General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Will ADEM ever come for Local Networks?

Will ADEM every be available outside of prisma access? Wondering how local networks are handling testing (outside of using competitors)

Resolved! communication between 2 segments in 2 zones diferents

I have a problem to be able to communicate internally my different segments which are declared in two different interfaces and in different zones.

I dont use vlan's

Eth 1/6= WAN 141.201.78.43/27

Eth 1/8= LAN
10.144.3.19/26
10.144.3.64/26

Eth 1/4= L

...

Resolved! Allowing ms-update on app-default, File blocking PE and therefore no windows updates

Me again and file blocking per PA best practice (PE, multi-level, etc..) and allowing ms-update on application default. However the WSUS server is not able to download any updates and its classifying a PE file as a threat. The file in question is a

...

PA--820 Power Supply Voltage In (Vin) Voltage and Frequency Range

Hello,

I am looking for the exact specification of the PA-820 PSU Voltage and Frequency range, as I need to install the device in mobile asset where the ranges may fluctuate within certain parameters.

Due the environment that the units will be de

...

Query regarding the default state of FPGA on PA-3060: What's the output of the command "debug dataplane fpga state" running on PAN-OS 9.1.7 or above?

Dear Community Members,

I hope someone will be able to help me out to confirm the default FPGA states on the PA-3060 appliance and supply some additional info on this matter?

As per the knowledgebase article (CAN THE CONTENT INSPECTION PERFORM ONLY I

...

Resolved! PA-3260 FPGA aho and dfa software offload seams to be enabled by default on 10.1.x (10.1.6-h6)

I am trying to debug high dataplane cpu on 3260, and both aho and dfa is set to software, when disabling software offload (enabling hardware offload) the high dataplane cpu is a problem of the past we have gone from 75+ to 9-10 %. When we disable sof

...

Resolved! Cannot create a support account

So I have bought the Palo Alto Firewall Bundle in the AWS Marketplace and was registering a support account, but when I log in the I get the following message:

UnAuthorized Access

Your email address, **********, was not found in the support portal. Ple

...

Resolved! user id agent wmi broken after kb5023702 installed

Hi,

i installed the kb5023702 on my active directory, and it breaks the user-id mapping on palo alto with wmi.

I had to uninstall this kb to resolve this.

Do you have a solution for this bug ?
Thanks,
Regards

dhcp on L3 or Vlan interface

Using our pa firewall connected to our ISP modem (in bridge mode) its working fine. But I have a zone called guest that I want to have dhcp clients on that will be separate from my trust network. I want to be able to have those guests on DHCP from th

...

duplicate ipsec tunnels

Hello Comunity,

I have a weird issue, we upgrade a cluster to 10.1.5-h1 from a 9.1 version, after the upgrade on the gui i see all the ipsec tunnels duplicated for example i had an ipsec tunnel called vpn_consult, after the upgrade i had 2 ipsec tunn

...

SSL Inbound decryption -Decryption error

One of my application is not decrypted i have applied SSL inbound decryption policy and got decryption-error.

On other hand another application with same intermediate certificate having decrypted. As same intermediate only child certificate is cha

...

Resolved! Adding a firewall back into a AP cluster that has outdated network and device settings

Hi All,

I'm curious if anyone can provide an article or just some basic steps of adding a firewall back into a AP cluster that has "outdated" network and device settings.

Firewall-02 was moved to a new location and has a new IP scheme for the net

...

Stale SIP Sessions

Hello all,

We seem to have an issue with sip sessions being stuck in the session monitor for weeks and sometimes months. There have been instances, albeit extremely rare, where it prevented new sessions from being formed on a sip trunk we were testi

...

Resolved! HA Failover Hold Timers?

Hi folks,

I will be configuing my first Active/Passive HA next weekend on two PA 3020 devices.

I am trying to understand the difference between Monitor Hold Time for HA1 link and Monitor Fail Hold Down Time for the Active/Passive settings.

Could anyo

...

Premium support contracts

I would like to open a case to verify our current support contracts. I need to know about premium supports if still covered for Hardware replacement and software maintenance? Here is my support account ID 23384

Thanks,

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Will ADEM ever come for Local Networks?

Resolved! communication between 2 segments in 2 zones diferents

Resolved! Allowing ms-update on app-default, File blocking PE and therefore no windows updates

PA--820 Power Supply Voltage In (Vin) Voltage and Frequency Range

Query regarding the default state of FPGA on PA-3060: What's the output of the command "debug dataplane fpga state" running on PAN-OS 9.1.7 or above?

Resolved! PA-3260 FPGA aho and dfa software offload seams to be enabled by default on 10.1.x (10.1.6-h6)

Resolved! Cannot create a support account

Resolved! user id agent wmi broken after kb5023702 installed

dhcp on L3 or Vlan interface

duplicate ipsec tunnels

SSL Inbound decryption -Decryption error

Resolved! Adding a firewall back into a AP cluster that has outdated network and device settings

Stale SIP Sessions

Resolved! HA Failover Hold Timers?

Premium support contracts

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Device - certificate based authentication

Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Wildcard URL for Non-HTTP/HTTPS traffic

WEBUI Session Timing Out

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: Howto delete sub-interace from cli

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Re: How can I filter disabled rules in the 'policies'-tab

Unlock your full community experience!

Resolved! communication between 2 segments in 2 zones diferents

Resolved! Allowing ms-update on app-default, File blocking PE and therefore no windows updates

Resolved! PA-3260 FPGA aho and dfa software offload seams to be enabled by default on 10.1.x (10.1.6-h6)

Resolved! Cannot create a support account

Resolved! user id agent wmi broken after kb5023702 installed

Resolved! Adding a firewall back into a AP cluster that has outdated network and device settings

Resolved! HA Failover Hold Timers?