This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4240 Views
  • 0 replies
  • 0 Likes

Source Translations

I'm trying to find out how to get all the static source translations for a perticular subnet on our Pan 7050. I'm trying to make a spreadsheet to keep up to date static ip's being used. Can do such a command cli on the Pan. I was able to do on a Cisco ASA. But still new to palo alto. Any Ideas. Thanks

Resolved! GlobalProtect Inactivity Timer - is HIP Profile required?

So in the configuration of GlobalProtect ( v8.0.5, under Network > Globalprotect > Gateways > (gateway name) > Agent tab > Timeout Settings) There's an 'inactivity logout' setting, that has a description of 'Users are logged out of GP when the gateway doesn't receive a HIP check from the GP app in the time specified'. My questio...

Resolved! SYSTEM ALERT : high : User Group count of 2358 exceededs threshold of 1000

According to the New Features Guide in 7.1 PAN-OS the User Group Capacity was increased to a max of 3,200 groups IF you are following their note below: Do not add entries to the Group Include List or Custom Group list—doing so limits the number of groups that policy rules can reference. Populated lists can have a combined maximum of only 640 gr...

bspilde by L4 Transporter
  • 21238 Views
  • 9 replies
  • 0 Likes

Multiple ISP PA5250

Hi I have been asked to purchase a new PA 5250.It will potentially have 20GB throughput to the internet.i am looking at an active active setup, with Aggregate interface inside to each FW.On the Outside i have been asked to connect to 4 x ISP 5GB Bandwidth on 10GB Bearer to each ISP. (this is for resilience / redundancy)To share the traffic acros...

Resolved! Site to Site VPN Tunnel - NAT

Hello everbody, I am most likely struggling with a NAT problem in a site to site VPN tunnel, hoping you have an idea or tip to this topic.The setup is a site to site VPN tunnel between a PAN and a Cisco ASA.There is a host (172.16.2.20) behind the PAN which should be reached through the VPN tunnel.The problem is that the service provider behind ...

Resolved! PaloAlto WAN Interface segmentation

Hello Please help me in this scenario There is the big "Company Site" and the other branches point to this Site, there is an MPLS connection between the branches.Our need is, the PaloAlto supports segmentation on the WAN part ? can we create a sub-interfaces in the connected interface (MPLS) at the big headquarters, and each sub-interface commun...

VRF WAN.jpg

candidate configuration

Hi,What is candidate configuration and what is the purpose of candidate configuration ?What is the differnece between save candidate configuration and the save using the button on the top right corner ? What is the differnce between save candidte configuration and commitThanks

simsim by L4 Transporter
  • 4240 Views
  • 4 replies
  • 0 Likes

Resolved! Can Palo Alto firewall act as a SCEP server

I would like to generate a SCEP request that I want to have signed by the CA on the Palo Alto firewall. I have beel looking at the documentation and asking my buddy Google, but have not found a way to do this. I am thinking this is not supported. Pleas confirm.

Firewall VM for GNS3

Hello everyone. Can anyone please tell me the steps to getting a PA-VM for GNS3? I've been doing some reading and need to practice using a virtual environment. Thanks.

QoS on Tagged VLAN Sub-interface - PAN5250

Hi, this question may have been asked before, but I'm still curious what the best practice is in my situation. Here's what I need to do: a LAG (port-channel) with two 10gig interfaces is carved into mulitple subinterfaces. I'd like to cap the max bandwidth usage for one of the suninterfaces only. Apprently PAN5250 does not support QoS on subi...

Global protect IP address

GlobalProtect gateway client configuration generated. User name: bozo, Private IP: 136.176.144.x, Client version: 4.0.0-90, Device name: clownmobile, Client OS version: Microsoft Windows 10 Pro , 64-bit, VPN type: Device Level VPN. Why is the PA classifying the IP address given to the VPN session as private?

jdprovine by L4 Transporter
  • 4097 Views
  • 7 replies
  • 0 Likes

Resolved! Top countries where cyber attacks originate

Good day everyone, I am looking for some help information with finding "Top 15 countries where cyber attacks originate"I know there are alot of blocklist out there, those have IP addresses. That is not what I am needing. If anyone can recommend websites or which countries they have blocked with the reason as well. I am looking to but together ...

SSL CSR SAN Multiple Uses

PA-5220, 8.0 I need to generate a CSR for a cert that will be used for multiple things - web gui admin, globalprotect vpn, etc. The instructions for how to gen the CSR with subject alternative names are not clear. Should the common name be one of the uses e.g. vpn.mycompany.com or should the common name be *.mycompany.com with all host names lis...

mike406 by L2 Linker
  • 6552 Views
  • 5 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks