General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1708 Views
  • 0 replies
  • 0 Likes

One isp to multiple isp site to site tunnel

Hi Team,

 

We want to configure ipsec site to site tunnel between two locations as per below details

 

1) Location A having single ISP address i.e Wan address  (1.1.1.1/30) will connect to location B having 2 ISP address (2.2.2.1/30 & 3.3.3.1/30) and

...

Disable IoT Service as workaround of PAN-216043

We are having a problem in our PA cluster. One of the firewalls is restarted and HA is activated. This problem occurs approximately every 3 weeks and the error I found is from Wifclient and according to the paloalto documentation the workaround is to

...

EliasCoranti_1-1706792909590.png
EliasCoranti_0-1706792814014.png

Resolved! Show hit count in CLI

I was searching this forum and official documentation, but I can't find the following:

Is there equivalent to Cisco ASA "show access-list acl_name" command in the PAN-OS CLI. I am looking for the command that will show hit count for every configured

...

Resolved! Point to site VPN on pan 0S 11+ (Client to remote VPN server)

I remember reading some where Palo Alto firewalls works like a client to access remote VPN servers 

 

eg I can setup the PALO to access a OpenVPN server and give access to user on my palo managed local network to access that remote resource, than use

...

din100 by L3 Networker
  • 2091 Views
  • 3 replies
  • 0 Likes

Impact of run tcpdump on every interface.

Hi,

 

We need to execute tcpdump in PA-VM for a specific reason. We need to TCPdump data from firewalls for 15 minutes at various intervals; there is no specified source or destination. When we run tcpdump from every interface, we want to know if it

...

Panorama Log Collector Device Replacement

Hi There,

  One of the cluster's PA firewalls was faulty and replaced with the RMA unit. In the environment, we have a Panorama setup as a log collector. As the policy packages are not managed in Panorama, is modifying the faulty device serial number

...

User ID agent going to non- AD servers

Hi,

We have a userid_agent installed on our server, our security team noticed the excessive session denies between the userid agent server going to other non-AD servers in our azure firewall, can anyone help me confirm if this traffic from our userid

...

Daryl_Cruz_1-1706767342887.png

Custom Report not able to see last month report

Hi 

 

can anyone assist me with the document how to check what went wrong with the report as we generate report last month but only appears recent logs

 

FYI, we have done generate report monthly previously without issue .

 

we need to know where we

...

Global Protect to Manage 100+ FW VPNs

 Does anyone have any good redirects to information about how to manage an enterprise of PA FW's using Global Protect? I'm under the impression that Global Protect is primarily just for use of remote clients. I thought there was a way to use Global P

...

Resolved! Dynamic Update License

Hello There,

  I'm currently testing a PA feature for deployment. I need to update the dynamic updates before I upgrade the PAN-OS to the desired version. If I'm not wrong, the license is required for the offline dynamic update installation. I hope a

...

Source NAT question

hello,

Is it possible to make NAT source by specifying the source port on which I appear for the remote server?

let me explain :

 

I am located in an inside zone and I would like to go to a specific zone that we will call "partner"
I would like to acc

...

CAMIEG by L1 Bithead
  • 2013 Views
  • 6 replies
  • 0 Likes

Resolved! IKEV2 Errors in Log

On my PA-500 and PA-820's when I have a IKEV2 tunnel I tend to see this alot.  Both of these are running 8.0.10

 

'IKEv2 SA negotiation is failed. received notify type TS_UNACCEPTABLE

 

Trying to figure out what is causing this.  Anyone have any ideas

gzygadlo by L1 Bithead
  • 45497 Views
  • 5 replies
  • 0 Likes
  • 24218 Posts
  • 117 Subscriptions
Top Liked Authors
Labels