This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! Export rules in Xcel sheet

Hello, We need to export our FW rules into an excel sheet and then have a column that has a description of what the rule is for and who authorized it, what is the best and faster way of doing it ? I tried following the link below and tried to export the named configuration snapshot but I am unable to see the security policies in the xml file, w...

Farzana by L4 Transporter
  • 4745 Views
  • 1 replies
  • 0 Likes

Custom signature for unknown tcp

this is a capture from a tcp traffic.i want to make a custom app id because in my log it say my application is an unknown-TCP application how can i get the signature from the digits (image) ?can someone thell me or give me tips how i should make a custom app id from a packet capturethanks!

20180305_161025.jpg

VM-100, ESXi, Module 'CPUID' power on failed

Trying to get a VM100 to power on with an ESXi host. This is a HP EliteDesk 800 G1 i5. I'm getting the message that Intel VT-x is available but it might be disabled. However, I know hyper threading is enabled in the HP Bios. Tryig to run Palo 8.0.8 --- second installation and I'm still getting the same thing. Anybody have any ideas? Thanks.

Zones

Is it possible to use DG layering to solve DaaS Zone issue??1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’.2. Assign Seattle DQT firewall to DG-AWS_DQA3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it will have both DaaS and DQT rules attached)Not sure if this will work or I’m missing basic config...

kpotru by L1 Bithead
  • 2575 Views
  • 3 replies
  • 0 Likes

Is it possible to use DG layering to solve DaaS Zone issue??

Is it possible to use DG layering to solve DaaS Zone issue??1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’.2. Assign Seattle DQT firewall to DG-AWS_DQA3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it will have both DaaS and DQT rules attached)Not sure if this will work or I’m missing basic config...

kpotru by L1 Bithead
  • 1840 Views
  • 1 replies
  • 0 Likes

IPSec Tunnel from vsys1 to vsys2

Hello All, I have a design issue to mull over, and one of the options is to look at having ipsec tunnels between vsys isntances on the same box. So, I have vsys1 as my default vr, what I may need to do is turn up vsys2 and have certain traffic in vsys1 'hop' over to vsys2. Sounds problmeatic so my first instinct is to encap it between vsys inst...

Resolved! Configure IPSec between Palo Alto devices

We have two vpn Palo Alto devices.One in our HQ departement and one in a remote location.I need to setup an IPSec VPN tunnel between these sites with the Palo Alto devices but I never did this before.On the Palo Alto website I found this article which was helpfull https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-IPSec...

ZEBIT by L3 Networker
  • 4007 Views
  • 4 replies
  • 0 Likes

Rule base documentation

PA Best practice says you should have your rules documented on the rules and some where other than your rule base. Anyone doing that? and if so how

jdprovine by L4 Transporter
  • 6542 Views
  • 15 replies
  • 0 Likes

Resolved! Redistributing Tunnel interface into OSPF no longer working

Hi,I have a strange scenario here. To summarize, I had previously configured GlobalProtect on a Palo firewall and configured the Palo to redistribute that network range on the tunnel interface into OSPF. This worked without any problem. Now, the IP address range for GlobalProtect users needed to change so I had to go and change the IP pool for G...

Bocsa by L3 Networker
  • 4380 Views
  • 3 replies
  • 0 Likes

Monthly Graph Reports (Pie&Line Charts)

Hi,we have to build monthly PDF reports with nice graphs like Pie&Line Charts for the management. Unfortunately PDF summary reports are the only one which contain graphs (despite the ACC Widgets) and are generated only everyday. Is it possible to generate them monthly? Best Regards Juergen

Resolved! HA Sync with different Configuration

I have two firewalls previously on HA (Active-Passive mode). We had to shutdown the passive device due to some troubleshooting. Then we had to roll-back the config of the active PA. Here's the current setup. (HA links not yet cabled)Active PA - lower config version (e.g. version 207)Backup PA - higher config version (e.g. version 210) If I conne...

User-ID Policy not being used

We have an agentless User-ID setup. Firewall is able to pull user accounts from the AD.User-ID based policies were created on top of IP-Based policies. However, some user traffic can be seen using the user-id based policies, some users can be seen using the IP-based policies.This happens on all of my sites. Is this a normal behavior? Or is there...

Resolved! Subinterfaces and Policy based routing

Hi, so I've configured a new L3 subinterface on an existing L3 interface, both with IP addresses and I thought it was going to work. I've got a PBR rule in place on the previous hop, a HP switch, which diverts some traffic to this new subinterface. I can see the selected traffic allowed out from the Palo's traffic monitor logs but, from the clie...

Library network PBR plan.jpg
2018-02-27_161058.jpg

GlobalProtect Certificate auth debug

could anyone please advise a good way via cli to debug certificate authentication. I have followed most of the log files but cannot find one related to GP authentication. many thanks in advance...

Mick_Ball by L7 Applicator
  • 2417 Views
  • 1 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks