This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

L2 with Aggregate

Hi We would like to configure L2 with Aggregate between PANOS (4.1 - PA5050) with cisco switch - After we do L2 Aggregate , and assign IP Address on VLAN , we find that when we ping to this IP Address , there are many request-timeout. - If we configure L2 and set IP on VLAN only (without aggregate), there is no problem (Ping smoothly...

apirachat by Not applicable
  • 2315 Views
  • 1 replies
  • 0 Likes

Filter activesync

Hello,I wonder if the following is possible. (Question from a potential customer).They want to filter/DENY MAIL from the activesync traffic to mobile devices (users in the organzation using phones that are not approved because of security).But they want to ALLOW calendar sync and contacts sync.We already have configured inbound-ssl decryption on...

Resolved! PANOS 4.1 error message: untrust cert is not configured

When I have configured SSL decryption, I always get this warning message when I commit:· Warning: vsys1 decryption: forward decrypt untrust cert is not configured, forward decrypt trust cert will be used instead.· (Module: device)· Configuration committed successfullyHow can I get rid of this message when I haven't configured an SSL unrust certi...

Unable to Run User Activity Report After PAN OS Upgrade

We recently upgraded our appliance to 4.1.3, and now cannot retrieve any data prior to the OS upgrade when running User Activity Reports. My logdb shows that we are near full capacity (but haven't reached the 80% threshold as of yet); however can only pull data from the last reboot of the device - post OS upgrade. If I run a report from the Re...

Resolved! Net Connect Verus Global Protect

What is the difference between the license version and non-license version of the global protect? Is there some documentation on what we would get with the license version verus the non-license version? I would like to have some kind of documentation that show the perks between the two.

HA questions

Hello,I'm having trouble understanding how Active/Passive HA works in Palo Alto. In other solutions the active device has a virtual address on top of its physical interface address, and when the active device goes down the passive device 'takes over' by sending a garp notifying devices that it is now the virtual address receiver. I can find a fl...

u5801 by Not applicable
  • 11002 Views
  • 10 replies
  • 0 Likes

Change an address to a "shared address"

Is there an easy way to change an address to a shared address for virtuals domains.The only way we found is to clone the address and change every policies where the address is used which is very long !

support by L1 Bithead
  • 3432 Views
  • 2 replies
  • 0 Likes

Resolved! Anti-virus and "Server response inspection"

I have been disabling "server response inspection" by default in all my policies as it is documented in a number of places (including independent group tests) that this improves the overall firewall performance, and I was under the impression that SRI was only useful in certain data-centre environments that do not apply to us.However while testi...

Slow commit

Hi,I'm running the latest firmware from PAN on a PA-500. Not long ago the commit was pretty fast, like 1 minute or so.I haven't done any major changes, but i've noticed the commit has become gradually slower as time passes. Now its really slow!Can someone tell me the reason for this, and a way to fix it?I will get the 5020 box very soon, but i...

johnd by L2 Linker
  • 3348 Views
  • 3 replies
  • 0 Likes

Resolved! Cannot update software since upgrading to 4.1

Hello all,I recently upgraded to the 4.1 OS from 4.0.1. The firewall settings are fine but for some reason whenever the firewall tries to download any new software like 4.1.1, GlobalProtect, Dynamic Updates it keeps getting the error "Failed due to network failure".I have checked and made sure that the Managment Interface is not being blocked by...

devere by L2 Linker
  • 10753 Views
  • 13 replies
  • 0 Likes

Resolved! SSL-VPN usage report

I'm probably overlooking something obvious.. but I can't seem to find a way to generate a login / session report of SSL-VPN users. Can anyone give a brother a hint?

nwallette by Not applicable
  • 5150 Views
  • 4 replies
  • 0 Likes

Console Cable Scrolling

I am having issues with console cable connectivity and scrolling when working in a box. Basically the short of it is, no matter what console program I use, albeit putty; I get about 40 lines shown, and when I go to view more it overwrites the bottom 20 to 30 and only leaves so much up top. Wierd thing on putty is... If you log into the box an...

mcole by Not applicable
  • 3294 Views
  • 2 replies
  • 0 Likes

Resolved! user-id agent connection issues

Hi,We are trying to connect our PAN 2050 OS 4.0.9 to a couple of user-id agent version 4.1.3. The connection is not established and the agent logs reports:Device thread 1 SSL no certificateDevice thread 1 reply ver 5 msg with max ver 5, msg type 6Failed to read message msg header. error -1Device thread 1 SSL shutdownThe PAN "show user userid-age...

ajripa by Not applicable
  • 4172 Views
  • 1 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks