This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4156 Views
  • 0 replies
  • 0 Likes

Replace a panorama managed device with a new device (different model)

Hi All,We need to replace old PA2020 (PAN-OS 5.0.10) that is managed via Panorama (PAN-OS 6.0) with new PA3020.Referring to Panorama adminstrator guide 6.0, "How do I replace Panorama or a managed device in the event of a hadrware failure/RMA?"Questions:1) Can device state export from a PA2020 be import into PA3020 (new device)2) Should we use P...

cohesion by L0 Member
  • 6216 Views
  • 4 replies
  • 1 Likes

Havex Malware

Hi all,Do you have any information about PAN detection capability for the Havex malware family: http://www.f-secure.com/weblog/archives/00002718.htmlThreat vault seems to produce no hits at the moment. Tuomo

Tuomo by L1 Bithead
  • 16280 Views
  • 26 replies
  • 1 Likes

Resolved! LAGG Interface Documentation

Hello,Is there any documentation about how to configure a LAGG interface in PAN-OS 6.0?I’ve read through the administrators guide, and did a search on the PA documentation web site, and I couldn’t find anything.Thank you,-- Rick

Resolved! Transitioning from Trial URL Filtering to Paid

I am currently using a trial of the URL filtering license and have made the purchase for the full license. Does anyone happen to know if it's a seamless transition from the expired trial to the full license with out any interruption? To initially enable the service I had to reboot my firewalls one at a time, It doesn't make sense that I'd have...

cmateam by L3 Networker
  • 8166 Views
  • 9 replies
  • 0 Likes

Split tunneling on iOS

Playing around with IPSec VPN on a PA-500 for my mobile users. On iOS, it's working fine with the built in IPSec VPN client, but split tunneling is not supported. I'm wondering if this feature is available if I use the GP client app instead of the built in client. Since it require a licence, I can't test it.

PatrickD by L1 Bithead
  • 7765 Views
  • 5 replies
  • 0 Likes

Commit fail error "Duplicate user name"

Hi. all..I Have a question about User-id.I am configured LDAP setting about PA-2050.(OS Version 4.1.9)Sometimes I saw the messages about commit fail error when I set up a user-id through security policy.The error message is "duplicate user name".I guess the problem is occurred when user's laptop used the wired and wireless connection to AD serv...

insuyoon by Not applicable
  • 4811 Views
  • 5 replies
  • 0 Likes

ipsec vpn issue

I configured ipsec vpn with palo alto to checkpoint.pinging isp:local/external ip(182.x.x.x) to peer ip(102.x.x.x) ping successful.pinging local network to peer ip:local pc(10.10.10.x) to peer ip(102.x.x.x) ping unsuccessful..tracert confirm drops on internet..ike not established(verified by show vpn ike-sa gateway)..following vpn troubleshootin...

Javith by L3 Networker
  • 3461 Views
  • 2 replies
  • 0 Likes

Active/active ha config

Hi All,my req:isp 1 4mbps(untrust) ->pa 500a->(trust)cisco switch l3a->isp 2 4mbps(untrust)->pa 500b->(trust)cisco switch l3b-> same web servers but using isp 1 &2 public ip's(redundancy purpose) to do static s-nat for web servers external users should use both isp to reach web servers in active/active ha mode->load...

Javith by L3 Networker
  • 3694 Views
  • 2 replies
  • 1 Likes

New Flash volnureability! (CVE-2014-4671)

HelloAccording to Adobe Security Bulletin its serious volnureability, when we can expects protection on PAN?At the moment on https://threatvault.paloaltonetworks.com/ I can't find CVE-2014-4671RegardsSlawek

_slv_ by L4 Transporter
  • 3098 Views
  • 4 replies
  • 0 Likes

Resolved! job ACT PEND 98% - stuck

HiI have a schedule to download and install antivirus settings, but now I can't commit any changes.show jobs all ->2012/03/24 04:09:36 2614 Antivirus ACT PEND 98%clear job id 2614 ->Server error : Cannot stop job 2614 at this timeHow do I fix this?Thanks

FlexyZ by L3 Networker
  • 8035 Views
  • 4 replies
  • 0 Likes

Requirements to alert an threat

Hello,is there any possibility to get any information about the requirements for detecting an specific threat.e.g. there is Signature ID : 13457 EBURY, what is this signature looking for ?Do I have to decrypt anything on the PA to give a deeper look into the payload. Is it only examing the DNS traffic ?Where could get access to the signature sou...

ralf_hanl by Not applicable
  • 2974 Views
  • 3 replies
  • 0 Likes

PAN GlobalProtect 2.0.3 doesn't work

So, I activated GlobalProtect 2.0.3 yesterday and have found that it fails to connect. The user will click "Connect" and the globe will spin for about 30 seconds then it closes itself and reopen on the taskbar(icon disappears and reappears). I am currently having to go to each client to uninstall 2.0.3 and reinstall 2.0.2. Anyone else noticing t...

jbo by L0 Member
  • 3770 Views
  • 4 replies
  • 0 Likes

HA-HA group mappings not passing to secondary PANOS 6.03

Hello,I have group mappings present on the Primary Firewall, not passing to the secondary Firewall. Specifically for a new gorup created today. I have tried the various debug refresh commands on both boxes to attempt the get the seocndary box to pull the new group, but no joy. Can anyone suggest what the issue here maybe? As far as the secon...

jbabcock by Not applicable
  • 3400 Views
  • 4 replies
  • 0 Likes

web crawling for google only

I know this topic has been discussed before but there is never a clear answer. It seems it is not possible to allow only specific web crawlers such as google. If that's the case, I assume most of you have web-crawling enabled for your site only? Google is still getting blocked from crawling our site. I was hesitant to enable web-crawling but it ...

bino150 by Not applicable
  • 4911 Views
  • 2 replies
  • 0 Likes

vcom-tunnel

Hi! We have a problem on the equipment pa-5020. when we look at the log traffic, the session ends with incomplete response Then I looked in and saw the following wireshark log. SYN - VCOM-tunnel Seq = 0 win = 8192 len = 0 mss = 1460 ws = 256 = 1 sack_perm=1ACK - VCOM-tunnel Seq = 0 ack=1 win=17920 len-0 mss=...

NTCUser by L1 Bithead
  • 7126 Views
  • 7 replies
  • 0 Likes
  • 24338 Posts
  • 124 Subscriptions
Top Liked Posts
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks