This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Resolved! Two WAN Ports on one Switch. Split of physical VPN and Internet port.

Hello, I hope theres someone here who´s more capeable than me for my problem 🙂I searched the forum and the documentations for quite a while but i cant figure it out.Current Situation: All incoming traffic gets sourced through port eth1/7 with the zone 'Untrust' and all other IPs ( XXX/29) provided from our ISP are handled via loopbacks also si...

User-ID exclude OU

Can usernames within a specific OU be excluded from user-id mappings? We'd like to avoid mapping user's administrator account names to their workstation IP addresses which happens from time to time due to logging into shares with admin credentials or a similar activity. Is there a way to exclude the OU or usernames from mappings?

Import Panorama Configuration Into Expedition and export Device Specific configuration

Hi Experts, I am quiet new to Expedition, currently i am involved in a mass project where i have to migrate exiting Palo Alto Firewall into new. The existing firewall is managed by panorama which have tons of Network addresses and security policies which also uses shared object and polices from panorama. Now my objective is to import that pa...

Elastic search suddenly down

Hi, I am writing this to ask if anyone has experience with ES suddenly down? After restart only logs become normal. I need idea on what we can check to know the root cause of ES suddenly down.

Diffie-Hellman-Groups: Why no brainpool curves?

While setting up a VPN with a Cisco ASA, I stumbled accross the quite small list of DH Groups implemented in PA firewalls.So I wonder what the rationale was for choosing the implemented groups. As a German engineer working for goverment and other public organizations I'm missing the brainpool curves, which are advised by the BSI. The missing cur...

mringel by L0 Member
  • 3075 Views
  • 1 replies
  • 2 Likes

How do I update OSS apps only?

Hello all, I've found this kb: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltxCAC I'm trying to install the latest apps on the OSS. I've downloaded "all apps" from csp and when I'm trying to install it, I receive the following error: What is the reason for this and how can I fix it?

Chibichen1988_0-1718867559827.png

SFP & SFP+ Transceivers not automatically detected on PAN-OS 11.1.2-h3

Hello everyone! Before we go to the main point let me just give a explanation that happened. So we have a PA-1410 fresh from the box and tried to perform a basic power on test, the device firmware version currently seated on 11.0.3, I tried to check all the transceivers we have bought by using the following command that can be seen in this KB ...

Marlo_Perez_0-1718867310549.png
rtaImage.jpeg
Marlo_Perez_2-1718868105946.png

Resolved! Automatically adding email DL to every CSP case and receive Palo advisory updates

I would like to know on how to add our email distribution list automatically to all our TAC cases subscriber list on CSP.Also, we would like to have customer advisories, content updates, etc; from Palo Alto to be received on the same email. Please let us know how to add this. Note: This is not a single user email account

Resolved! Replace SFP Process

Hi we have a PA-850. Port 5 has a RJ45 SFP adapter, internet connection. We are upgrading our Internet connection (bandwidth increase only, no IP changes) and the new handoff from the ISP is single mode fiber, so I purchased a PAN-SFP-PLUS-LR to support the connection. I plan on simply removing the old SFP adapter and inserting the new one. My q...

MikeGill by L1 Bithead
  • 2995 Views
  • 2 replies
  • 0 Likes

TLS 1.3 has General Protocol Error

Hi all, Fairly new to PAN OS and have just enabled decryption on my 10.2.3-h4 VM-300 firewall. In my decryption logs, all entries for TLS 1.3 are having a 'General Protocol Error'. When running a v11.0.1 firewall (that I had to downgrade due to dataplane freezing issues - another story) I didn't get these errors. Anything I'm doing wrong or am...

Certificate Expiry

Hi All, I am trying to import the Azure SAML certificate to use it in the Identity Provider Certificate as it is expiring this Thursday. But i am getting the attached error. Does it mean do i need to delete the existing one and then import it? I have the Pem format and Base64 format but error is same when i import. Certificate extention is .cer....

Resolved! RTP traffic not matching App-ID Rule

I have a strange issue where I have a configured rule to allow the "rtp" and "rtcp" App-IDs with application-default service from any-to-any. Below that rule I have a generic permit-any rule with application service any. Screenshots below. The behavior I am running into is that positively identified rtp and rtcp sessions are not matching my high...

IanGraham_0-1704745546729.png
IanGraham_3-1704745826139.png
IanGraham_2-1704745786416.png

Global Protect "Single Sign on" with Windows Hello on Windows 10

Hi everyone,I have a situation as described in the title of this post. As you probably know Global Protect installs his own Credential Provider in Windows which has to be chosen by the user. It is also possible to force the Global Protect Credential Provider, but the point is, it has to be used in order to enable single sign on for the user.This...

Remo by L7 Applicator
  • 20296 Views
  • 5 replies
  • 5 Likes

VPN tunnel is getting dropped

we are seeing tunnel drop with below error message.IKE phase-1 SA is deleted SA: 1.1.1.1[500]-2.2.2.2[500] cookie:191098e4ef6db35d:eba9ee89ff200b07

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks