fails to authenticatewe test through CLI and that is result test authentication authentication-profile VPN_LDAP username eradmin passwordEnter password : Allow list c...

Radmin_85 by L4 Transporter
  • 2257 Views
  • 1 replies
  • 0 Likes

Very Slow Commits

Anyone who's used Palo's since the early days may roll their eyes at this question..! We have a bunch of 3020's and one can take an age to perform commits; for example this morning we performed 4 - the first 2 took <30 seconds, the 3rd took >10 minutes, the 4th took >30 seconds. The only aspect to the 3rd commit that I can think was dif...

apackard by L4 Transporter
  • 3547 Views
  • 3 replies
  • 0 Likes

UserID Reporting Computer Names

Quick question. We are having some issues where a users' computer name i.e. acme\pc01$ is being reported by UserID rather than the user i.e. acme\jbloggs. Anyone seen this before and\or advice what it could be? We have a horendously complicated UserI setup so not going to go into detail, but suffice to say that I'm sure that's part of it! Thanks

apackard by L4 Transporter
  • 7236 Views
  • 8 replies
  • 0 Likes

Kerberos SSO with Globalprotect and User-Logon

Hi Community, I have a strange problem with Kerberos SSO and Globalprotect 4.0.7:I set up Kerberos SSO and the SSO is working.If you connect to the Globalprotect-Portal via browser, you directly get a Kerberos ticket and the SSO works. If you logout from Windows 10 and you login again, you have a Kerberos-Ticket assigned, but the global protect ...

Chacko42 by L4 Transporter
  • 2947 Views
  • 1 replies
  • 0 Likes

Resolved! virutal router and ipsec settings for vsys admin

Dear All, We created a seprate vsys and assigned l3 interfaces and virtual router for a vsys. But vsys admin which is assigned for it is unable to view virutal router tabs and ipsec configuration tabs. We want this vsys should be handled completely seprate, this vsys need not to share or depend on interface, shared gateway or other...

Resolved! PAN OS 7.1 Dynamic Scheduled Update Failing

Hi Everyone, I have recently started to help a team support our Palo Alto's and was tasked to get our Panorama Server to push dynamic updates out to our Firewalls (PA 3050). Originally we had the individual firewalls setup to update themselves, but wanted to mange this through Panormama, so i setup the schedules (Anti Virus, App & Threat and...

9sobey by L0 Member
  • 2872 Views
  • 1 replies
  • 0 Likes

Resolved! Wildfire API

i am working on paloalto VM version 5.0.6 and tying to read reports from wildfire with the help of API using cURL.i am pulling the report on the basis of "device_id" and "report_id" but getting error.curl -i -k -F device_id=[SERIAL NUMBER] -F report_id=[TID FROM LOG] -F format=xml are above options are supported in version 5.0.6?if yes then anyt...

Resolved! General Interface status?

Hi folks, We have a PA-200 over in London (on the recall list) that get complaints that the internet has intermittent connectivity issues.Everytime I login to it, the interface (1/1) is up, green, and no indication of a problem. Other than contacting the service provider about outage status, does anyone have method(s) on the firewall to determin...

OMatlock by L4 Transporter
  • 4254 Views
  • 4 replies
  • 0 Likes

User activity report

Hi Team, Customer trying to utilize Palo Alto to generate user activity reports that show detailed web browsing. I understand from other articles (https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/view-and-manage-reports/generate-usergroup-activity-reports) that the browse time isn't something that the firewalls have the...

sprabhu by L3 Networker
  • 2121 Views
  • 1 replies
  • 0 Likes

Resolved! Best Practice for HA1 IP address

I have a lots of customers who uses HA pair with 1.1.1.1/30 and 1.1.1.2/30 for HA1 port.This HA1 port connected directly. And reason for selecting these IPs are because nobody was using it in the past. Today, I read this article:https://blog.cloudflare.com/announcing-1111/https://www.theverge.com/2018/4/1/17185732/cloudflare-dns-service-1-1-1-1 ...

emr_1 by L5 Sessionator
  • 4810 Views
  • 3 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks