This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

How to easily switch between multiple GlobalProtect VPN profiles???

Forgive me if this question has been asked before. My searches did not turn up any useful items in the discussion groups. I work for a company who supports multiple customers that use the GlobalProtect VPN. As an end-user, changing from one VPN portal configuration to another is a bit tedious. Can you recommend any easy methods for changing...

Resolved! nat before vpn tunnel use case question

Hello I am looking to understand if what I am trying to accomplish will work. Given a PAN connecting to an ASA using a L2L IPSec VPN Tunnel to access two distinct ip addresses behind the ASA. Now these IP Addresses are duplicated on the LAN the PAN connects, essentially overlapping. I know what to do in an ASA. But for the Pan I want my logic ch...

Tsquared by L0 Member
  • 4933 Views
  • 4 replies
  • 0 Likes

Panorama 8.0.7, Losing Templates following Import Device Configuration to Panorama

Experiencing some rather odd behaviour when Importing Device Configuration to Panorama In short what I'm witnessing is the loss of Templates (Device + Network), as soon as import is completed. The result is same whether I check the Import Shared Objects or not. Reversing the the changes by Config > Revert makes the Template section reappear o...

nawaza by L2 Linker
  • 2470 Views
  • 2 replies
  • 0 Likes

Resolved! Advertise NAT Pool via BGP

Hi, I need to advertise a NAT pool to an external partry via BGP. When i attmpt to configure the static route with as below. I get the error message when attemping to save the virtual route configuration. What is the correct way to configure a static route for this?

nat configuration.png
nat error.png

How to Enable WildFire to block jar file with 'malicious' Verdict

Hello Everyone, New to Palo Alto firewalls and new to this forum. Can I please ask how I go about changing the Wildfire action on a jar file to block? The action for this file has been to allow the file, despite the file being flagged as "malicious, as can be seen below: I wish to change the action to "block", as is the case with the "pe" fil...

Wildfire jar.jpg
Wildfire logs.jpg

Resolved! About last 30days query.

Hello Here is a qurery about last 30days. I just would like to change started date/time automatically when Minemeld do the query. {"operator":"all","children":[{"field":"sample.malware","operator":"is","value":1},{"operator":"all","children":[{"field":"sample.create_date","operator":"is","value":["2017-12-31T00:00:00","2018-01-29T23:59:59"]}...

Cybersecurity Thoughts

Hi,I have recently read many Plao Alto and TrendMicro research articles, predictions and reports on subject of cybersecurity. Regardless of personal opinion there are possible catastrophic results that could happen in case of abuse of certain sectors and devices. From the point of view of home users the titles in the newspapers appear to be anou...

WillAlt by L1 Bithead
  • 3043 Views
  • 1 replies
  • 0 Likes

PA-5220s Active/Passive HA with Single VWire but multiple vSys's and Zones

Hi folks Have pair of 5220s in Active/Passive HA. I'm reading that multiple zones cannot be used on VWire, well actually i'm finding that documentation not so clear and it could be functionality added in later releases of code. Anyway let me try to explain. I wish to bond (AE) eight + eight 10Gig interfaces to forming a single 80Gig VWire. Each...

nawaza by L2 Linker
  • 4335 Views
  • 6 replies
  • 0 Likes

Resolved! pa200 two interfaces in same zone

hi everyone, we have a pa200 with three L3 interfaces currently in use: eth 1/1 - untrust - dynamic ipeth 1/2 - trust - 192.168.18.1/24eth 1/3 - dmz - 10.10.10.254/24eth 1/4 - currently unused Now we would like to configure eth 1/4 just like eth 1/2, meaning it should be a further interface in the trust zone. I know it would be simplest to just...

Resolved! Latency on Internal Interface

Hello, Using PAN-OS 8.0.7. When we ping a trusted interface, we see latency up and down. Any clues? root@test-machine:~# ping 10.2.2.100PING 10.2.2.100 (10.2.2.100) 56(84) bytes of data.64 bytes from 10.2.2.100: icmp_seq=1 ttl=63 time=3.46 ms64 bytes from 10.2.2.100: icmp_seq=2 ttl=63 time=1.25 ms64 bytes from 10.2.2.100: icmp_seq=3 ttl=63 time=...

Farzana by L4 Transporter
  • 21826 Views
  • 9 replies
  • 0 Likes

UserID Factor Completion Time - Bad Data

We are seeing some random UserID entries being fed into our firewall that have a Factor Completion Time of "1969/12/31 19:00:00"; these always have a timeout of "0" so effectively kill the user mappings for that user. Has anyone seen this before? We have quite a convoluted setup for many reasons, one if which is that the UserID's generating the...

apackard by L4 Transporter
  • 4721 Views
  • 3 replies
  • 0 Likes

Zone protection - alert only

I have been investigating zone protection and DoS protection for awhile now and I think I would have already implemented it if you could configure all the settings to alert when you begin testing.

jdprovine by L4 Transporter
  • 4610 Views
  • 7 replies
  • 0 Likes

Resolved! pan-os 8.0 ntp not sync

Hi, I have a problem with test VM-300, NTP not sync and use local clock.But if i try to set timezone - clock set not correct >show ntpNTP state:NTP not synched, using local clockNTP server: 178.124.164.107status: rejectedreachable: yesauthentication-type: none ping source 192.168.18.227 host 178.124.164.107PING 178.124.164.107 (178.124.164.1...

SSergey by L1 Bithead
  • 10516 Views
  • 4 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks