This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

PA 5050 to N5K 10G Conn

Hi Guys, I am facing an issue, links are not coming up b/w the PA and the N5K and both are 10G Ports. In PA, we should keep the link speed as auto and in N5K, there is no option to set the 10G port link status to Auto, Have anybody faced this issue? Logs: PA: Name: ethernet1/22, ID: 37Link status: Runtime link speed/duplex/state: unknow...

jithuraj by L1 Bithead
  • 2448 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect on DHCP Interface

Hi, I have configured GlobalProtect on DHCP interface, but for some reason I can't make it work. I don't see GP web page and I cannot connect to it using GP client.I tried same config, but with static address and it works perfectly. Can somebody help me to troubleshoot this? Thank you.

nabokih by L1 Bithead
  • 7401 Views
  • 4 replies
  • 0 Likes

LLDP not showing neighbors

We have LLDP enabled on AE1 (x2 40G) which is on a QNPC on a HA A/P 7050 cluster running 7.0.2The N7K is seeing the LLDP information and traffic, however the 7050's are not. Trying to see if anyone else has had success with LLDP on this? Interface Total-Tx Dropped Total-Rx Dropped-TLV Errors Unrecognized Aged-Out--...

How Can I confirm SSD Primary Drive(PA-5000 Series)

Hello~ I am curious about Primary Drive that there is setting drive in Maintenance Mode I set primary as id 2and rebooting I tried to figure where primary drive out at booting console log and monitoring.I couldn't find about that Could you guys let me know how can I find that information :0 Thank you

John_Lee by L2 Linker
  • 2451 Views
  • 2 replies
  • 0 Likes

FIPS

show fips-mode does not work on PA-500, V6.1. I get "Invalid syntax" error message. Any advice/insight is greatly appreciated.

Resolved! Failed to insert certificate into configuration

Hi, When I try to generate self-signed certificate Device -> Certificate management -> Certificate -> Gererate. I got error "Failed to insert certificate into configuration. Only self signed CA certificates can have identical subject and issuer fields." I have not had any problem with this on version 6 of PANos, but on current version...

nabokih by L1 Bithead
  • 17064 Views
  • 1 replies
  • 1 Likes

Cutwail/PushDo SMTP Attack Vulnerability Detection

I've recently set up a new PA-100-VM and been closely analysing it along with all of the traffic that goes through it. It is running 7.0.3 along with the latest updates to all definition files (updated nightly). In the process of doing this I've determined that the PA is not picking up on a fairly common SMTP attack - that being the Cutwail S...

Resolved! Global protect with DHCP client on WAN interface

I have a PA-200 which is configured with DHCP-client on the WAN interface.When configuring Global Protect, I'm not able to configure the gateway address. When I choose the WAN interface as the gateway address interface, I'm not able to choose the IP-address currently on that interface(because of the DHCP Client setting I guess). The same apply t...

torm by L4 Transporter
  • 11422 Views
  • 10 replies
  • 0 Likes

Multi-VSYS, Shared Gateway, IPSec and GlobalProtect, GP return traffic blackholed.

I'm troubleshooting a configuration that consists of a Palo Alto 3020 with multiple virtual systems enabled. Currently configured are: shared gateway vsys one main vsys IPSec site-to-site tunnels terminating on SG interface/zone/vsys GlobalProtect gateway Internet traffic to the main vsys works, as does regular site-to-site IPSec traffic, wh...

high dataplane cpu utilization

Hi, I have PA-2020 which has high dataplane cpu utilization. It is stuck at 100% during business hours. It drops to 25% after work. I suspect too much traffic but is there an easy way to check what sessions/applications are the most cpu intensive? Maybe from CLI? Radoslaw

UMWL by L0 Member
  • 4012 Views
  • 2 replies
  • 1 Likes

Resolved! WildFire Config

I have a question re Wildfire config. When the setting is set to 'forward' it gets sent PA cloud for analysis, provided it finds something bad , I assume it is put into the WF signature and next time the file is seen it gets blocked ? What does the block setting do? Does block any file that is suspects to be questionable?

RC-BHF by L2 Linker
  • 2259 Views
  • 1 replies
  • 0 Likes

Tracking down source of ike-nego-p1-fail-common log entry

We have connected several branch offices using PA200 and PA500 with ipsec tunnels to a PA3020 at our corporate office. The corporate server is registering similare errors twice every 3 seconds. The error: IKE phase-1 negotiation is failed. Couldn't find configuration for IKE phase-1 request for peer IP xxx.xxx.xxx.xxx[52402], ID ipaddr:yyy.yyy...

Resolved! PA 200

What's the best decription for a Palo Alto 200 device? Firewall or Network Security device?

tsadlier by L0 Member
  • 3826 Views
  • 4 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks