This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Resolved! VM-Series SKU End of Life question

Hi Guys so we have a client with a number of VM-100 FWs on Azure.. we recently migrated them from perpetual licenses over to NGFW Software Credits. so at the moment they are still running as VM-100 but with the flex licenses valid till 2026 now.. according to this the VM-100 series expires end of July 2024 https://www.paloaltonetworks.com/se...

PA_nts by L4 Transporter
  • 4934 Views
  • 2 replies
  • 0 Likes

Source NAT Pool range use case practices

Hi Expert , I would like to consult about how can use Source NAT Pool range with multiple clients to source NAT pool can use DIPP ( Dynamic IP and ports) or Dynamic source nat actually I hesitate to use DIPP because I think suitable than dynamic source nat but I'm not sure correctly or not ? please suggest me Thank you

Download Failed

Model PA-440V 11.1.2-h3 We have GP agent 6.2.3 downloaded to our PA-440, but I have not had my Apple Mac updated to that version for several months. I can still connect to my office via GP VPN but my computer client is GP App version 6.1.3-703. When connected, GP tries download the latest version at startup and every 15-20 minutes thereafter. Th...

JCapron by L1 Bithead
  • 2981 Views
  • 1 replies
  • 1 Likes

Various Commands on CLI returning Unknown

Anyone know why various commands such as "debug" would return "Unknown Command" on the CLI? Is this possibly due to my permissions on Panorama? These commands are relatively common and are even referenced in palo KB articles but they don't seem to work for me 😕

Restore Panorama from backup

We have issues logging back to panorama and error message is authentication profile missing. I have opened a case but to me it looks most likely we have to rebuild or factory reset it. We do have the daily configuration backup .tgz file which contains xml files. What is the procedure to restore it.

raji_toor by L4 Transporter
  • 6971 Views
  • 2 replies
  • 0 Likes

Troubleshooting Panorama Push - line:51: syntax error [}]

When trying to commit to a ngfw from panorama I am getting this error. I have turned on debug for configd to try and find what specific setting has a problem. No luck getting more information. I have double checked every setting and variable for something not entered correctly with no luck. Is there a way to access that file and look at line 5...

I.Miller by L0 Member
  • 2118 Views
  • 2 replies
  • 0 Likes

Errors in S2S VPN configuration.

Hello, I am configuring a site to site VPN between a Palo Alto Firewall and un Firewall Fortinet, but despite several attempts we are not able to get it to go up either in phase 1 or in phase two in the logs of Palo Alto you can see: 2024-05-16 23:47:12.205 +0000 [INFO]: { 3: }: received IKE request x.x.x.x[500] to x.x.x.x[500], found IKE gate...

M.Ochoa by L0 Member
  • 2199 Views
  • 1 replies
  • 0 Likes

UnAuthorized Access -- CSP

Hello, I am not able to access the Customer Support Portal getting below error: UnAuthorized Access Your membership has expired or has not been approved, please contact Palo Alto Networks Support. I have contacted the NextWave <nextwave@paloaltonetworks.com> and they mentioned as below: I'm sorry but we are unable to assist with the ...

Resolved! Block Connections from Different Region

Hi All, We have a requirement to setup a Block rule for the users connecting to GlobalProtect from different countries. We need to allow users only from one particular region to connect to GlobalProtect. In Prisma we can use the Specific Tag and Specific Name on the rule to achieve this. But I don’t find any related document that suggests this...

Slow speed with GlobalProtect

Hi to all,We are trying to understand why the download speed is really slow vía GP.We stablish a VPN GP with IPsec without Split Tunneling. We acces to some public web to download a test file. Im downloading a 1G file.If we download without GP but through the Palo Alto we achieve 60MB/s, but vía GP we achieve maybe 6 or 10MB/s.Any idea about tha...

nanukanu by L2 Linker
  • 55672 Views
  • 16 replies
  • 0 Likes

Can you have an interface with an SFP in receive only mode?

I have a scenario where we have a data diode transmitting over fiber to an interface on our PA220R (sfp 100fx). The difficulty is that the PA considers the interface as 'down' because of the nature of the data diode, the diode only sends to the PA over this fiber but will not receive any data from the PA by design. Does anyone know a way to hard...

Extending VLAN through IPSEC + GRE

I am trying to extend the VLAN from main site to branch site using a combination of GRE and IPSEC. Below is a quick representation of the architecture, the objective is to enable remote communications between the main and the branch sites for all devices within VLAN-1. I am aware that PA does not natively provide L2 tunnels, and VXLAN ...

OELHANCHI_0-1714232289883.png
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks