This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4454 Views
  • 0 replies
  • 0 Likes

User-ID - Windows Server 2022 , not working

We are running a Windows server 2022 and PA-3220. I have the user-agent put on a seperate Win 2022 server. The firewall when communicating with server is getting dropped code 5986. Under my Server Monitoring it shows Connection refused(0).

tnewton by L0 Member
  • 4311 Views
  • 2 replies
  • 0 Likes

Resolved! CVE-2024-0010

Hi there everyone. Could please someone clarify for me what versions are affected regarding CVE-2024-0010 as seen here? https://security.paloaltonetworks.com/CVE-2024-0010 My inquiry goes for version 10.1.11-h5. Is it affected or not? Because I believe there is an error in the way this is written in the article. If 10.1.11-h5 is affected, then ...

Koulentis_0-1708063049201.png

Resolved! SSL/TLS Vulnerabilities

Dear Team , We have a customer, who found SSL/TLS Vulnerabilities on audit SSL/TLS configuration The firewall supports weak cipher mode CBC. kindly provide the solution to remediate the weakness. snip attached for Refr.

lsvpn problems with connecting to gateway

We have a lsvpn architecture and we are having problems with one of the satellites connecting with lsvpn gateway. We configured and maintaining this lsvpn for the past 1 year and dealt with most of the problems. Usual one being credential cookie expiration and we had to manually go in and put in the credentials. Other one is sometimes we have to...

Akhilb2728_1-1708033165796.png

device telemetry Failed to reload config files

Since the update from our firewalls to 10.1.10h2, i see in the system logs the event : Type: device telemetry Event: config-reload-failure Description: Failed to reload config files. The sent of the telemetry files is working. This happens every time after a commit from panorama to the firewalls. The firewalls are HA setup managed by panorama. I...

ManuDC by L0 Member
  • 7570 Views
  • 4 replies
  • 1 Likes

traffic log database exceeds alarm threshold value 100% of total allowed size

Hello community, On my paloalto 850 I get several alarms every day stating: "Current suz (xxxMB) of traffic log database exceeds alarm threshold value (100%) of total allowed size (xxxMB). On the CLI a "show system disk-space" shows the disk on not full: Filesystem Size Used Avail Use% Mounted on/dev/root 9.5G 3.4G 5.6G 38% ...

Zorgnet by L0 Member
  • 1371 Views
  • 1 replies
  • 0 Likes

PA 440 dynamic updates

I am installing a PA 440 v 10.1 I can ping IP Addresses on the Internet using my internet interface as source I can https inbound to the firewall after configuring a management profile under Device -> dynamic update or license check my attempt at the connection times out Q can anyone recommend tests for me to complete to troubleshoot ...

S.Byrne by L3 Networker
  • 2175 Views
  • 2 replies
  • 0 Likes

IPSEC tunnel due to timeout problem

I was configure remote 10 branchs connect to Office by IPSEC tunnel. Each branch connect to Office bandwidth 256kbps,512kbps, 1mbps. So someone branchs tunnel automatic disconnect. Manual remote tunnel device(Cisco RV042) reconnect to PA2020 error. See error messageIKE phase-1 negotiation is failed as initiator, main mode. Failed SA: office ip...

Amarzaya by Not applicable
  • 16768 Views
  • 7 replies
  • 1 Likes

Configuring Dual Leased Lines on PA-220 for Efficient Failover

Hello, We've set up a dual leased line configuration with BT, featuring two separate gateways. Our primary aim is to ensure continuous connectivity, should one of the lines fail. Our PA 220's static routing has been configured as follows: - For BT1, we've assigned Ethernet interface 4 with a default route (0.0.0.0/0) having an administrative dis...

GRE tunnel vs LSVPN which one to use for HUB and Spoke

Hi All, I am researching between GRE and LSVPN tunnel for a HUB and Spoke design, basically for ISE authentication traffic from Meraki wireless to HUB ISE. But i can't seem to find any document stating which one is fit for this purpose or what are the differences. GRE seems easy to deploy but less secure. What would be the benefit of using L...

Farmedi by L0 Member
  • 1227 Views
  • 1 replies
  • 0 Likes

Resolved! How to clean up /dev/shm

Hi everyone, Been receiving alerts for a little bit around tmpfs /dev/shm being at 99% - how should we clean up this directory? What is this directory used for?tmpfs /dev/shm Thanks!

palo 01.png

Child objects or override calue

I have been looking at the best approach to push a rule to multiple sites, but using a different value for the source address object at each site. For example, allow http from the users subnet to the internet, and the users subnet is different for each site. It looks like a single rule can be created and pushed to all the sites, then the val...

Feature Request List

Hi, where can i find the 'feature request' list I've got an answer for an opened ticket : "We verified FR in response to your request. Please find the Request ID below:FR ID: CXDR-I-1843"

Arielhz by L0 Member
  • 1233 Views
  • 1 replies
  • 0 Likes

2xISPs and 2 VPN tunnels - tunnel failover issue

Hello Team, I am running into an issue with our setup. We have single PA460 box connected to 2 ISPs same time, i.e. Ethernet1/3 is to ISP1 and Ethernet1/4 to ISP2. We are running 2 default routes setup like this with ECMP enabled, so traffic is been load-balanced betwen 2 ISPs with a hash based on source. We also have 'strict source path' opti...

default_routes.jpg
  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks