This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

Having GlobalProtect Users Access Webserver NAT Address Instead of Internal Address

I'm very very new to Palo Alto. For the few weeks that I've been using it, I've been very impressed with its ease of use, and functionality. I have a question when it comes to GlobalProtect. We have a webserver that we want to exclude from the GlobalProtect VPN tunnel. Let's say the site is test.testcompany.com. In the Client settings, in G...

Resolved! Ports Used by Palo Alto to Integrate Cisco ISE for Radius Authentication

Just posting today to request confirmation on which ports are required to allow Radius communication for authentication (only), between Panorama and Cisco ISE. Panorama ------------------- FWs--------------------Cisco ISE Which ports to open up on FW sitting in the middle?, I'm reading UDP 1812 though there's a part of me which suspects there c...

nawaza by L2 Linker
  • 4767 Views
  • 1 replies
  • 0 Likes

DoS & Zone with no downtime

I watched a webinar on DoS protection the other day and they brought up a good point that I want to know if it is possible on the PA. They mentioned that setting up DoS can mittigate the DoS attach but allow interupt system availability, "throwing the baby out with the bath water". How can I have a proactive response? stop it before it inter...

jdprovine by L4 Transporter
  • 5240 Views
  • 8 replies
  • 0 Likes

Palo Alto upgrade to 8.0.7 broken?

Hi, PA-3020. Had a customer upgrading from 8.0.4 to 8.0.7 and, after upgrading, autocommit failed with the message: "Failed to find address US"; "Unknown address US"; "Failed to parse security policy", where US is a default region object used in the security policy. There are no customer objects created in the Objects -> Regions section.Chec...

nikoo by L3 Networker
  • 8320 Views
  • 12 replies
  • 1 Likes

Deploy FW cluter as VPN Concentrators

I am deploying two Palo Alto firewalls as VPN Concentrators, with an HA cluster of Palo firewalls that execute as Perimentral FWs of the network with Internet that are already in production. I would like to know if there is Best Practice for this type of architecture. My question if this cluster of VPN concentrators should be on top of the other...

Resolved! Clientless VPN 404 error

Hi I am experiencing some issues with Clientless VPN feature on 8.0.0.I get the login page and then I can log in succesfully. I have made an app to web gui of PAN and web gui of my access point.The only thing that happens is a page with 404 error on it. I have turned off zone Protection, and the latest dynamic update for Clientless VPN is instal...

PerAnton by L1 Bithead
  • 8427 Views
  • 4 replies
  • 0 Likes

Resolved! Software Question

Tough luck on getting the response to this but here goes, anyone who has a computer repair shop any recommendation on the software to keep track on things?

WillAlt by L1 Bithead
  • 3373 Views
  • 2 replies
  • 0 Likes

Resolved! Export rules in Xcel sheet

Hello, We need to export our FW rules into an excel sheet and then have a column that has a description of what the rule is for and who authorized it, what is the best and faster way of doing it ? I tried following the link below and tried to export the named configuration snapshot but I am unable to see the security policies in the xml file, w...

Farzana by L4 Transporter
  • 4790 Views
  • 1 replies
  • 0 Likes

Custom signature for unknown tcp

this is a capture from a tcp traffic.i want to make a custom app id because in my log it say my application is an unknown-TCP application how can i get the signature from the digits (image) ?can someone thell me or give me tips how i should make a custom app id from a packet capturethanks!

20180305_161025.jpg

VM-100, ESXi, Module 'CPUID' power on failed

Trying to get a VM100 to power on with an ESXi host. This is a HP EliteDesk 800 G1 i5. I'm getting the message that Intel VT-x is available but it might be disabled. However, I know hyper threading is enabled in the HP Bios. Tryig to run Palo 8.0.8 --- second installation and I'm still getting the same thing. Anybody have any ideas? Thanks.

Zones

Is it possible to use DG layering to solve DaaS Zone issue??1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’.2. Assign Seattle DQT firewall to DG-AWS_DQA3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it will have both DaaS and DQT rules attached)Not sure if this will work or I’m missing basic config...

kpotru by L1 Bithead
  • 2602 Views
  • 3 replies
  • 0 Likes

Is it possible to use DG layering to solve DaaS Zone issue??

Is it possible to use DG layering to solve DaaS Zone issue??1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’.2. Assign Seattle DQT firewall to DG-AWS_DQA3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it will have both DaaS and DQT rules attached)Not sure if this will work or I’m missing basic config...

kpotru by L1 Bithead
  • 1855 Views
  • 1 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks