This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4471 Views
  • 0 replies
  • 0 Likes

Long commit time with 125 vsys

Hello,Running 5.0 code train, after we created 125 vsys on the PAN 5060 firewall and preloaded our standard panorama shared policies and address objects (3 pre polices, 1 post policy, and about 100 address objects). The firewall commit time is about 220+ seconds for a full or partial commit. I am trying to get PM attention but not getting much...

Cacti 5.0

Has anyone seen any issues with cacti and 5.0? Ours where all logging usage perfectly until the upgrade it which point they stopped. Now we just get SNMP errors as though the devices are down.RegardsDave

DaveM by L1 Bithead
  • 3880 Views
  • 4 replies
  • 0 Likes

paloalto-panorama App-ID missing?

Does anyone else find it strange that there's no 'paloalto-panorama' App-ID? There are paloalto-updates, paloalto-userid-agent and paloalto-wildfire-cloud App-IDs, but not one specifically for Panorama? (ssl on port 3978 essentially)

FQDN not resolved

HiOn a Palo Alto Firewall, we created an address object using FQDN Type.We use this object as a destination address in the security rule « TEST-FQDN-1 »But checking the security policy (show running security-policy) we can see the destination is not resolved (destination 0.0.0.0;)TEST-FQDN-1 { from any; source any; source-r...

Hub by L0 Member
  • 9152 Views
  • 9 replies
  • 0 Likes

Resolved! website slowness with DHCP Cable Modem

I recently installed a PA-200 and many websites are either very slow to load or have to be refreshed multiple times in the browser. Tried multiple browsers so not browser specific. Running a PA-200 with DHCP to Time Warner on the Untrusted interface. PA support had me change the MTU size on the untrusted interface to 1452 and also check "Adju...

danlukas by Not applicable
  • 8908 Views
  • 16 replies
  • 0 Likes

Resolved! Virtual Systems Shared Gateways

Is it possible to have multiple shared gateways when running virtual systems.I'm essentially trying to have 1 physical interface, shared among virtual systems, with an IKE gateway configured on it, so I can have multiple IPSec VPN tunnels established on that interface (the tunnel interfaces will belong to different virtual systems). And another ...

Resolved! no nat

hello i'am configuring a paloalto firwall wish is the backward firewall, i'm facing problem with nat , users must be integrated in the frontal firewall users passes by paloalto firewall first then the frontal firewall, when it pass by pan their adresses changes by nat , and the frontal firewall does'nt reconginze them ,wish is a hige probl...

atelcom by L3 Networker
  • 9775 Views
  • 10 replies
  • 0 Likes

RPC Service

hello everybody,I need to write a rule that allows RPC Service activity for SUN SNMP to DMI mapper daemon.any idea?thanks in advance.

Resolved! no certificates in the webui but still everything is working

we get the error: Warning: cannot find complete certficate chain for certificate ****we get this error since upgraded, i cannot see any certificate in the webui but everything (global protect and webui) is working.int the export xml i can see those ceritifcates

minow by L4 Transporter
  • 3956 Views
  • 4 replies
  • 0 Likes

Permit related/inherited applications

Hello,I am looking to build a particular security policy where *all* web browsing is permitted, including any applications that the session gets transitioned to as a a result of App-ID figuring it out. For example, a session may start out as a "web-browsing" application but then turn into a "google-maps" application as App-ID figures out what t...

krhayes by L0 Member
  • 2851 Views
  • 2 replies
  • 1 Likes

Resolved! Timeout for SSL Decryption Session

Hopefully an easy one, but I can;t seem to find the answer.What is the default timeout for SSL decryption i.e. how long before a user is required to re-accept an opt-out page?And, what is the CLI command to change this?Many Thanks

apackard by L4 Transporter
  • 3731 Views
  • 3 replies
  • 0 Likes

GlobalProtect 1.2.4 issue with Mac pre-OSX 10.8

We are having a strange issue with GlobalProtect and all Mac OSX that predate 10.8. Clients can connect just fine, but when they try to connect to our NAS, the client's connection to the NAS locks up and then gets terminated, but the GlobalProtect client is still connected. I've asked our server team to look into the NAS logs, but it seems str...

mcw015 by Not applicable
  • 2416 Views
  • 1 replies
  • 0 Likes

Redundant Site-to-Site VPNs?

I am looking to put in redundant or active/active VPNs.2 of our sites both have 2 ISPs.Currently the VPN works from 1 ISP on each side.Questions:1. Can I have redundant VPNs?2. Can I load share over those?3. Any tips or docs to configure?Other related questions:1. Is there a feature of redundant routing (automatic) so I can easily set up a mesh ...

Resolved! HA configuration & License Expired

Hi,Given a scenario when both HA configured firewalls' license have expired, will my active firewall still fails over to passive firewall in the event of primary firewall failure?thanks,cwong.

cl_wong by Not applicable
  • 4533 Views
  • 3 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks