This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

Resolved! Firewall Policy

I am working to configure our new Palo Alto Firewall. In the policy section, I have configured one policy to allow RDP service (3389) using souce & destinaion IP address (Rule-20) and configured another rule (Rule-50) to deny all traffic. Below is the summary of config- Rule-20:Source IP: 192.168.10.20Dest IP: 192.168.15.20App: RDP (3389)Ac...

meshbah by L1 Bithead
  • 4655 Views
  • 5 replies
  • 0 Likes

Resolved! Inter-VR-Routing from Branch Office

Hey all!I am working on a Inter-VR Routing issue and would ask you for some input, how's a best practise..In Headquarter we have two VR's (2 Internet Routers), to reach the old official IP's there was build a DMZ2, which is in the secoundary VR ISP2. With the route in the default VR, which i say the /24-Network in this VR goes in Next Hop to VR ...

routing_rudolstadt.gif

One configuration for multiple sites

We are trying to deploy the PA 220 at multiple sites. The firewall will be facing an outside internet connection protecting a production server. Objective 1 is to create vpn accounts for specified users and machines (using MAC addresses) to control access, Objective 2 is to block ALL other traffic (incoming/outgoing) Objective 3 Create a c...

ddocksta by L0 Member
  • 4977 Views
  • 2 replies
  • 0 Likes

Resolved! Layer 3

I am getting ready to set up our firewall at our commany. I have done the free learning curriculum and what I learned was information but it didn't prepare for my first steps totally. I understand that the basic required properties when setting up a Layer 3 interface is: type, virtual router, security zone..I am going to be setting our interface...

Populate Dynamic Address group via XPATH

Hi, Has anyone succeeded yet in populating a Dynamic Address Group with IP addresses using XPATH?(API can use 2 methods: an XML file or all info included in one command via XPATH).Idea is to integrate with Infoblox, which only understands XPATH. Thanks

How to block sites where to buy/sell crypto coins

Hi, I'm getting the question of the management to block all sites that are dealing with selling or buying crypto coins.They are getting tired of it that lots of employees are wasting time to check there crypto coins all the time and buy and sell them.Is there a way to block this in the firewall? I'm afraid that all of these sites are in the cate...

ZEBIT by L3 Networker
  • 5763 Views
  • 6 replies
  • 0 Likes

Resolved! How to allow RDP with specific port.

Good day. I am new in handling firewall. We use juniper before (i did not setup). Before we can remote access (remote desktop protocol) our network. I would like to setup that kind of connection again. Before on the remote desktop connection, we just put IP Address:port number + domain account (authentication). How to setup like that? Thank you....

Change filename of custom report file

Is it possible to change the underline part of this file ? 11-20171213DailyDroppedThreats.csv. I am trying to automate some data collection and the beginning number "11" seems random to me.

PAN OS 7.1.14 AD issues after update

After update PAN OS to release 7.1.14 we are having problems with user identification.The user credentials are lost in PA and some access are denied because PA can not identify the user.Have anyone experiencing something like that on 7.1.14?

mmcastr by L1 Bithead
  • 4758 Views
  • 5 replies
  • 0 Likes

Resolved! Configuring subinterfaces from the CLI

Hi, Is it possible to configure subinterfaces from the CLI? I've been trying different sequences of commands but so far I'm not having any luck. From the GUI I have no issue it is only from the CLI. Thanks

Modo2016 by L1 Bithead
  • 6975 Views
  • 2 replies
  • 0 Likes

is there a Stix Taxii service offering by Palo Alto

am new to palo alto, read about Minemeld service a while ago. i understood i need to install minemeld to gather the intelligence but in my case i cannot get another service/instance running in the organization. can some one tel me if PA has a stix taxii server (open for all) available similar to hailataxii service so that we can consume the data...

s3kindia by L0 Member
  • 6362 Views
  • 2 replies
  • 0 Likes

Resolved! Certificate failed to load: invalid certificate chain

Hello, I tried to change some certificates and am getting this error. Error: Certificate failed to load: invalid certificate chainError preparing global objectsfailed to handle CONFIG_UPDATE_START(Module: device)Commit failedAny article on how to fix this? Thanks in advance.

Farzana by L4 Transporter
  • 4438 Views
  • 1 replies
  • 0 Likes

Resolved! Apply Policies to a subnet

Hi,New here so I hope this is right spot for this question.I have a router from an ISP that is giving a public /28 subnet out its lan port. (Nat off)I can't easily replace the device for a couple of reasons.I wish to run the traffic from this through my PA so I can apply policies to the other devices I will place on this subnet.A Virtual Wire wo...

msgroup by L1 Bithead
  • 4218 Views
  • 6 replies
  • 0 Likes

Resolved! How to exclude IP address or Application from SSL Decrypt

Hello everyone, How do you add an expecific application when there is no URLs inside the log?, I.E if you check the traffic logs it's showing SSL as Application and no more info rather than a destination IP that could be changing in the mayority of cases I see the "category" of the App but I don't want to exclude an entire caterory from SSL jus...

  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks