General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Peer certificate chain building failed due to unable to get local issuer certificate

Hello, This is my first post here as I am a new customer of PaloAlto, but not new to networking. I have extensive Cisco background. We are having an odd problem when trying to create an IKEv1 s2s tunnel between a remote PA220 and Cisco ASA 5525X headend. The PA outside interface has a dynamic address. We have worked on this issue for days now an...

Case creation issue

Hello, This is Mohammad Qasim from Kabul, Afghanistan I'm trying to open case with Paloalto but the bellow message, please do me favor. Device and customer codes do not match a Support Account. Please contact a Super User to send you a registration link for the appropriate Support Account.

Firewall interface arp broadcast

The firewall was deployed route mode , the interface 1/3 direct connect the DMZ switch . I found the firewall interface (1/3 172.20.1.1)always send arp (broadcast to the subnet 172.20.1.0/24 ) .Is there someone know why ? The firewall hardware 3020 and software is 9.1.16-h5 .

YYJ00999 by L0 Member
  • 1336 Views
  • 1 replies
  • 0 Likes

Subscribe to Newsletter

Hey team, trying to subscribe to the Palo Alto newsletter at https://security.paloaltonetworks.com/ but keep getting an error: An unexpected error has occurred. Please contact support. Is there a certain level of access I need in order to subscribe to this? My Network admins believe i have the correct level of access to do this.

Expedition2 Beta - Help with Setup with Expedition Container

Hello, I am currently tasked to set up a container following the steps supplied with Expedition2 Beta Build. After the command "docker-compose up -d" there are newly created volumes but is unable to authenticate to ghcr. I have attempted to link my github profile together but no success. The below message's are displayed: - on command line - d...

HA2 link goes down when enabling HA2 keep-alive - PA VM on Azure

I noticed HA2 link down between the HA A/P peers. I tried to bounce the link but it didn't help Disabled session synchronisation and HA2 came up Re-enabled session synchorisation, HA2 link went down. Disabled keep-alive on both active and passive firewalls and HA2 link came up This is when HA2 keepalive is enabled. This is when HA2 keepaliv...

AhmedAlRashed_0-1710459098374.png
AhmedAlRashed_1-1710459889184.png

Unable to export the policy package

Hello All, As per the recommendation from Palo Alto, I have executed the below commands on the checkpoint MDS. But unable to export the policy packets. The Size of the policy package was 1Kb. Please advise on this.

madu2609 by L0 Member
  • 1219 Views
  • 1 replies
  • 0 Likes

Global Protect Portal Issues

Hello Everyone, We have just noticed that when we are trying to connect to the GP Portal on the web. We are getting successfully connected over VPN but when going on the web we are getting an auth failed. We have cloud auth with azure. Errors on edge: no password Authentication 2FA we get the prompt and it flows through. 11.0.13h Any i...

Udit_Das by L0 Member
  • 1330 Views
  • 1 replies
  • 0 Likes

tshoot firewall

Hello team, There was a issue with 3 urls, so what we did we create rule and all user to access these site where 2 sites are working and there is one more site in same rule is not working,it shows below error. we see the traffic showing incomplete, there were no profile attached and everything is allowed but user getting issue with one site, ple...

shirishkulkarni_0-1710745493023.png

Commit error After PANOS10.1.10 upgrade

After upgrading from PANOS 10.1.8-h2 to 10.1.10 we start getting the following commit error. profiles -> spyware -> sink-alert -> botnet-domains -> dns-security-categories is invalid. Missing pre-defined DNS security category Any idea to correct this error?

Lance by L2 Linker
  • 13622 Views
  • 10 replies
  • 0 Likes

Resolved! Acting on Vulnerability threats

When the Threat log shows a vulnerability, is this an actual attack of this vulnerability or is this something that is using software that has this vulnerability?Trying to determine when to act on the vulnerability (i.e. block).If a critical level vunerability is an actual attack then it would be no brainer to just block it but if the vulnerabil...

merrydc by L1 Bithead
  • 13644 Views
  • 15 replies
  • 0 Likes

Resolved! Global Protect VPN Device Certificates Expired

Hi Guys, I'm the first time to renew our GP VPN device certificates. But my certificates just expired today. And I checked our old device certificates, it doesn't have the "CA".When I renew it, do I need to import certificates ".pem" file or "pkcs12"? I don't want to change any current VPN configuration.I have totally no idea how to do it. Thank...

Pan-Os Image for educational purpose

Hello, I'm working on a graduation project about the Next Generation Firewall and would like to use the Pan-OS images. I registered on the Customer Support Portal but received an error and couldn't continue. It seems it won't be possible to download Pan-OS images if I'm not a customer but a student. Is this possible or do you have any free Pan-O...

wiler121 by L0 Member
  • 15184 Views
  • 4 replies
  • 1 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels