This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! ECMP link monitor 7.1.4

We had an issue with our secondary ISP last night that ECMP didn't handle passing all traffic to the promary ISP as the interface was still up.Does anyone have a suggestion on how to monitor the ISPs and down the link that is having issues? Current configuration is using 1 vRouter on a PA500.

nwetech by L1 Bithead
  • 3876 Views
  • 3 replies
  • 0 Likes

Panorama ISP redundancy

Hey I have a situation that my main site has 2 ISPs i configured the remote PA to talk with panorama thought the External Interface in order to maintain connectivity even if i have problems with the internal network on the remote site. I would like to have Panorama available from both of the ISPs. i had an idea to configure NAT on my main site f...

minow by L4 Transporter
  • 2236 Views
  • 1 replies
  • 0 Likes

PAN-5060 Fans running at Full Speed

My 5060 fans are running at full speed at all times. I attempted to run the follow command "set system setting fan-mode auto" in Operation and Configure mode and it will not work. Getting the "invalid syntax" error. Any thoughts???

DHCP Relay source Interface

Hi all, We're having some difficulties with DHCP Relay on PA 7.0.5. Our setup looks like this: Client <-> L2 SW <-> PA <-> L3 SW <-> DHCP Server We use a VLAN sub-interface on the PA as the default gateway for that subnet and I configured DHCP Relay for this interface. Now the PA sends the relayed DHCP packets out the sa...

mismatch of static-ip source translation address range between original address and translated addre

getting error mismatch of static-ip source translation address range between original address and translated address Error failed to parse nat policy NAT Policy isSRC Zone : OutsideDST Zone : OutsideOriginal Packet : SRC address - Public IPsOriginal Packet : DST address :- Single public IPTranslated Packet :- Translation Type StaticTranslated ...

Question about application group and custom service group

Hi All, First off I appologize if this question has been answered before.I have a question regarding the use of application groups and custom service groups in the same security policy. Can traffic identified in the application group use a non standard port that is defined in the custom service group? For example, Can traffic identified as kerb...

jmathew by L1 Bithead
  • 2385 Views
  • 2 replies
  • 0 Likes

Warning on commit new config - anyone recognise the cause?

Folks. I made a rule change this morning - first one in a while (fairly static environment of late) - and when committing, got the following warning Error: Invalid id 6 for os WindowsUWP.(Module: useridd) Anyone recognise this/know the cause/know what I need to do to fix it? Cheers

darren_g by L4 Transporter
  • 2168 Views
  • 1 replies
  • 0 Likes

Cannot enter "Maint" at boot via cli

All, somehow I lost connection to my PA-200. Im trying to do a factory reset on it and I am not able to enter 'maint" during boot via console. I am using putty . When I try, it just keeps loading the kernal. is there a way to pause to enter "maint"? It will not go past this either regards Bryan

2016-10-07_14-46-38.jpg
BryanMay by L1 Bithead
  • 3753 Views
  • 2 replies
  • 0 Likes

I'm getting an error when trying to log in maint mode on PA-2050

I have an Evaluation unit that I'm trying to reset to factory defaults via the Maint Partition, but not having any luck.Here is the error message I'm getting after I type in 'maint' at the prompt...Autoboot to default partition in 5 seconds. Enter 'maint' to boot to maint partition.Entry: masize: 12582912, sector_size: 131072Scanning JFFS...

westcon by Not applicable
  • 8872 Views
  • 7 replies
  • 0 Likes

Resolved! PA-7050 LACP causing delay in fail-over times

We have an HA A/P PA-7050 cluster running 7.0.2 with QNPC (40G). The 40G links are bundled in AE1 with LACP enabled. We noticed during testing that LACP causes 8-10 ping loss during a fail-over event. With LACP disabled we have a 1 ping loss during fail-over events.The LACP settings we have are the following: The remote side has been verified t...

lacp.jpg

U-Turn NAT with Port Address Translation in a DMZ

Hi Community, I am configuring my first PA-200 and having a difficult time. I have a /27 external network and have the PA-200 seeing the internet properly. I have internet untrust zone setup as l3 on Int 1.1, and a DMZ setup as l3. The DMZ zone is on eth 1.2 interface and has a few servers plugged into an unmanaged gigabit belkin switch as depic...

DMZ Depiction PA-200.jpg

Resolved! Custom applications and application override

I'm looking to get a better understanding of how custom applications work in relation to application override policies vs security policies. I have created a simple custom application with just a tpc port for an internal application. There appears to be two unrelated routes I can then take with this new application.1. I can add it to the applica...

Priority in PAN-QoS

Hi, When you are configuring QoS, it's possible to define more than one profile, and in this profile put 'til 8 Class defined. When you apply over the egress interface, it's possible to add this Class based over an source Subnet. Here is my question, what "priority use" or what is the behaviour if over the same interface applies in ex: From Su...

nanukanu by L2 Linker
  • 4595 Views
  • 5 replies
  • 0 Likes

Resolved! PAN AD Useragent - Excluding users?

Hi.Is it possible to exclude a specific user from the PAN agent configuration?I know you can filter based on group - unfortunately, the user concerned, which is used for several automated processes, is also a member of AD groups which I can't exclude, so it gets reported every time it runs a background process - which is skewing reporting, as th...

dagibbs by L4 Transporter
  • 20533 Views
  • 29 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks