This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Resolved! Filtering, Notification, Approval processing capability

Hello, In some use-cases, we may want to have the following features: Filtering - Maybe a list of search strings that if matched are excluded from the output Use-Case: URL lists for O365 are very messy, and sometimes we don't trust all the output given by MS. We may want to filter certain URLs from getting added to the output Notificati...

PAN OS 8 displaying multipe threat/anti virus versions

Hey folks. I don't know if this is intentional or not, but it's annoying as hell, and if it's configurable, I'd like to know hwo to fix it. Since upgrading to Pan OS 8 on one of my PA's (a 500), I've noticed that when I check for dynamic updates, I get multiple versions dispplayed - like the below Previous versions only displayed three - the cur...

threat_display.jpg
darren_g by L4 Transporter
  • 3272 Views
  • 3 replies
  • 0 Likes

CLI commands for Palo Alto configuration

Hi, Are there any CLI commands which we can use to assess all the checks listed in the CIS Palo Alto Firewall 7 Benchmark? For Example:Check : Ensure 'Minimum Password Complexity' is enabled Navigate to Device > Setup > Management > Minimum Password Complexity.Verify Enabled is checked. Is there any CLI command on Palo Alto Firewall dev...

Arti_K by L1 Bithead
  • 9106 Views
  • 5 replies
  • 0 Likes

Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

I've deployed GlobalProtect 4.0.3-31 to my lab machines. When I log in, I get notifications that GlobalProtect is connecting, and then that it is not connected. I'm not panicked because my portal is not available from my internal network. Will switching to an On-Demand configuration make these notifications go away?

Integrating Minemeld with TheMediaTrust

There is a current miner prototype for themediatrust, and the comment from the .yml file indicate that you need a valid TMT DTI API Key to use this Miner. How do you configure this DTI Key in the Config section from the New Local Protoype page? Thanks, John

jcornell by L0 Member
  • 2744 Views
  • 1 replies
  • 0 Likes

Palo Alto and Cisco ISE packet issues

Hi ive got an issue when a user connects on our VPN using the global protect client the connection will take nearly a minute to connect and in the backgroup create several failures on our Cisco ISE RADIUS server, before finally let the user connect. I have got calls open with both Palo Alto and Cisco support but i kinda feel like im not getting...

Resolved! SSL decryption alert or log

Hi We use SSL decryption and from time to time we have issue with web sites and apps not working because we are decrypting their traffic. If its a web site that doesnt like ssl decryption most of the time the end user will get the relevant response page, but our issue is with applications or windows apps that doesnt like ssl decryption because w...

Resolved! Failed to Initiate Phase 0 (ID population)

Hi community, Does anyone already saw this commit error and knows how to solve this issue without doing a simple reboot? PAN-OS 8.0.7, Apps&Threats 773 Regards,Remo

20180203_185654.png
Remo by L7 Applicator
  • 8161 Views
  • 1 replies
  • 0 Likes

Commit limits

Hi Guys, We are running scripts to push configurations into the firewalls. Everything is done via CLI and with set statements (I know that it is odd, but that's the way it is). Does anyone know are there any limits on the configuration size because sometimes we have config synchronization problems with the secondary box? Cheers

ICMP gets dropped by DEFAULT DENY ANY ANY

Source IP: x.x.172.230Source Zone: int-fw Destination IP: x.x.20.50Destination Zone: DMZ Requirements: SRC and DST IPs should be pinged bi-directionally. Scenario:- I've allowed the traffic using ICMP, ICMP-0, ICMP-8, PING bi-directionally but still unsuccessful- Upon checking the logs, I can see that from SRC ----> DST is allowed using the R...

mcjyrnn by L1 Bithead
  • 9427 Views
  • 11 replies
  • 0 Likes

Always on/Pre-Logon GP and Windows logon time

Does anyone have any tweaks or suggestions that might improve the windows logon time when GP is configured as pre-logon always on? Our users have gotten used to waiting sometimes up to 5 minutes after logging in before they see their windows desktop. The only way we have found to alleviate that is to set GP to on-demand (not an option) or uninst...

hshawn by L4 Transporter
  • 6046 Views
  • 6 replies
  • 0 Likes

Trunking a new switch existing PA (Active/passive)pair

Hello Everyone, I am having some trouble with trunking. Below is our current setup: PA pair(vlan 48---x.x.48.254) ------core switch (vlan 48....x.x.48.1) for internal access (trust zone). we have a static route on PA---any traffic to internal network, should be pointed core switch (vlan 48....x.x.48.1) .Similarly we have default route on core sw...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks