This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

is there a Stix Taxii service offering by Palo Alto

am new to palo alto, read about Minemeld service a while ago. i understood i need to install minemeld to gather the intelligence but in my case i cannot get another service/instance running in the organization. can some one tel me if PA has a stix taxii server (open for all) available similar to hailataxii service so that we can consume the data...

s3kindia by L0 Member
  • 6317 Views
  • 2 replies
  • 0 Likes

Resolved! Certificate failed to load: invalid certificate chain

Hello, I tried to change some certificates and am getting this error. Error: Certificate failed to load: invalid certificate chainError preparing global objectsfailed to handle CONFIG_UPDATE_START(Module: device)Commit failedAny article on how to fix this? Thanks in advance.

Farzana by L4 Transporter
  • 4386 Views
  • 1 replies
  • 0 Likes

Resolved! Apply Policies to a subnet

Hi,New here so I hope this is right spot for this question.I have a router from an ISP that is giving a public /28 subnet out its lan port. (Nat off)I can't easily replace the device for a couple of reasons.I wish to run the traffic from this through my PA so I can apply policies to the other devices I will place on this subnet.A Virtual Wire wo...

msgroup by L1 Bithead
  • 4150 Views
  • 6 replies
  • 0 Likes

Resolved! How to exclude IP address or Application from SSL Decrypt

Hello everyone, How do you add an expecific application when there is no URLs inside the log?, I.E if you check the traffic logs it's showing SSL as Application and no more info rather than a destination IP that could be changing in the mayority of cases I see the "category" of the App but I don't want to exclude an entire caterory from SSL jus...

Show all address objects in use in policy

Hello Is there a cli command available to search for and view all address objects in use in a firewall's policy? I have a firewall that has hit its maximum address objects limit and need to remove unused addresses. Thanks

Grahame by L0 Member
  • 2679 Views
  • 2 replies
  • 0 Likes

Resolved! How to block one particular user to access the Internet except facebook

Hello, I need a guideline on how to block one particular user to access the Internet except facebook.com I have created a policy with: { to outside; from inside; source any; destination facebook; source-user testuser; category any; application any; service any; hip-profiles any; tag UserID; action allow; rule-type universal; disabl...

Farzana by L4 Transporter
  • 3135 Views
  • 2 replies
  • 0 Likes

Resolved! LDAP Authentication Profile missing when trying to add administrator user

I have created an authentication profile utilizing a connection to the LDAP servers. When I try to add an Administrator I am unable to select this authentication profile from the drop down menu. All that is available is "none." I think that my server and authentication profiles are set up correctly as I am able to test the authentication profile...

To what extent Threat Updates covers against the latest CVE's

Hi, we have received notifications for the following vulnerabilities and related CVE's: Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code ExecutionOut of bounds write in QUIC (CVE-2017-15407)Heap buffer overflow in PDFium (CVE-2017-15408)Out of bounds write in Skia (CVE-2017-15409)Use after free in PDFium (CVE-2017-15410, ...

IPSec VPN tunnel not coming up

I configured IPSec VPN tunnel between my 2 PA FWs. The physical interfaces are up but the tunnel is not up. I am a Cisco guy and new to the PA. I am trying to see ipvpn traffic va the Monitor. But I did not see any traffic. How do I check for my ike phase 1 and ipsec phase 2 to make sure that all the parameters and the password matched on both ...

jac101 by L2 Linker
  • 13382 Views
  • 5 replies
  • 0 Likes

Resolved! Traps Hash correlation with syslog miner

Hi Luigi, I have 2 issues that I believe you can address. I am building out the syslog miner and got it working for NGFW traffic logs. I also enabled my Traps ESM to send syslog to Minemeld. I see there is a rulebase for parsing traffic and threat syslog, but I want to build a Traps miner. Is this supported? It would be great if I can sen...

mr_best by L1 Bithead
  • 6558 Views
  • 6 replies
  • 0 Likes

Resolved! Cannot access HTTPS sites using non standard ports

Hello, When we switch the connection to a 4G connection, was able to connect to the URL without any issues:wget https://www2.medicareaustralia.gov.au:5447/ --no-check-certificate--2017-12-06 10:39:16-- https://www2.medicareaustralia.gov.au:5447/Resolving www2.medicareaustralia.gov.au... 203.80.58.18Connecting to www2.medicareaustralia.gov.au|20...

ND.jpg
1.jpg
Farzana by L4 Transporter
  • 11932 Views
  • 9 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks