This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4238 Views
  • 0 replies
  • 0 Likes

Archive of Release Notes for Dynamic Updates?

Hi all, Is there an archive of release notes for dyanmic updates? I've just discovered that a firewall I inherited has a very old version of the Application version. I'd like to determine just how old it is (so I know how much chaos I'm going to cause when it gets updated.) Thanks,- Steve

Tagged subinterface in different zone than parent not working

So up to this point I'd only been using tagged sub interfaces for capacity\housekeeping\etc, so they were all in the same security zone. Now I have a case where I'd like to be able to add some rules to where traffic from this new VLAN can go.. I put the new sub interface in a new zone, add the new zone to the general internet access rules and...

PA sub interfaces.PNG
PA monitor log.PNG
razor192 by L1 Bithead
  • 10008 Views
  • 10 replies
  • 0 Likes

Create a rule

Hi,is there a way to create a rule like this?if( session_end_reason eq aged-out ) and ( zone.dst eq SERVER ) and ( app eq incomplete ) and ( rule eq MY OUTSIDE RULE ) and ( bytes eq 308 )block the IP for 300 seconds

s_quasar by L3 Networker
  • 2889 Views
  • 3 replies
  • 0 Likes

Resolved! Global Protect Agent Compatability

This is probably a relatively simple question and I think I know the answer but would like to confirm with the wider community. We currently have Global Protect Client 3.1.1 active on our Firewalls. We are looking to go up to the 4.0.x branch of the client in the near furture. Will devices out there with the 3.1.1 agent installed still work if t...

Panorama License Upgrade

I am currently running Panorama with a 25 device license limit, and I have purchased and need to upgrade to the 100 device limit. It seems the auth code for the 100 licenses is the same as the auth code for the 25 licenses.When I go to Panorama, Licenses, and click the Retrieve license keys from license server, it doesnt return anything. I tried...

Resolved! Palo stops identifying users in traffic logs

Hi, we realized that Palo Alto suddenly stops identifying users. We can see an example in this traffic logs. In this screenshot, we see how the user is being identified but there are connectiosn where its not appearing. sometime running show user ip-user-mapping all, we can not see the user associated to the correct ip. What could it cause thi...

Screenshot1.JPG

customize widgets of the GUI

Hello everybody, one of my customers wanted to expand the size of certain widget. for instance , system log panel, since they don't see the GUI at any time everyday. some of logs would be missed.do we have a way to expand the widget's size and have it list more logs on it. And as you know, we have LED lights in the front of box , Can we add new ...

DannyDai by L1 Bithead
  • 2383 Views
  • 1 replies
  • 0 Likes

license transfer failed, device now stuck

Hey out there I have had a failed attempt at transferring a license to a spare device. The original device is still listed, with its licenses in tact under "devices", however the spare device no longer shows up in the "spares" list, it is in the device list with no licenses attached. Is there a way that I can reset the device back into the spar...

Resolved! How to settings NAT and Application Override?

Hi all. How do I settings NAT and Application Override? PC-A :201.xx.xx.182 |Palo :210.xx.xx.168 :210.xx.xx.169 -> 192.168.1.10 and TcpTimeout 4000ms :192.168.1.1 |Server-A :192.168.1.10 Set Policy is Allow From 201.xx.xx.182 To 210.xx.xx.169 HTTPS, and NAT To 192.168.1.10. OverRide is From 201.xx.xx.182 To 210.xx...

awawa100 by L2 Linker
  • 4076 Views
  • 3 replies
  • 0 Likes

Resolved! Does Policy blocking/deny huge traffic cause High CPU utilization

I have a PAN 200 at sales office, I have temp deny policy in place as I saw huge traffic (Genetec Traffic) from/to a specific destination/source.But I still see High CPU causing the Firewall to Reboot and which triggered Site Down Alerts( Downstream device lost connection). Does the Deny Policy for huge traffic (Number of Packets or Size of traf...

How to prevent GlobalProtect default route overwriting local static routes?

This is using PAN-OS 8 in AWS. We have a site which has multiple networks attached. Users from the "main" network (let's call it 1.1.1.0/24) can also access 1.1.2.0/24, 1.1.3.0/24 via the default route supplied by the DHCP server, which goes to our core switch. (before you ask, I cant just change the subnet masks as the real subnets are complete...

Resolved! Access during lunch time

Good morning, i wish know if it's possible to allow a websites during a period of time ( example between 12:00 & 14:00 PM) and then reblock the access? Thanks in advance for your Reply Esteban.

Palo-Alto NGFW to Barracuda NGFW Site-to-Site IPSec tunnel

Hello, Is there any guide available for creating Site-to-Site IPSec tunnel between Palo-Alto NGFW and Barracuda NGFW?A generic guide would do the job.I could go through the generic Phase1 & Phase2 configurations and troubleshoot from there but would be good if there is any suggested configurations available from Palo-Alto. Thanks.

paulpaul by L1 Bithead
  • 5163 Views
  • 4 replies
  • 0 Likes

Resolved! Setting-up Palo Alto Firewall without NAT Policy

Dear all, I am a newbie and currently at the first phase to learn Palo Alto Firewall. I am setting-up a simple virtual network topology using VMWare Workstation as follows. As you can see from the diagram, there are two zones which are labeled as Trust and Untrust with network 192.168.250.0/24 and 192.168.150.0/24 respectively. The ETH1/1 is fa...

Drawing1.png
hibagus by L2 Linker
  • 4151 Views
  • 3 replies
  • 0 Likes

Resolved! Linux VPN connectivity to a PAN FW in FIPS Mode

Good morning. I have a situation where I have a bunch of linux clients that need to be able to VPN into an environment protected by a PAN Firewall in FIPS mode. With FIPS mode enabled on the firewall, the ability to use 3rd party vpn clients via the x-auth feature is removed and there is no global protect client for the linux platform. Anyone h...

wkintz by L2 Linker
  • 2828 Views
  • 2 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks