This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4225 Views
  • 0 replies
  • 0 Likes

PA-2050 - what are the aho_sw_fpga_unavailable and dfa_sw_fpga_not_loaded counters all about?

HelloI'm trying to find out what the following two counters are all about and if our rate/count for these counters are anything to worry about regarding Data plane performance issues with our PA2050 Active-Active platform. NameCategorySeverityAspectValueRateaho_sw_fpga_unavailableahowarnpktproc29184581949dfa_sw_fpga_not_loadeddfawarnoffload1808...

Smi12 by L2 Linker
  • 4135 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect and HIPS

We have setup Global protect and are able to connect to our network.Once we add a HIPS profile all the traffic gets denied. The only setting in the HIPS profile is the OS is microsoft.We are currently using Software version 5.0.6 and global protect 1.2.4 and have even tried rolling it back to 1.2.3 and still no luck. Has anyone had a problem lik...

murphyj by L2 Linker
  • 7846 Views
  • 8 replies
  • 0 Likes

Resolved! Palo Alto cant filter users in a group

Hi,I have a PA2050 v(4.0.11) and PAN-Agent for ldap users and groups. I have created a a group in my Active directotory and i configure a policy for this group but i try to check this policy with one user in this group and firewall dont let me passtrough.I cant see that my user belongs to this new group but i can add this group in policies.telin...

Resolved! user-id agent commit issue

Hi team,I have got issue when trying to commit our configuration on User-id agent.User-id agent can not to connect AD without commit.Who have an experience of this, please help.BR

Ulugbekyu by Not applicable
  • 4809 Views
  • 4 replies
  • 0 Likes

Maximum latency between HA peers?

Whats the maximum latency allowed for HA peering links (e.g HA1 control and HA2 keep-alive) between devices setup in active/passive HA pair?i.e based on the latency can determine the approximate distance that HA pairs can be physically separated.. 1Km .. 100Km? etc. whilst connected via dark fibre.

CMG by L2 Linker
  • 5163 Views
  • 1 replies
  • 0 Likes

Site-to-Site vpn and NAT

Hello,I have one vpn configuration question, I hope somebody can help...I am configuring vpn site-to-site in my site PaloAlto, other site is not important in this case.I am making source and destination NAT for the traffic that is used for vpn. The purpose of this NAT is that we have lot of vpn tunnels and we have similar IP networks on local an...

aaputis by L0 Member
  • 4589 Views
  • 3 replies
  • 0 Likes

Resolved! Policy with "Log at Session Start" option - how to find it?

HelloI have about 100 polices on my device, some of them has "Log at Session Start" option enabled. Is it posisible to find it from the CLI ?I have very little skills in CLI so please give me the whole CLI command.I realised that my weekly reports are unusable because I have only data from last few days. How I can save some space on PA200 to get...

_slv_ by L4 Transporter
  • 10732 Views
  • 7 replies
  • 0 Likes

Panorama: migrating between a failed and replacement device

Hi all,I am running Panorama with two PA-5020s which belong to one device group. The policy for this group applies to both or either firewalls, depending on zones (basically, this is a non-HA pair on two Internet links). One of the 5020s has gone into castors-up mode and is being RMA'd; a replacement is due tomorrow.As Panorama seems to refer to...

notes01 by L2 Linker
  • 4172 Views
  • 3 replies
  • 0 Likes

How Long to Update Firewall from Panorama

I changed a zone in a policy from Panorama but the change doesn't show when in the context for the particular device. Did I miss something? How long for that change to show up?

Weese by Not applicable
  • 4508 Views
  • 4 replies
  • 0 Likes

partial commits causing allowed RTP flows to change to discarding?

We are seeing a strange issue with our 4020s (running 4.1.8h2 right now) where, as far as we can tell, partial commits are at times causing some kind of HA event that, at times, causes some already-established RTP streams that are allowed by the policy to change from allowed to a discarding state. This causes our Polycom videoconference systems ...

How to skip CaptivePortal for one device?

HelloAs you can see on this forum I have some configurations problems with CP.In the zone where I have CP enabled I have Minolta BizHub c220 device (with static IP 192.168.3.251). This device has scan to email features. After I enabled CP for this zone of course noone email go to user.I checked almost every thread on this forum, but I didn't get...

_slv_ by L4 Transporter
  • 4884 Views
  • 6 replies
  • 0 Likes

Resolved! Captive Portal

has anyone got configuration for captive portal on and incoming untrusted public ip nat to private internal address.i need to authenticate incoming connections before they reach the internal server address.under captive portal I have the source as the public nat address and the destination as the internal server address and it does seem to work...

djrodb by L3 Networker
  • 14284 Views
  • 10 replies
  • 0 Likes

Resolved! problem with groups in user-id mapping

hi,i have a problem with using groups (from windows active directory) in security rules.on our windows active directory i have created a new group fw_finance. we use the PAN user-id agent to get the mapping from ip to user. i mapped this group on our PA-500 (user identification - group mapping settings). than i created a new security rule, that ...

assona by L0 Member
  • 12167 Views
  • 6 replies
  • 1 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks