This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

Resolved! Blocking Google Games

Has anyone had any success in blocking the Google browser based games yet? I have seen a few threads with no answers. I'm going to bust out the Fiddler and see where it is going during this but I don't want to interfere with normal users and their Google searches. I was thinking there would be an app-id for it but I may have to find domain nam...

Resolved! PAN-OS-PHP Combining actionss

Hi I am trying to use the PAN-OS-PHP to bulk edit some rules. My question is can I chain/combine actions together. The documentation says that I can but when I try I get a syntax error Before I send the command to the Firewall I just want to check the rules that will be updated I don't think I am to far away but its just the sytax. If a...

PAN-OS-PHP-Action.jpg

PAN-OS 12.1, IPv6 and Region/GeoIP

Hi, With PAN-OS 12.1, IPv6 addresses are now also showing what Region they belong to. However, this seems to be limited to logs. Security policies, using specific regions/countries, will still not match the IPv6 addresses, even though the same IPv6 addresses shows the appropriate country code in the logs. Is this a known issue (internally perh...

TCP-RST-FROM-CLIENT and TCS-RST-FROM-SERVER

Hi All, As captioned in subject, would like to get some clarity on the tcp-rst-from-client and tcp-rst-from-server session end reasons on monitor traffic. Even with successful communication between User's source IP and Dst IP, we are seeing tcp-rst-from-client , which is raising some queries for me personally. Are both these reasons are normal ...

Jimmy20 by L2 Linker
  • 310771 Views
  • 7 replies
  • 2 Likes

Expired license CDSS

Hello, we received an alert regarding the expiration of CDSS licenses on February 11, 2026, following a change in operation on the Palo Alto side. All our equipment is running at least version 10.2.13-h5. The partner portal does not show any affected devices. We would still like to know if this will have any impact on certificate management, act...

Resolved! Reason Why Logs Are Received by SLS but Not Stored

In Strata Logging Service, ACTUAL RETENTION DAYS was shown as 0 for certain log types (such as firewall_traffic). Meanwhile, we observed that system and dns_security logs have increasing ACTUAL RETENTION DAYS.I understanding is that when ACTUAL RETENTION DAYS is 0, it indicates that SLS is not retaining logs for that log type.We have confirmed t...

S2S IPsec VPN with Multiple Domain Encryption

We have experiencing difficulties having more than one domain encryption in IPsec tunnel, specifically when both are in the same subnet. Only one domain encryption remains active in the IPsec phase2. There are few times you can bounce IPsec gateway and restore connection to affected domain encryption, but after some time again connection lost to...

R.Thakar by L1 Bithead
  • 3559 Views
  • 5 replies
  • 0 Likes

PALO ALTO BACKDATE SUBSCRIPTION POLICY

Could you please advise where we may obtain an official document or website link from Palo Alto Networks that formally states the backdating policy as described below? Backdating on subscriptions: Lapsed Orders placed after the expiration date with standard term end dates on the renewal quote will result in subscriptions starting the date of...

Resolved! Cdb process not running on PA firewall

Hi Folks, Auto-commit on our passive firewall is failing. When checking the logs we could the see the commit failure reason as below: PA-3220 not started, auto commit failed: Details:Management server failed to send phase 1 to client cordCommit failedFailed to commit policy to device When checking the logs we could see the CDB process is not run...

Network connection unreachable on MAC OS newer version 15.3.2 o higher

Hi All, PAN-OS version: 11.1.10-h1 GlobalProtect Agent version: 6.3.3-711 We experiencing on the all MAC OS with The connection cannot be established and the following error message is displayed:“The network connection is unreachable or the portal is unresponsive. Check the network connection and reconnect.” We able to resolve for the olde...

Question on PA-440 Failover

Question regarding PA-440 and failover. How can I setup a failover in a PA-440 between two physical ports on that PA-440 firewall. For example: If Eth1/7 was connected to a cradlepoint and port 8 was a ipsec tunnel. What is the proper way to config pa-440 to failover from cradlepoint to another interface going over ipsec tunnel? Can the fi...

Create Custom Report for Unused Rules

HiI am struggling a bit here. I've been tasked to set up various reports on palo firewall. One of them is to create a custom report displaying all unused rules. I've tried many things. I followed this link: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcgCACwhich basically creates a report of used rules. I need exac...

Resolved! License Forms

Hello Team, I'm working with a customer for whom we purchased a Support Only license, and now we would like to start working on their environment. However, we want to activate the license under their CSP account. I am aware that this is not possible, but according to the case we created, I understand that we can re‑book the entity to the custome...

  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks