This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! Failed to insert certificate into configuration

Hi, When I try to generate self-signed certificate Device -> Certificate management -> Certificate -> Gererate. I got error "Failed to insert certificate into configuration. Only self signed CA certificates can have identical subject and issuer fields." I have not had any problem with this on version 6 of PANos, but on current version...

nabokih by L1 Bithead
  • 16952 Views
  • 1 replies
  • 1 Likes

Cutwail/PushDo SMTP Attack Vulnerability Detection

I've recently set up a new PA-100-VM and been closely analysing it along with all of the traffic that goes through it. It is running 7.0.3 along with the latest updates to all definition files (updated nightly). In the process of doing this I've determined that the PA is not picking up on a fairly common SMTP attack - that being the Cutwail S...

Resolved! Global protect with DHCP client on WAN interface

I have a PA-200 which is configured with DHCP-client on the WAN interface.When configuring Global Protect, I'm not able to configure the gateway address. When I choose the WAN interface as the gateway address interface, I'm not able to choose the IP-address currently on that interface(because of the DHCP Client setting I guess). The same apply t...

torm by L4 Transporter
  • 11258 Views
  • 10 replies
  • 0 Likes

Multi-VSYS, Shared Gateway, IPSec and GlobalProtect, GP return traffic blackholed.

I'm troubleshooting a configuration that consists of a Palo Alto 3020 with multiple virtual systems enabled. Currently configured are: shared gateway vsys one main vsys IPSec site-to-site tunnels terminating on SG interface/zone/vsys GlobalProtect gateway Internet traffic to the main vsys works, as does regular site-to-site IPSec traffic, wh...

high dataplane cpu utilization

Hi, I have PA-2020 which has high dataplane cpu utilization. It is stuck at 100% during business hours. It drops to 25% after work. I suspect too much traffic but is there an easy way to check what sessions/applications are the most cpu intensive? Maybe from CLI? Radoslaw

UMWL by L0 Member
  • 3980 Views
  • 2 replies
  • 1 Likes

Resolved! WildFire Config

I have a question re Wildfire config. When the setting is set to 'forward' it gets sent PA cloud for analysis, provided it finds something bad , I assume it is put into the WF signature and next time the file is seen it gets blocked ? What does the block setting do? Does block any file that is suspects to be questionable?

RC-BHF by L2 Linker
  • 2239 Views
  • 1 replies
  • 0 Likes

Tracking down source of ike-nego-p1-fail-common log entry

We have connected several branch offices using PA200 and PA500 with ipsec tunnels to a PA3020 at our corporate office. The corporate server is registering similare errors twice every 3 seconds. The error: IKE phase-1 negotiation is failed. Couldn't find configuration for IKE phase-1 request for peer IP xxx.xxx.xxx.xxx[52402], ID ipaddr:yyy.yyy...

Resolved! PA 200

What's the best decription for a Palo Alto 200 device? Firewall or Network Security device?

tsadlier by L0 Member
  • 3768 Views
  • 4 replies
  • 0 Likes

Outlook 2010 Clip Art Thumbnails not Displaying

We just switched to PAN DB and are using the PAN to do SSL decryption. The policy i am using also does not have safe search enforcement enabled. What i have tried is, do a packet capture and found the exact uri, exempted that uri from decryption and allowed it on the policy. Added addition domains and urls found on google searches to the sam...

Resolved! Active/Active HA in vwire mode - Link Monitor

When configuring an active/active pair of 5060s in vwire mode, is there a need to configure link monitoring? the 5060s are setting behind an HA pair of Cisco 5585s and want to ensure the Palos failing over will not affect the traffic from the ASAs. I have an HA 3 interface conifgured but since both firewalls will process traffic, is there a ne...

Using Global Protect Internally - Several Questions

I am fairly new to the world of Palo Alto, so I apologize if this is answered elsewhere. My team is looking at an implementation scenario, and I have several questions as a result. I figured this community would be the best place to start. We are currently looking to implement Global Protect internally, as a possible replacement for Cisco NAC ...

Resolved! Acknowledge Traffic Log Threshold Alarms

We recently reached the point where our traffic logs are reaching 90% of quota and alarms are being generated. I understand that this behavior is normal and I do have the option of turning alarms off if I wish. I don't want to turn them off but I see the option to acknowledge them. What I'm wondering is do these acknowledgements ever get purg...

SystemAlarms.jpg
herrmoss by L2 Linker
  • 6343 Views
  • 5 replies
  • 0 Likes

Using wildcard pattern/ regex in URL filter

Hello, I like to exclude subdomains from decryption. Therefore I've created a URL category. But I don't like to exlude all subdomains only specific subdomains. For example: I like to exlude domains starting with "whatsapp" and ending with "facebook.com". So the URL whatsapp-p3-bgp-01-iad3.facebook.com should be exluded from decrypten. But w...

IP confilicting error

Hi We have configured HA pair on our two PA-VM200 Palo alto firewall. Now IP address of my interfaces eth1/1 (inside 10.1.1.1) and eth1/2 ( out side 10.1.1.2) are showing same as primary 10.1.1.1 on both firewalls and I am getting IP confilicting error. Any idea ? Regards,

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks