This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1910 Views
  • 0 replies
  • 0 Likes

Resolved! RTP traffic not matching App-ID Rule

I have a strange issue where I have a configured rule to allow the "rtp" and "rtcp" App-IDs with application-default service from any-to-any. Below that rule I have a generic permit-any rule with application service any. Screenshots below. The behavi

...

IanGraham_0-1704745546729.png
IanGraham_3-1704745826139.png
IanGraham_2-1704745786416.png

VPN tunnel is getting dropped

we are seeing tunnel drop with below error message.

IKE phase-1 SA is deleted SA: 1.1.1.1[500]-2.2.2.2[500] cookie:191098e4ef6db35d:eba9ee89ff200b07

transition from trial to purchased license

Hi All,

 

We are in a scenario where we are running firewalls on trial licenses. 

 

We have purchased the licenses. Can you help me with following queries :
1. When firewall transition from trial -> purchased license, will firewall drop the network tr

...

BRI-IT by L0 Member
  • 726 Views
  • 1 replies
  • 0 Likes

Resolved! 2 Tunnel With 2 IP Public. Secondary one is filtered ?

I have two IPSec tunnels with 2 ISPs:
ISP 1 is Primary
ISP 2 is Secondary
with a Failover scheme.

 

But when I set the metric for ISP 1 to 10 and ISP 2 to 200, it seems that the public IP of the second ISP cannot ping the second tunnel's peer gateway, w

...

ariiero by L1 Bithead
  • 1515 Views
  • 2 replies
  • 0 Likes

Resolved! VM PA Firewall on esxi

Hi Team, 

I am trying to install a vm pa firewall on esxi host. Downloaded the ova of 11.2.0 base image and installed. When I configure management interface it comes up. But none of the data plane interfaces are coming up. Reinstalled once again and

...

Change of models managed by panorama

Cordial greetings

Team

I currently have a PA 220 managed from panorama and we want to upgrade it to a PA440. The idea is to keep the same configurations of the 220 device in the 440. The question is, how should this process of device change be done?

...

aalfaro by L2 Linker
  • 4300 Views
  • 9 replies
  • 0 Likes

Pre-established BGP connection to HA?

All,
I'm looking to set up established BGP connections from the upstream routers (Cisco Nexus) to the HA unit in our A/P setup for faster failover times, and to not make it look weird when trying to determine if adjacencies are up to the primary unit

...

Resolved! DNS sinkhole , some questions

 

I'm a SOC analyst, and we receive firewall logs regarding DNS sinkhole alerts. I'm trying to understand them better.

I have received multiple logs of this type, and I want to make sure I understand them correctly.

In this log, the domain that was q

...

Brand new PA-1040 interface 1 & 2 in red link state problem

Dear All, 

 

              I got a brand new PA-1040, and i have choice standard mode rather than ZTP mode from the beginning and i found that interface 1 & 2 are in red link state, even i connect a network cable into these port and i still see there

...

piaakit by L1 Bithead
  • 982 Views
  • 1 replies
  • 0 Likes

Resolved! pa-450 software no update information available

Hi,

I installed new pa-450 on 10.1.3 from config exported from pa-820 on sw version 9.

Device is registered properly. Dynamic updates work without any problems. All licenses are resolved properly from license server and applied properly.

During softw

...

bkrajnik by L1 Bithead
  • 5749 Views
  • 2 replies
  • 0 Likes

Firewall in Not Ready state after Factory Reset

Howdy! I recently inherited a PA-5050 from work for my homelab, and I go to try and configure it, but I notice that the firewall states that it isn't ready, and whenever I try committing a change, it says All daemons are not available. It was in a wo

...

physicsprop_0-1689401846537.png
physicsprop_1-1689401871580.png
physicsprop_2-1689401888474.png
  • 24258 Posts
  • 117 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks