General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2894 Views
  • 2 replies
  • 14 Likes

Palo Alto BotNet Reports

Hi!

I've got a question about BotNet reports available on Palo Alto firewalls. Maybe someone has an experience on how accurate they are, what logic they are using and how to better tune them to display more precise information?

At this point I have all

...

IPSEC Phase-1 fails as initiator but not as responder

Hello support community,
I'm using a PAN 3020 A/P cluster on the perimeter running 6.0.9.  At all of my remote sites I have a cisco ASA that uses IPSEC tunnels to connect back to the main network.  The IPSEC tunnel configuration (IKE phase 1, IKE phas

...

dan731028 by L3 Networker
  • 4238 Views
  • 2 replies
  • 0 Likes

Config Backups Explained

Is a KB article out there that explains what each type of config export is and what is included? Looking through our Palo Altos I can see these 6 different config exports...

Named Configuration Snapshot

Candidate Configuration

Configuration Version

Devic

...

jambulo by L4 Transporter
  • 6766 Views
  • 7 replies
  • 0 Likes

User agent recommended placement

What is the recommended Windows machine to run the user agent for version 6.

Our AD servers are at an offsite data center (5 miles away) and we have limited physical access to systems installed at datacenter.  If agents are installed at data center th

...

merrydc by L1 Bithead
  • 1396 Views
  • 0 replies
  • 0 Likes

Antivirus Decoder Action

I feel silly asking this - wouldn't you want a deny on any decoder where a virus is detected rather than allowing the traffic and just throwing an alert?

Error in XML API Usage Guide (Section 2.2.4 Edit)

The example given by the XMP API Usage Guide for the Edit command which replaces group membership of a static group is incorrect.

The guide shows the syntax for providing the value for the element parameter: <static><entry name='test'><member>abc</me

...

Alextc by Not applicable
  • 2395 Views
  • 0 replies
  • 2 Likes

GlobalProtect with "Vodafone Mobile Connect"

Hey there,

my colleagues are not able to connect via the HSPA USB Stick "Vodafone Mobile Connect" with our GlobalProtect gateways.

I do not see any error-message on the Firewall, only a successful log in but the client disconnect after ~1 second. Also

...

Debugging OCSP query errors

Our GlobalProtect setup does OCSP checking of client certificates, to an internal OCSP-server.  Every once in a while, the lookup fails (as in no response from server, connection denied, or whatever), and the client is denied access (Gateway gpgw.dom

...

hklygre by L1 Bithead
  • 2375 Views
  • 0 replies
  • 0 Likes

Error synchronizing config because of Certificate

Hi,

We have a cluster active/Pasive. We have created a certificate signed by external authority with this config:

After creating the certificate we have done a commit and the config failed synchronizing to the passive firewall.

¿The certificates pass th

...

SOC_CSG by L4 Transporter
  • 1901 Views
  • 2 replies
  • 0 Likes

Shared Gateway with multiple virtual routers

Hello,

I currently have my palo alto setup to use two VSYS ( VSYS1 AND VSYS2) each with its own virtual router.

I would like them to use the same interface for outgoing internet traffic which I though I could accomplish with "shared gateways"

My problem

...

riverj30 by L0 Member
  • 2965 Views
  • 3 replies
  • 0 Likes

Resolved! How to Clear Disk Space/reduce disk usage

Hi Friends,panos hshah hsharma HULK Steven Puluka panagent

Please suggest for the same.

i am already check below document and i think, i dont have permission to root access for PAN.

https://live.paloaltonetworks.com/docs/DOC-3772

https://live.paloalton

...

Satish by L4 Transporter
  • 10378 Views
  • 5 replies
  • 0 Likes

TCP Windows scale option

Hi, could someone explain if PanOS is able to consider  the filed "TCP Window Scale Option (WSopt)" ( http://www.ietf.org/rfc/rfc1323.txt?number=1323). when tcp asymmetric-path is disabled (drop)?

I mean that in my experience the firewall drop the pac

...

vzit by L1 Bithead
  • 7916 Views
  • 3 replies
  • 0 Likes
  • 24016 Posts
  • 99 Subscriptions
Top Solution Authors