This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Resolved! How to settings NAT and Application Override?

Hi all. How do I settings NAT and Application Override? PC-A :201.xx.xx.182 |Palo :210.xx.xx.168 :210.xx.xx.169 -> 192.168.1.10 and TcpTimeout 4000ms :192.168.1.1 |Server-A :192.168.1.10 Set Policy is Allow From 201.xx.xx.182 To 210.xx.xx.169 HTTPS, and NAT To 192.168.1.10. OverRide is From 201.xx.xx.182 To 210.xx...

awawa100 by L2 Linker
  • 4021 Views
  • 3 replies
  • 0 Likes

Resolved! Does Policy blocking/deny huge traffic cause High CPU utilization

I have a PAN 200 at sales office, I have temp deny policy in place as I saw huge traffic (Genetec Traffic) from/to a specific destination/source.But I still see High CPU causing the Firewall to Reboot and which triggered Site Down Alerts( Downstream device lost connection). Does the Deny Policy for huge traffic (Number of Packets or Size of traf...

How to prevent GlobalProtect default route overwriting local static routes?

This is using PAN-OS 8 in AWS. We have a site which has multiple networks attached. Users from the "main" network (let's call it 1.1.1.0/24) can also access 1.1.2.0/24, 1.1.3.0/24 via the default route supplied by the DHCP server, which goes to our core switch. (before you ask, I cant just change the subnet masks as the real subnets are complete...

Resolved! Access during lunch time

Good morning, i wish know if it's possible to allow a websites during a period of time ( example between 12:00 & 14:00 PM) and then reblock the access? Thanks in advance for your Reply Esteban.

Palo-Alto NGFW to Barracuda NGFW Site-to-Site IPSec tunnel

Hello, Is there any guide available for creating Site-to-Site IPSec tunnel between Palo-Alto NGFW and Barracuda NGFW?A generic guide would do the job.I could go through the generic Phase1 & Phase2 configurations and troubleshoot from there but would be good if there is any suggested configurations available from Palo-Alto. Thanks.

paulpaul by L1 Bithead
  • 5097 Views
  • 4 replies
  • 0 Likes

Resolved! Setting-up Palo Alto Firewall without NAT Policy

Dear all, I am a newbie and currently at the first phase to learn Palo Alto Firewall. I am setting-up a simple virtual network topology using VMWare Workstation as follows. As you can see from the diagram, there are two zones which are labeled as Trust and Untrust with network 192.168.250.0/24 and 192.168.150.0/24 respectively. The ETH1/1 is fa...

Drawing1.png
hibagus by L2 Linker
  • 4096 Views
  • 3 replies
  • 0 Likes

Resolved! Linux VPN connectivity to a PAN FW in FIPS Mode

Good morning. I have a situation where I have a bunch of linux clients that need to be able to VPN into an environment protected by a PAN Firewall in FIPS mode. With FIPS mode enabled on the firewall, the ability to use 3rd party vpn clients via the x-auth feature is removed and there is no global protect client for the linux platform. Anyone h...

wkintz by L2 Linker
  • 2789 Views
  • 2 replies
  • 0 Likes

URL Filtering category “command-and-control” missing

Hello I'd like to prepare for new category “command-and-control” I have two firewalls one with BrightCloud and one with PA url filtering database. Both with 7.1.11 PANOS and latest url filtering database but when I try to change default action for this new category I see: Do I missed something? What's wrong with my configuration could be? Rega...

2017-09-20_085752.png
_slv_ by L4 Transporter
  • 3855 Views
  • 4 replies
  • 0 Likes

Mitel Border Gateway / Teleworker

Hi all,I'm having a problem getting Mitel's Border Gateway (formerly known as Teleworker) working properly. For those not in the know... Mitel is a large VOIP phone system company and they have various addons, including a server which would typically sit in your DMZ and allow remote workers to have a handset in their home / remote location as if...

UKRB by L3 Networker
  • 7566 Views
  • 5 replies
  • 1 Likes

Resolved! Upgrading 7.1 to 8.0: New Log Storage

HiWe are upgrading to 8.0 and have noticed the cavet about new log storage in 8.0. We do not have log collectors setup, but are collecting logs in Panorama (threat and traffic only) and wonder if the existing log migration applies to these as well? Thanks in advance for any advice,Rebecca

RSporbert by L1 Bithead
  • 15065 Views
  • 14 replies
  • 0 Likes

Resolved! URL Filtering Eval License - how to remove?

Every day we get email alerts:SYSTEM ALERT : critical : License for feature url-filtering expired on xxxx/xx/xxHow do you remove the URL Filtering evaluation license??There is no option in the GUI to remove it.I could see an option in the CLI to request a license, but not remove one.(I also don't want to remove our firewall license by mistake.)

moha by L0 Member
  • 5583 Views
  • 3 replies
  • 0 Likes

Resolved! How to change a miner timeout

Hi all, A simple question, I hope. How do I change the default timeout for a certain miner - panos syslog miner in may case. I'd like to change the timeout to be 30 days, rather then an hour or so that seems to be set now. I could not find a way to make change through the GUI, I figure one of the config files needs editing? Thanks, Luca

update withdraw.png

Resolved! NAT rule to change internal IP to another on same subnet?

Hi folks, I have created a internal zone IP address I want to use as generic for FTP communications 192.168.1.9.I want to NAT this IP to our current FTP server 192.168.1.19. This way when our FTP server changes we just change our NAT rule rather than the rest of our partner companies firewalls, routes, etc. I've created a DNAT rule and able to ...

OMatlock by L4 Transporter
  • 8894 Views
  • 11 replies
  • 0 Likes

Script or custom report ?

Hi All I’m new in the world of Palo Alto, the guy in charge of this just left our company so I’m doing his task until someone else arrive One thing he had to do for audit purpose was to do a report for each palo Alto with Device stateHA StatusSoftware VersionApps and Threat versionAntivirus versionURL Filtering versionWildFire So he was getting...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks