This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4135 Views
  • 0 replies
  • 0 Likes

Resolved! Issues installing Minemeld

Team, I have run into an issue installing Minemeld following the documented process for install on Ubuntu Server 14.04 LTS. Below is the output from apt update. Seems that there is a GPG key issue and I have made sure that the fingerprint characters match. Any guidance that can be provided would be greatly appreciated! Thanks! -JN ...

jnewsome by L2 Linker
  • 4886 Views
  • 2 replies
  • 0 Likes

Upgrade PAN-OS 7.0.9 to 7.1.6

Hi, We are planning to upgrade the PAN-OS software from 7.0.9 to 7.1.6. I read on some articles that the base image does not need to be installed. I have two options as follows: Option 1: 7.1.0 (Download, NO install).7.1.6 (Download and install).Option 2: 7.1.0 (Download and install).7.1.6 (Download and install). Which one is correct?

qafcopa by L1 Bithead
  • 3243 Views
  • 4 replies
  • 0 Likes

Aggregated port over Vsys (AE1 over...)

Hi, I'm thinking about put som vlans inside and Aggregate, and distribitute over various Vsys, as far I know, reading here in the community, it's possible use subAEinterfaces on different VSYS. Then, the question is, on wich VSYS must be the physical interface AE1? AE1.1, AE2.3 will be distributed over Vsys, and no need to put IP on AE1. Regards!

nanukanu by L2 Linker
  • 2827 Views
  • 4 replies
  • 0 Likes

Flood protection

What is the best way to set up flood protection, separate profile one for ICMP, one for SYN cookies etc or put it all in one policie? What is the best way to determine what set your alarm rates, block rate etc? How successful is it, does good traffice get blocked very much

jdprovine by L4 Transporter
  • 7208 Views
  • 15 replies
  • 0 Likes

Ip missing in output

Hi, I have default profile. I added a node "RW_IPBL NODE" that has 11464 ips But after processing I only see 900. Generated I think by other nodes.What can be wrong? Thank you

Screenshot_5.png
Screenshot_6.png
Screenshot_7.png
Screenshot_8.png

MineMeld and dinamic list in Pa500

Hi, We have a Pa500. It read that only permit 10 list with a max 5000 ip's.it is right? I have deployed a MineMeld with default configuration. I have a list configured in Pa-500 https://ip-minemeld/feeds/inboundfeedhc. What does the pa-500 to be the largest list of 5000 ip? Do you only load the first 5000 ip's or do not load this list?Som...

Screenshot_2.png

License for SSL VPN (GP Client)

Hey guys, We have a PA 200 as lab firewall and I want to setup SSL vpn. Can you tell me which licenses I need for it? The GP window (Device -> GP Client) is completely empty. When I check for new versions, it says "The device does not have support". The same if I want to check for new PAN OS Software. I thougt it would be sufficient with the ...

LIC.PNG
MPI-AE by L4 Transporter
  • 3867 Views
  • 3 replies
  • 0 Likes

group mapping lost suddenly

Seems like a bug any one faced in 7.0.9. We have several firewall and 2 time it happened group mapping lost suddenly and we have manaually refresh to get it it back.

Resolved! Processor Descriptions

I know I've seen an article/documentation on this somewhere, but I am struggling to find it. When running a show system environmentals, and more specifically the "Thermal" area for the processors, does anyone know what functions are being handled by which processor? We are running PA-5060 devices in our network. This would be helpful in our tra...

change webcertificate

Hi, Testing with Rome release I notice we need to have trusted CA on the Minemeld webserver. You can't use the Minemeld default certificate to import on the PA firewall. So I had to manually change certificate in the NGINX. Maybe this could be included in the webinterface of Minemeld that you can upload and change the certificate?

Policy Rules order

Hi there, if we are going to the tab "Policy" we will see 7 different sub tabs. The tabs are: SecurityNATQoSPBFApp OverrideCaptive PortalDoS Protection So I know for example that Security rules are always checked before NAT rules but whats about the rest? I spent planty of time google for this information but without success.

Rboehme by L2 Linker
  • 3468 Views
  • 3 replies
  • 0 Likes

Resolved! SMTP Inbound Decryption

We have decyption turned on for inbound smtp trafffic. It is only decrpyting a portion of the encypted traffic. I have an open ticket with support but still working through it but I wanted to check to see if anyone else is experiencing issues. I do not believe it is something misconfigured on the firewall as it decrpyts as expected sometimes. T...

Capture_decrypt.PNG
clewis1 by L3 Networker
  • 3908 Views
  • 2 replies
  • 0 Likes

Palo alto networks Problem Session out

Hello , I have a problem with my firewall PA-200. When I try to open the GUI , I found an error message with a session out . You can find in the attachement this error message . I read that may be this problem can be related to the disk space. I do a show disk-space command and i found the the result in the attachement . Any one can help me to ...

Session Out.JPG
disk-space.JPG
Mariaa by L1 Bithead
  • 2806 Views
  • 4 replies
  • 0 Likes

Resolved! ARP table cache "incomplete"

Hello All, Need some clarification on ARP table. For some reason, once we swapped the devices from 2020>3020 our ARP table is seen as incomplete but services are working fine withing on that particular external subnet (before they did but we use gratuitous arp) . Also the time out of the "incomplete" entries pretty much a second ( ttl =1): ...

ARP entries_hidden.PNG
  • 24340 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks