This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

DUAL ISP Failover Single VR

I have a situation below and I need to be able to configure failover, seeking some guidance. Basically I have SG3 (two ISP's in the same VR)ISP1 (eth1/7)--------------> WAN-VR2ISP2 (eth1/8) Then I have a whole bunch of other sub interfaces on the LAN side:TRUST-VR - VSYS3trust1 eth1/24.1trust2 eth1/24.2trust3 eth1/24.3 I found this link:https...

mali77 by L1 Bithead
  • 6988 Views
  • 6 replies
  • 0 Likes

update.newinfoclientstack.com

I looked in the threat database and PA classifies this URL Inbox update.newinfoclientstack.com as maleware. Is there a way to know if this is covered by the threat prevention subscription? There were no details in how to deal with it in the database

jdprovine by L4 Transporter
  • 2770 Views
  • 4 replies
  • 0 Likes

Resolved! Quickest way to add and manage Azure / AWS address group

Hi All, New to PA here - What is the quickest and most efficient way to Add / Delete / Manage large lists of IP addresses and subnets such as ones that belong to AWS or Azure? I would like to create an Address Group and add in all Azure or AWS IP / subnets into it. Occasionaly, my guess is I'll have to update this address / subnet list as it ge...

Resolved! IPSEC VPN ECMP - Issue

Dear Collegues, Let imagine the following situation: PA Firewall connected to two ISP, e1/1 - 1.1.1.1 and e1/4 - 2.2.2.2.Default virtual router with ECMP configured with weights e1/1-50 and e1/4-50. IPSEC tunnel configured to the remote site, IKE Gateway configured on interface e1/4. Tunnel is green, everything seems to be fine... but:I see arou...

Resolved! Newb Question: Searching Security Policies by Name (w/ Filter Operators)

Hello! Brand new to PAN, but diving into it as part of onboarding at with a new employer. Our company has quite a few security policies (169) compared to the scale of networks I'm used to managing in my past roles (maybe 6-12 on the high end!). So, I'm keen on using the search bar to effectively sort, filter, find, and make sense of these. I'v...

locampo by L2 Linker
  • 13348 Views
  • 7 replies
  • 0 Likes

Resolved! Active/Active failback

Hi,We are looking at deploying an A/A L3 cluster with dynamic routing (has to be A/A to satisfy requirements of the existing setup). We've pinned all the routing preferences and floating IP priorities to 'unit A'. We are new A/A so any help with the below would be much welcome: 1)The issue we are facing (will be facing) is when failing back, the...

APP-ID and HIgh Port range

Is ther a range of tcp/udp ports that do not have a APP-ID in appipedia? I ask b/c as we are migrationg over 10k rules we are aware not all of them will have PA app-id assoicated so we are trying to filter out those ports and jsut curious is there a acutal port range or specific ports that do not have APPID's

Resolved! Enabling a Systems Maintenance page for systems at the PA?

Hi folks, We have a public IP that NATs to an internal Barracuda Load Balancer VIP that represents several sites, content rules, etc.I am being asked if we could temporarily change the NAT translation at the firewall to redirect to a maintenance page while we take these servers down for patching, instead of editing rules at the Load Balancer. It...

OMatlock by L4 Transporter
  • 2661 Views
  • 2 replies
  • 0 Likes

Resolved! PAN 7.1.9 aes-256-cbc vs PAN 6.1.10 aes256

I need to move a tunnel from a PAN with 6.1.10. The tunnel today uses aes256 for IPSec crypto and for IKE. The tunnel established fine to our biz partner. In configuring the tunnel on the other PAN with 7.1.9 I notice that my options are aes-256-cbc or aes-256-gcm for IPSec and IKE Crypto, Add offered aes-256-cbc. My question: If I select aes-25...

palomed by L3 Networker
  • 2471 Views
  • 1 replies
  • 0 Likes

Resolved! Configuring destination NAT with DHCP public IP

I only get a dynamic public IP from the ISP on the outside interface of the PAN box. I'd like to configure Destination NAT to use the single public IP for number of servers running inside network on different ports. I've followed the documentation online to configure Destination IP and Port Translation. I received the following error when trying...

PAA at Jul 11 16-22-22.png

S2S VPN Between PA and Cisco ASA

Hello! I've spent the last 2 days trying to get an IPSec tunnel working between a PAN 200 and Cisco ASA5505 but all my attempts have failed. I am not sure what the issue is and would reall appreciate any assistance to point me in the right direction. This is a very simply setup. I've configured both sides properly but for some reason the tunne...

Problems with Traps conditions after update

Hi all, One of our resellers has reported a problem to us. A condition, configured in a Traps environment, is not working anymore after they updated from version 4.0.0.24417 to 4.0.1.25216. Is there something known about this problem? This is the condition: Could someone help with this? Thanks and Regards,Federico

Condition.jpg

Blocking apps

Hi At the moment what is most annoying is the blocking external emails, for example, Gmail, depending on which browser you open appears as "gmail", as "ssl" or as quic. We have configured a block list for that, the problem is that users are starting to place them in the mail clients of W10 and Outlook, and we return to the same, Palo Alto sees i...

Recorded Future 401 access error

Hello,I am currently in the process of moving our threat feeds into Minemeld. One of our providers is Recorded Future, which i have enabled as a node, and set the API access key. when i go to run a the mode, it gives me a 401 client Error: Unauthorized naturally, i checked if the API key was incorrect, but i am still able to manually grab the fe...

JonasE by L1 Bithead
  • 8028 Views
  • 5 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks