This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

best path to migrate from 2050 5.0.8 to 3050 6.x

We just bought a pair of 3050's to replace our 2050's. The old 2050's are running 5.0.8. (I know that's old, but it was stable and we just left it alone) I'm looking for advice on the best path to upgrade to the new 3050's. I've looked at the migration tool, and it looks promising but I'm not familiar with it yet. I've also considered downgradin...

Sinkhole explosion

Since midday yesterday (Monday Jan 26th) we've seen an explosion in sinkhole detections.Previous moths sees one ot two a day in average, latest 24 hrs we've had more than 16.000 detections. This started after the antivirusupdate on Monday.When checking a few of the domains via on-line URL-checking tools, no suspicious content is detected.Latest ...

pivvre by L2 Linker
  • 10210 Views
  • 12 replies
  • 1 Likes

Global Protect with self-signed certificate

Hi, We have configured GlobalProtect with a self-sign certificate working properly, but when we try to connect through global protect we always receive this advise about "this certificate is not valid...." and we have to accept it to continue. This message is quite annoying. Is there any way to use a self-signed certificate without seeing thi...

Resolved! Firewalls accessing Panorama: best practice

Hi, I'm looking for a best practice when deploying Panorama accross multiple sites that do not really have any interconnections (and have quite a few overlapping subnets). From what I understand, the firewalls themselves initiate the connection towards the Panorama instance (VM appliance in this case). The VM instance has one ethernet link. ...

Arne-VDH by L3 Networker
  • 5216 Views
  • 2 replies
  • 0 Likes

Blocking Internet Access based on User-Agent

I am currently researching a way to be able to intercept traffic from an unsupported IE browser and then be able to feed that information about the host, mainly FQDN hostname or IP address of the host into the PAN dynamically based on the user-agent: IE8 - Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0) IE9 - Mozilla/5.0 (compa...

Resolved! PA200 disaster recovery option...?

Hi all -- I curently have one PA200 with all four eth ports taken (internal/trust network, internet/untrust, dmz, voip vlan), as well as the mgmt port connected to the internal network. I'm looking to get a disaster recovery plan in place, but, as far as I understand (from about here to here |--| ), I would need one of the eth interfaces to c...

thatguy by L2 Linker
  • 5523 Views
  • 7 replies
  • 0 Likes

Resolved! Higher Management CPU post upgrade to 7.0.4

I've got a 5060 A/P pair that was running 6.1.4. We are/were doing : SSL forward Intercept SSL Mirror 7 AD Group Mappings Transparent Captive Portal 4 UIA Pre-upgrade our MGMT CPU was around 20%. Post upgrade to 7.0.4 we're 70%. There have been no reports of issues by users and I haven't noticed any impacts from response in the UI. My ...

Failed to find PANPG virtual adapter interface

Hi all, I am experiencing this issue with Global Protect : "Failed to find PANPG virtual adapter interface". The version of GP is the latest released 2.3.3. Version of client is Windows 8.1. I have already tried: - Uninstalled Anti-Virus - Disabled Windows Firewall - There no other VPN Remote Access client on PC - Installed and executed the ...

Failed to find pan PG.JPG

Panorama commit to PA4060 hangs at "commit" process 99%

I support 10+ 4060's (Ver 5.0.15) and for several years had to deal with Panorama commits pushes to boxes increasingly taking longer and longer to complete (like 1-2 hrs). Workaround had been to script a daily login and running of the "debug software restart management-server" command on each FW. This seemed to basically work.I've noticed though...

Configure Backup ISP

Not sure this is the right venue or forum to post this, but I’m looking to set up an automated failover to a backup ISP line per the attached network diagram of my environment. I’m new to PAN and the PAN way of doing things so thought I’d reach out for some advice before making changes. It’s quite hard, compared to Cisco, for example, to find ...

PANBackupISP.png

PAN HA P/A with GLBP on core

Hi Everyone, Is it possible to setup a passive/active HA setup when the core switch pair are using GLBP to load balance end-user traffic ? Essentially, I will have two cores in A/A and the PANs in P/A. I am using PA-500s.

Panorama connectivity issue

Hi everybody, When I configured my new firewalls to register with my panorama, they didn't appear.I checked the following points:- Connectivity between my firewalls and my Panorama : OK => I do some packet captures on both side- TCP bidirectional traffic on port 3978 : OK => I do some packet captures on both side- Re-generate SSL certifi...

MT 3.1 and CheckPoint VSX

We're running a really old version of CP 71.40 running VSX with multiple virtual firewalls. This document describes where to get a config file from, but this does't account for a virtualized enviornment and the file nor directory exists for these virtual CheckPoint Firewall. https://live.paloaltonetworks.com/t5/Migration-Tool-Articles/Chec...

Resource-unavailable for http traffics

Hi All, Some of the sessions are ended with Resource-unavailable reasons. Almost all traffics in these sessions are web-browsing and some updates traffics on port-80. All https-443 are working fine. this issue happened for 4 hours on last week. checked here for describtion: https://www.paloaltonetworks.com/documentation/61/pan-os/newfeature...

Javith by L3 Networker
  • 11283 Views
  • 6 replies
  • 1 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks