This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Issue ports to switch turned (errdisabled) for both HA pair after upgrade from 11.1.6-h14 to 11.1.6-h25

Hi All, We have a pair PA 5220 in HA x2 and in PAN-OS 11.1.6-h14we perform upgrade to PAN-OS 11.1.6-h25, the upgrade is successful but we counter issue issue ports to switch turned (errdisabled) and it running normally after that First Pair HA we able to recover with shut/unshut the errdisabled interface however the second pair we try th...

Resolved! Prisma Browser ECCN

Hello, I downloaded Prisma Browser https://get.pabrowser.com/welcome and I am looking for the ECCN (Export Control Classification Number). Can someone in your Trade Compliance or Legal department provide me the ECCN ? Thank you.

Resolved! Panorama HA Pair and Managed Log Collectors Upgrade Process - Clarification

Hello All, Planning an upgrade of a Panorama HA pair in management-only mode with two dedicated log collectors to PAN-OS 11.1.x from PAN-OS 10.2.x To assist with the explanation below: Unit A - Panorama Active Unit Unit B - Panorama Passive Unit First, after reviewing the upgrade documentation (Upgrade Panorama in an HA Configuratio...

nohash4u by L3 Networker
  • 2516 Views
  • 2 replies
  • 0 Likes

Resolved! Palo Alto in Virtual Wire mode : Traffic not passing throught internet perimeter Firewall

Dear All, I'm doing POC at customer who use Checkpoint as Internet Firewall. So i deploy Palo Alto behind Checkpoint firewall in vwire mode. After We configure and install policy everything running well and to minimize the risk we configure permit all any any in the bottom of security policy. At the end of the PoC we try to disable the Permit ...

Migrate config from Sophos UTM9 to Palo

hi, I need to migrate a Sophos UTM9 FW. It has proxy config, nats, LDAP integration, policies........... to Palo Alto firewall Is there any tool to migrate Sophos to Palo. Expedition not support Sophos 😞 any idea? thanks

BigPalo by L4 Transporter
  • 542 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama API ServiceNow integration, getting Hit Counts

Dear Community We try to get out the hit counts from the API connection between Panorama and ServiceNow. Is there someone in the community who has experience where the hit counts can be read out? Within the API documentation, we were not able to get more details. We are able to read the whole rules, their object groups and also the objects. Bu...

Sectigo Root CA Trusted Store Request

Greetings, Sectigo has (recently) updated their Public Root Certificates (mid-2025), introducing new roots including: - RSA: Sectigo Public Server Authentication Root R46(https://crt.sh/?d=4256644734) KB Articles for reference: https://www.sectigo.com/knowledge-base/detail/Sectigo-Root-Certificates https://www.sectigo.com/knowledge-base/deta...

L.Yalezo by L1 Bithead
  • 8943 Views
  • 8 replies
  • 1 Likes

Resolved! Custom URL Category Configuration Verification.

Is anyone able to confirm this for me by chance? I'm trying to do some testing, but being able to find independent confirmation would be a nice comfort to me. In a Custom URL category list, is an entry like:abc.com/ equivalent to:abc.com/*? Thanks!Thanks!

"Bugs" on Syslog Field Descriptions documentation PAN-OS 11.1+

I found a lot of "bugs": typos, missing fields, unstandarized naming, etc. in the Syslog Field Descriptions documentation PAN-OS 11.1+ All the inconsistencies are documented in https://github.com/enotspe/palos/blob/main/EDGE_CASES.md Hopefully Palo Alto team will correct it

enotspe by L0 Member
  • 1665 Views
  • 2 replies
  • 0 Likes

Ground Stud: Who Needs 'Em, Really?

Many devices seem to come with a Ground Stud on the back (ground cable not included, of course). It just occurred to me that I can't think of a single time I've seen this used. So... I'm not very electrically-inclined... I couldn't explain 3 phase power, and I still can't wrap my head around the difference between watts and volt-amps (seeing ...

locampo by L2 Linker
  • 1456 Views
  • 2 replies
  • 0 Likes

Question about ECH and its effect on URL filtering (without decryption) + how to block it

Hi team We have received reports from users regarding URL filtering behavior and are investigating whether ECH (Encrypted Client Hello) is the cause. In our environment, we cannot apply SSL decryption, so we rely on inspecting the SNIin the ssl_client_hello. In Wireshark captures of the TLS ClientHello, we see the extension “encrypted_client_hel...

Alpalo by L4 Transporter
  • 2472 Views
  • 1 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks