This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Resolved! Guest Network Setup

Hi - What is the best method to setup a guest L3 network in PanOS?UntrustA = CorporateUntrustB= Guest InternetwDMZ = Wireless DMZ for Guest Internettrust = CorporateRequirements =1. wDMZ needs to get to a few specific IP's on UntrustA.2. wDMZ needs to get to the Internet via UntrustB.Initially I was thinking of a second vRouter? OR is policy bas...

PA-500 and Jumbo Frames

Background: I've been doing some testing with a pair of A/A PA-500's and decided to enable jumbo frames on a file server. I understand that the PA-500 does not support jumbo frames but when I begin a file transfer, it works, running at about 5,017 Kbps. After a little while the frame size reaches 4464-bytes and my speed increases to 392,644 Kbps...

GtY007 by L0 Member
  • 4119 Views
  • 3 replies
  • 0 Likes

Qualys Scan alert on OpenSSH J-Pake

We run Qualys scans on the internal network, and it's picking up that the PA's are running OpenSSH ver 5.2. I receive the following warning:OpenSSH, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol. This allows remote attackers to bypass the need for knowledge of the shared secret, and successfully ...

dru by L0 Member
  • 5372 Views
  • 6 replies
  • 0 Likes

Having to reset the dataplane frequently

Hello,We've been having an issue in our environment where we need to reset the dataplane because randomly packets will traverse our rules and start getting denied. We aren't sure why this is happening or what's causing it. What I'd like to know is if anyone could shed some light on how we can go about troubleshooting.Let me know what info you ma...

grkchr by Not applicable
  • 5819 Views
  • 5 replies
  • 0 Likes

GlobalProtect client doesn't inform the user that the portal/gateway connection is timing out

In my testing of the GlobalProtect client (I'm using the latest stable, 1.2.1), I noticed that if for any reason the connection to the GP portal or gateway times out (e.g. the user's laptop isn't connected to the Internet, doesn't have the correct IP address, doesn't have the cable plugged in, etc etc) the client will never actually inform the u...

SSL based custom application also seen as SSL

Hi,I set up an SSL based custom application for a specific web application in the company.I followed this document : But when I look at the traffic logs, for every connection to this application I have :- 1 log that shows traffic as "ssl" application,- 1 log that shows traffic as my custom application.07/23 18:11:18 traffic start ssl ...

mattieub by L0 Member
  • 2967 Views
  • 2 replies
  • 0 Likes

PA-2050 - what are the aho_sw_fpga_unavailable and dfa_sw_fpga_not_loaded counters all about?

HelloI'm trying to find out what the following two counters are all about and if our rate/count for these counters are anything to worry about regarding Data plane performance issues with our PA2050 Active-Active platform. NameCategorySeverityAspectValueRateaho_sw_fpga_unavailableahowarnpktproc29184581949dfa_sw_fpga_not_loadeddfawarnoffload1808...

Smi12 by L2 Linker
  • 4106 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect and HIPS

We have setup Global protect and are able to connect to our network.Once we add a HIPS profile all the traffic gets denied. The only setting in the HIPS profile is the OS is microsoft.We are currently using Software version 5.0.6 and global protect 1.2.4 and have even tried rolling it back to 1.2.3 and still no luck. Has anyone had a problem lik...

murphyj by L2 Linker
  • 7761 Views
  • 8 replies
  • 0 Likes

Resolved! Palo Alto cant filter users in a group

Hi,I have a PA2050 v(4.0.11) and PAN-Agent for ldap users and groups. I have created a a group in my Active directotory and i configure a policy for this group but i try to check this policy with one user in this group and firewall dont let me passtrough.I cant see that my user belongs to this new group but i can add this group in policies.telin...

Resolved! user-id agent commit issue

Hi team,I have got issue when trying to commit our configuration on User-id agent.User-id agent can not to connect AD without commit.Who have an experience of this, please help.BR

Ulugbekyu by Not applicable
  • 4724 Views
  • 4 replies
  • 0 Likes

Maximum latency between HA peers?

Whats the maximum latency allowed for HA peering links (e.g HA1 control and HA2 keep-alive) between devices setup in active/passive HA pair?i.e based on the latency can determine the approximate distance that HA pairs can be physically separated.. 1Km .. 100Km? etc. whilst connected via dark fibre.

CMG by L2 Linker
  • 5129 Views
  • 1 replies
  • 0 Likes

Site-to-Site vpn and NAT

Hello,I have one vpn configuration question, I hope somebody can help...I am configuring vpn site-to-site in my site PaloAlto, other site is not important in this case.I am making source and destination NAT for the traffic that is used for vpn. The purpose of this NAT is that we have lot of vpn tunnels and we have similar IP networks on local an...

aaputis by L0 Member
  • 4518 Views
  • 3 replies
  • 0 Likes

Resolved! Policy with "Log at Session Start" option - how to find it?

HelloI have about 100 polices on my device, some of them has "Log at Session Start" option enabled. Is it posisible to find it from the CLI ?I have very little skills in CLI so please give me the whole CLI command.I realised that my weekly reports are unusable because I have only data from last few days. How I can save some space on PA200 to get...

_slv_ by L4 Transporter
  • 10584 Views
  • 7 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks