This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4153 Views
  • 0 replies
  • 0 Likes

Show how long the VPN site-to-site tunnel is up

Hi everybody, Is there any CLI command or log that show the time of the tunel VPN (phase 1, phase 2 or both of them) is up? The commands:show vpn ike-sa gateway <gateway name>show vpn ipsec-sa tunnel <tunnel name> It shows the lifetime since the last key was negotiated, but it doesn't show the total lifetime of activity of VPN tunnel...

How to Block all countries

I am trying to make a policy on my new PA-220 and i want to block all traffic coming in from every country except the united states..I can't figure out how to do that except by blocking every country one country at a time.. Can anyone tell me if there is a block all except feature?

hill11 by L0 Member
  • 4924 Views
  • 4 replies
  • 0 Likes

Resolved! Spyware Infect Host report from P.A.

I just got a spyware infected host report that says something like Destination address | Destination Host Name | CountX.X.X.X hostname.domain.com 2.94k X.X.X.X hostname2.domain.com 1.44k X.X.X.X hostname3.domain.c...

Globalprotect IPSec crypto

A couple of questions 1. Is the IPSec crypto for global protect completely separate for the IPSec crypto option that you find lower down in the list on the firewall?2. Is the Globalprotect IPSec crypto still used when x-auth is turned on?

jdprovine by L4 Transporter
  • 3231 Views
  • 2 replies
  • 0 Likes

The FW Can not match User based Rule when users were changed IP in using GP internal Gateway.

My customer uses GP Internal Gateway with a non-Tunnel mode.It means it uses just only user authentication and enforces user-based rules. I am facing an issue .A user was connected to GP Internal GW in office 1F and successed authentication.The FW was updated A user has 192.168.1.1 from GP.The user moves to 2F and changed IP from 192.168.1.1 to...

how to write a simple miner documentation

Hi there, I'm a new user, so hopefully this is a simple question. I installed minemeld via source code on ubuntu 14.04 using the instructions on this page : https://github.com/PaloAltoNetworks/minemeld-ansible The installation went smoothly and there were no errors. I then went through the exercise of writing a test miner using these ...

vb0398 by L2 Linker
  • 16635 Views
  • 18 replies
  • 0 Likes

Resolved! PBR forwarding does not work

For the first time I configured a Palo Alto firewall.I have created three zones each connected with a specific interface:INTERNEXTERNDMZ For each zone I created a virtuel router each configured with static routes :Intern:DMZ -> Interface DMZDmz:EXTERN -> Interface EXTERNINTERN -> Interface INTERNExtern0.0.0.0 0.0.0.0 -> IP ISP Router...

ZEBIT by L3 Networker
  • 7021 Views
  • 7 replies
  • 0 Likes

Pro active monitoring for routing table

Hello, We have faced problem where routing table is full and we had an outage where customer were unable to access Internet for specific sites. We asked for syslog or SNMP traps on it but we received as of now, there is no provision to monitor it. We would like to add this as a feature request to have monitoring for routing in place. Reg...

OpenVPN to a server behind PA

I have a dest NAT setup with port translation thus:untrust untrust public IP tcp 443 > private IP tcp 1194 Policy set asuntrust trust any src to public IP for 443. The NAT works fine, but I see aged-out on the traffic monitor, and no traffic at all on wireshark on my PA > Server LAN. Am I missing something?

Resolved! Problem with Panorama shared context

Hi, I am currently migrating our firewalls to Panorama and have a problem with shared settings.Every Panorama commit shows me Warning: Disabled applications in shared: intercall google-spaces-base google-spaces-posting zenefits gitlab-base gitlab-uploading jumpshare-base jumpshare-uploading xfinity-tv newton-mail cylance directv ms-teams quip fi...

linhartj by L0 Member
  • 7125 Views
  • 2 replies
  • 0 Likes

GlobalProtect Users appear on GUI and not on CLI

PANOS 8.0.5Current connected GlobalProtect Users appear on GUI by “Monitor/User-ID/Source-type=globalprotect” and not appear on CLI "show user ip-user-mapping all type GP”: the record is not absolutely present.On PANOS 7.1 the CLI command "show user ip-user-mapping all type GP” shows the current connected users. LA

Aiace by L1 Bithead
  • 3124 Views
  • 1 replies
  • 0 Likes

File minemeld-web.conf doesn`t exist

I`m looking for file minemeld-web.conf into /etc/nginx/sites-available/minemeld-web.conf directory but it doesnt exist, there`s only default file. I need to change HTTPS services to HTTP I installed the super fast setup from the site https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-VMWare-desktop/ta-p/72038 Greetings

vhgambit by L1 Bithead
  • 3636 Views
  • 1 replies
  • 0 Likes

Resolved! OpenConnect client with a Global Protect plugin

Hello, We found that only 1 factor authentication is required when connecting to the VPN using OpenConnect client with a Global Protect plugin, it appears that it bypasses the portal authentication and only requires the gateway authentication. We have X-Auth disabled, and cannot restrict connections by Linux OS. Currently our portal is configur...

Farzana by L4 Transporter
  • 25159 Views
  • 2 replies
  • 1 Likes

Licence NFR PaloAlto

Hello I just receive my PA-850, i made the registration of the device in support section, but after this registration, i can't see the licences for the new device :Threat PreventionBrightCloud URL FilteringPAN-DB URL FilteringGlobalProtect GatewayGlobalProtect PortalPA-VMPremium SupportWildFire Licensethose licenes are inclued in NFR licence ? i...

nfr palo.jpg
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks