This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

TCP-RST-FROM-CLIENT and TCS-RST-FROM-SERVER

Hi All, As captioned in subject, would like to get some clarity on the tcp-rst-from-client and tcp-rst-from-server session end reasons on monitor traffic. Even with successful communication between User's source IP and Dst IP, we are seeing tcp-rst-from-client , which is raising some queries for me personally. Are both these reasons are normal ...

Jimmy20 by L2 Linker
  • 310639 Views
  • 7 replies
  • 2 Likes

Expired license CDSS

Hello, we received an alert regarding the expiration of CDSS licenses on February 11, 2026, following a change in operation on the Palo Alto side. All our equipment is running at least version 10.2.13-h5. The partner portal does not show any affected devices. We would still like to know if this will have any impact on certificate management, act...

Resolved! Reason Why Logs Are Received by SLS but Not Stored

In Strata Logging Service, ACTUAL RETENTION DAYS was shown as 0 for certain log types (such as firewall_traffic). Meanwhile, we observed that system and dns_security logs have increasing ACTUAL RETENTION DAYS.I understanding is that when ACTUAL RETENTION DAYS is 0, it indicates that SLS is not retaining logs for that log type.We have confirmed t...

S2S IPsec VPN with Multiple Domain Encryption

We have experiencing difficulties having more than one domain encryption in IPsec tunnel, specifically when both are in the same subnet. Only one domain encryption remains active in the IPsec phase2. There are few times you can bounce IPsec gateway and restore connection to affected domain encryption, but after some time again connection lost to...

R.Thakar by L1 Bithead
  • 3550 Views
  • 5 replies
  • 0 Likes

PALO ALTO BACKDATE SUBSCRIPTION POLICY

Could you please advise where we may obtain an official document or website link from Palo Alto Networks that formally states the backdating policy as described below? Backdating on subscriptions: Lapsed Orders placed after the expiration date with standard term end dates on the renewal quote will result in subscriptions starting the date of...

Resolved! Cdb process not running on PA firewall

Hi Folks, Auto-commit on our passive firewall is failing. When checking the logs we could the see the commit failure reason as below: PA-3220 not started, auto commit failed: Details:Management server failed to send phase 1 to client cordCommit failedFailed to commit policy to device When checking the logs we could see the CDB process is not run...

Network connection unreachable on MAC OS newer version 15.3.2 o higher

Hi All, PAN-OS version: 11.1.10-h1 GlobalProtect Agent version: 6.3.3-711 We experiencing on the all MAC OS with The connection cannot be established and the following error message is displayed:“The network connection is unreachable or the portal is unresponsive. Check the network connection and reconnect.” We able to resolve for the olde...

Question on PA-440 Failover

Question regarding PA-440 and failover. How can I setup a failover in a PA-440 between two physical ports on that PA-440 firewall. For example: If Eth1/7 was connected to a cradlepoint and port 8 was a ipsec tunnel. What is the proper way to config pa-440 to failover from cradlepoint to another interface going over ipsec tunnel? Can the fi...

Create Custom Report for Unused Rules

HiI am struggling a bit here. I've been tasked to set up various reports on palo firewall. One of them is to create a custom report displaying all unused rules. I've tried many things. I followed this link: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcgCACwhich basically creates a report of used rules. I need exac...

Resolved! License Forms

Hello Team, I'm working with a customer for whom we purchased a Support Only license, and now we would like to start working on their environment. However, we want to activate the license under their CSP account. I am aware that this is not possible, but according to the case we created, I understand that we can re‑book the entity to the custome...

Resolved! New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Dear all, since a couple of days I'm getting alerts like: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform. Please consider removing unused configuration I removed all old auto saved configs after upgrades, and the config size looks ok:> show management-server last-committed config-s...

Support with PA-440 Software

Dear all, I have a pair of HA PA-440 with the software version of 11.2.7-h4, now I want to install the version 11.2.10-h2 to remediate CVE-(High Severity Vulnerability in PAN-OS) and (Customer Advisory on Device Certificate Renewal for NGFW Devices in Active-Passive High Availability (HA) with Service Route) Now I want to install software ve...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks