This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4438 Views
  • 0 replies
  • 0 Likes

commit status warning part II

Here is another interesting commit status dependency warning "Rule 14 application dependency warning: Application ms-update requires ssl be allowed but ssl is denied in rule 15. " Why is an application in the rule above getting on a rule below it?

jdprovine by L4 Transporter
  • 3038 Views
  • 5 replies
  • 0 Likes

Resolved! gMSA integration with AD2016, creating computer account

I'm working with our AD admin, and we are trying to replace our DCAdmin account with a service account on our firewall. With AD2016, the MSA/gMSA accounts require that you link the account to a computer object. I've seen in a couple documents that it eludes to the fact that MSA's can be used, but it doesn't give any information how. What we are ...

Resolved! Untagged L3 sub interfaces won't process traffic

Hi, As described in following links we've configured multiple untagged sub interfaces all assigned to different vsys (different virtual routers and different zones) but with different IPs from the same network and the same VLAN: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-L3-Untagged-Subinterfaces-to-Communicate-...

Source IP for SSL Forward Proxy in Virtual Wire Mode

Can someone tell me how to know/what would be the Source IP address for an SSL Tunnel Proxied from the PAN NGFW while running in Virtual Wire Mode ? My topology is very simple: User (Virtual Wire) ----> PAN ----> Internet Does the Firewall initiate the Proxied SSL Tunnel using the management interface IP address with the Untrust Zone ?

PA200 failed to discove rin SNMP server

Hi. I have PA200 (PAN 7.0) device with snmpv2 enable but failed to discover in SNMP server.When we did snmpwalk from server its giving message "No Such Object available on this agent at this OID".Appreciate if some one can provide the exact cause of this error.

karun44 by L0 Member
  • 2380 Views
  • 2 replies
  • 0 Likes

S2S VPN between PA 3020 8.0 to Cisco ASA 9.x code.

First thing,I know there are postings about this out on the web and community about this. The problem I'm having is everything out there is on old ASA code. I'm trying to understand the configuration on the PA. I have my tunnel interface configured, IKE Crypto, IPSec Crypto, IKE Gateway, and IPSec Tunnel. I can't get the Phase 1 to come up. I've...

Resolved! New feature with active TP license

Hello, We have a VM-100 Palo Alto at version 7.1.12 and we are looking to use the Palo Alto pre-defined Block lists. The current Threat Protection license is using version 8001-4627 (04/06/18) however the 2 pre-defined lists are not displaying in the “External Dynamic Lists” section. I have found lots of information regarding the Dynamic lists...

Farzana by L4 Transporter
  • 2648 Views
  • 1 replies
  • 0 Likes

Resolved! dmz design

Hi, What is the benefit of having DMZ setup with two firewalls. If we have dmz setup with two firewalls ( I don't know this design is valid and adopted design, I found it in the net ) If this is a valid design ,From local lan how the traffic flow to outside (10.0.10.0/24 to internet ) and outside the local lan 10.0.10.0/24 Thanks

fw.png
simsim by L4 Transporter
  • 15809 Views
  • 26 replies
  • 0 Likes

commit status warning on rules that are working the way I want them too

I have a rule that has webex enabled but dones not have ssl enabled and i keep getting a warning on that rule when i commit that says "Applicaiton 'webex-desktop-sharing requires ssl be allowed? But I don't want to allow ssl, so how can I get rid of these warnings so i can tell when i have a legitimate commit warning?

jdprovine by L4 Transporter
  • 12557 Views
  • 40 replies
  • 0 Likes

Enforce Connection for Network Access

I want to see traffic over GP. In my understanding GP Portal configuration Enforce Connection for Network Access is Force networt traffic via Portal IP. But it connected and not traffic registered under PA.

ASA 5510 VPN

I want to replace a IKE1 VPN serviced by a ASA 5510 with a IKE2 VPN serviced by the palo alto what i the best approach?

jdprovine by L4 Transporter
  • 7561 Views
  • 16 replies
  • 0 Likes

Cisco SFP+ Twinax Copper Cables to PA-5050

Hello.Has anyone tried connecting Cisco SFP+ Twinax Copper Cables (sfp-h10gb-cu1m) to PA-5050 device? I've tried to find some info about it on PA KB but wasn't successful. Is there any document issued by PA listing all the supported 3rd party devices?Best regards, Simon

santonic by L6 Presenter
  • 12823 Views
  • 6 replies
  • 0 Likes

Hub and Spoke IPsec VPN design with Dynamic Routing

Looking to properly setup Dynamic Routing over a hub and spoke IPsec VPN network. The hub will have 40-50 spokes. The Hub is running a PA-820. Spokes will be PA-220. Voice and data traffic. There will be minimal traffic between spokes. My questions are; Is the PA-820 robust enough to handle 40-50 spokes?Is there any real advantage to using ...

Global protect users dont pass authentication

Hello allwe have PA in production.The problem is VPN users dont pass by certain authentication profile.The issue is that when we point user it is ok but when we point some group it fails to authenticatewe test through CLI and that is result test authentication authentication-profile VPN_LDAP username eradmin passwordEnter password : Allow list c...

Radmin_85 by L4 Transporter
  • 2308 Views
  • 1 replies
  • 0 Likes

Very Slow Commits

Anyone who's used Palo's since the early days may roll their eyes at this question..! We have a bunch of 3020's and one can take an age to perform commits; for example this morning we performed 4 - the first 2 took <30 seconds, the 3rd took >10 minutes, the 4th took >30 seconds. The only aspect to the 3rd commit that I can think was dif...

apackard by L4 Transporter
  • 3631 Views
  • 3 replies
  • 0 Likes
  • 24374 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks