This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 2072 Views
  • 0 replies
  • 0 Likes

IPSec Tunnel from vsys1 to vsys2

Hello All,

 

I have a design issue to mull over, and one of the options is to look at having ipsec tunnels between vsys isntances on the same box.

 

So, I have vsys1 as my default vr, what I may need to do is turn up vsys2 and have certain traffic in vsy

...

Resolved! Configure IPSec between Palo Alto devices

We have two vpn Palo Alto devices.

One in our HQ departement and one in a remote location.

I need to setup an IPSec VPN tunnel between these sites with the Palo Alto devices but I never did this before.

On the Palo Alto website I found this article whic

...

ZEBIT by L3 Networker
  • 3710 Views
  • 4 replies
  • 0 Likes

Rule base documentation

PA Best practice says you should have your rules documented on the rules and some where other than your rule base. Anyone doing that? and if so how

jdprovine by L4 Transporter
  • 5911 Views
  • 15 replies
  • 0 Likes

Resolved! Redistributing Tunnel interface into OSPF no longer working

Hi,

I have a strange scenario here. To summarize, I had previously configured GlobalProtect on a Palo firewall and configured the Palo to redistribute that network range on the tunnel interface into OSPF. This worked without any problem.

 

Now, the IP a

...

Bocsa by L3 Networker
  • 4034 Views
  • 3 replies
  • 0 Likes

Monthly Graph Reports (Pie&Line Charts)

Hi,

we have to build monthly PDF reports with nice graphs like Pie&Line Charts  for the management. Unfortunately PDF summary reports are the only one which contain graphs (despite the ACC Widgets) and are generated only everyday. Is it possible to ge

...

Resolved! HA Sync with different Configuration

I have two firewalls previously on HA (Active-Passive mode). We had to shutdown the passive device due to some troubleshooting. Then we had to roll-back the config of the active PA.

 

Here's the current setup. (HA links not yet cabled)

Active PA - lower

...

User-ID Policy not being used

We have an agentless User-ID setup. Firewall is able to pull user accounts from the AD.

User-ID based policies were created on top of IP-Based policies.

 

However, some user traffic can be seen using the user-id based policies, some users can be seen us

...

Resolved! Subinterfaces and Policy based routing

Hi, so I've configured a new L3 subinterface on an existing L3 interface, both with IP addresses and I thought it was going to work. I've got a PBR rule in place on the previous hop, a HP switch, which diverts some traffic to this new subinterface. I

...

Library network PBR plan.jpg
2018-02-27_161058.jpg

GlobalProtect Certificate auth debug

could anyone please advise a good way via cli to debug certificate authentication.

 

I have followed most of the log files but cannot find one related to GP authentication.

 

many thanks in advance...

Mick_Ball by L7 Applicator
  • 2255 Views
  • 1 replies
  • 0 Likes

API - list just device groups in panorama

Hi All,

 

Does anyone has any idea on how to list just the name of device groups in panorama using the api

 

if i do the following path:

 

https://mypanorama/api/?type=config&action=get&key=<my key>/config/devices/entry[@name='localhost.localdomain']/devic

...

Harshit by L3 Networker
  • 3135 Views
  • 1 replies
  • 0 Likes

Resolved! How does the PFS Inbound Inspection work?

Hello Team,

 

I am wondering how exactly the Inbound Inspection with PFS works?

 

Diffie-Hellman per definition has the functionality that a key agreement is happening without transfering the key through the "unsecure" channel. All passively listening in

...

tisc by L1 Bithead
  • 3672 Views
  • 1 replies
  • 1 Likes
  • 24233 Posts
  • 117 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks