General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 915 Views
  • 0 replies
  • 0 Likes

Type: INNR in session id detail.

Hi team,

 

What does INNR represents in type when looking at the session ID details.

I know that this happens at child session, when parent session ID belongs to the HTTP/2 ID.

If you guys have any idea about what INNR represents, let me know.

 

 

 

 

Mgmt Traffic over VPN

Hi All,

 

  I am looking to deploy a few (4) PA-440's into the field. What is the best way to configure my remote firewalls to send MGMT traffic 3.3.3.3/24 (using loopback) over a vpn to central firewall to pass along to panorama MGMT (10.10.10.10/24

...

jQuery vulnerability on management interface of PA-3220

Hello all,

 

Our customer is currently using PA-3220 running PAN-OS 11.1.
During their recent vulnerability scan, the following CVEs were reported that jQuery used on the Web management interface;

 

CVE-2018-8046
CVE-2007-6758

 

Questions:
1. Do these v

...

kawai818 by L0 Member
  • 204 Views
  • 2 replies
  • 0 Likes

Cloud NGFW Credits issue

Hello All,

I recently purchased Cloud NGFW for azure and purchased paloalto credits as well.

my Azure NGFW shows as PAYG ( Pay us you go) instead of showing license with my credit.

is it possible to change my PAYG license to credit based.

M.vyas by L0 Member
  • 72 Views
  • 2 replies
  • 0 Likes

spanning tree portfast for cisco to palo links

I am moving some palo interfaces to a new cisco switch. 

What is the recommended spanning tree configuration on both palo and cisco sides when connecting these devices?

 

PA(config-if)# spanning-tree port type ?
edge Consider the interface as edge por

...

M.Allen by L1 Bithead
  • 224 Views
  • 1 replies
  • 0 Likes

Creating CSR with SAN via API calls

Hi,

I am trying to create CSR via API calls with subject alternate name for hostname and ip address, but I cannot find it in documentation. Simple creation of CSR works for me
https://10.XX.XX.XX/api?type=op&cmd=<request><certificate><generate><certif

...

nm2025 by L0 Member
  • 78 Views
  • 1 replies
  • 0 Likes

wrong traffic matching rule

Hi this maybe a simple or dumb question, but I have a rule shown below that has specific sources defined. I thought the rule would only match on those host listed in the source, but when looking at the logs, I can see other source IP's are matching o

...

palo-rule.jpg
palo-logs.jpg
E.Hinkle by L0 Member
  • 116 Views
  • 1 replies
  • 0 Likes

Resolved! How to add switchport trunk allowed to AE interfaces?

I have a cisco switch which has a trunk to a PA device. On the switch it is configured switchport trunk allowed vlan 120,766,767. How do I add the corresponding configuration on the PA end?

The AE2 int already has the .120, .766 and .767 sub interfac

...

M.Allen by L1 Bithead
  • 467 Views
  • 3 replies
  • 0 Likes

Resolved! Proto in packet capture filter

What is proto in packet capture filter ? The manual only says:

Proto—Specify the protocol to filter

The field only seems to accept numbers...

dieter_b by L4 Transporter
  • 7456 Views
  • 5 replies
  • 0 Likes
Palo Alto Networks Approved
Palo Alto Networks Approved

PAN-OS 11.2.8 ETA

Hi All,

 

i would like to know the ETA of the PAN-OS 11.2.8 as per last PA TAC mention that the 11.2.8 tentative release date of june 25 

 

but so far no info of the release yet 

 

this is to fix for GUI display issue with SAML SLO url.

 

thank you

Advice on dual isp, getting dns to work

Hello all,

I currently have a PA440 and I have 2 isp's, ATT and comcast which will be our backup and it's my 1st time setting this up, we are a small business of about 80 users, I already followed how to configure dual isp redundancy on the links pro

...

cdcirexx by L3 Networker
  • 872 Views
  • 8 replies
  • 0 Likes
  • 24165 Posts
  • 117 Subscriptions
Top Solution Authors
Top Liked Authors
Labels