This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Resolved! PA 220 Dataplane restart automatically.

Hi Team, We have noticed that our PA 220 device data plane has been restarted automatically. Pan OS: 10.0.6 Please find the logs below, 2021-09-24 10:36:23.126 +0530 INFO: flow_ctrl_pktlog_forwarding: exited, Core: False, Exit code: 02021-09-24 10:36:23.290 +0530 INFO: flow_mgmt: exited, Core: False, Exit code: 02021-09-24 10:36:23.487 +0530 INF...

VishnuPS by L3 Networker
  • 9495 Views
  • 8 replies
  • 0 Likes

ARP refresh in firewall if replacing the connected device

we are changing the core device hardware connected to Palo alto firewall inside interface. To minimize downtime we will be moving inside interface of secondary passive firewall to new secondary core and then we will make it active by suspending primary firewall. Is there any ARP issue or delay in arp refresh on Secondary firewall as we will live...

Deepak25 by L3 Networker
  • 1464 Views
  • 1 replies
  • 0 Likes

Resolved! Features column in Network Interface shows an IPSec Gateway

I have a HA pair of PA 5220s at the HQ location and a PA-850 at a secondary DR location. We have about 100 remote sites that have a primary Site-to-Site VPN connection to HQ and a secondary connection to the DR location. Each of which have their own IKE Gateway configuration. I've just noticed that when I look at the Network/Interfaces/Ethernet ...

Impact of license expiry

I need the impact below license expiry. This is not in terms of any OS version. This is a gen query. -SD WAN License -BrightCloud URL Filtering -GlobalProtect Portal -GlobalProtect Gateway I intend to get the below bullets:- -What one can still do, -What one can no longer do,

description contains 'Failed to connect to address: x.x.x.x port: 3978, conn id: triallr-x.x.x.x-x.x.x.x' )

ipsec vpn, global protect is not set. 34.122.191.141 > google address 200.200.200.200 > loopback address I found a Cortex logging service error, but I don't know how to solve it in detail. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POOtCAO I want to turn off the corresponding log.

qmso475_0-1705371110137.png
qmso475 by L3 Networker
  • 1973 Views
  • 1 replies
  • 0 Likes

PBF Rules being ignored

I have setup several PBFs to force traffic to use a specific egress interface for monitoring that particular path. I then setup a ping monitor on one of the servers, Source Address 192.168.200.15, to ping several different Destination Addresses (DA). The SA is the same for each 'monitor' but the DA is different. The PBF is then setup to forwa...

rmcrae by L3 Networker
  • 4301 Views
  • 3 replies
  • 0 Likes

Resolved! Confused about HA Path Monitoring recovery (Preemptive loop)

Hello,So this is a document: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhJCASWhich states:When a link or path monitoring (or both) failure condition is detected by the HA daemon on the Active device, it moves in non-functional state.When the monitoring state is restored, the non-functional nodes moves into passiv...

Active Directory Users & Computers slow over GlobalProtect

We are experience an issue that I am curious if anyone else has encountered. When any of us IT folk are VPN'd in via GlobalProtect (tested on different internet connections, hardwired and wifi) whenever we open up MSFT Management Console Active Directories Users & Computers, it takes about 5-7 minutes to open. I can see the traffic in our t...

ShippG by L1 Bithead
  • 52692 Views
  • 30 replies
  • 0 Likes

New Area for Engineering Blogs on LIVEcommunity!

We are excited to announce a new Engineering Blogs section on LIVEcommunity, exclusively curated by Palo Alto Networks engineers! This dedicated area will be home to technical posts about Palo Alto Networks innovations to build scalable and reliable systems, products, and features for our customer's cybersecurity solutions. In our inaugural po...

jennaqualls by Community Team Member
  • 2893 Views
  • 2 replies
  • 3 Likes

Resolved! Seeing error on commit: Management Server failed to send ID request to client device.

Seeing error on commit: Management Server failed to send ID request to client device. ResolutionRestart both management and device server. Run the following commands:> debug software restart device-server> debug software restart management-server Are these commands disruptive and used in production without impact?

New RCE on GlobalProtect if you didnt change the master key

Hello All, I saw the below on twitter... I wrote a tool to check master key configuration on palo alto firewalls and so far I haven't run into any instances of people actually changing the master key from p1a2l3o4a5l6t7o8 gist.github.com check if a PAN firewall is using the default master key when globalprotect is enabled check i...

OtakarKlier_0-1659529373594.png

URL Filtering wrong categorization

Hi Members, Whenever the users try to access our Internal server, The traffic is blocked in URL filtering category as adult. Can Someone help me how the palo alto categorize my ip address as Adult category the URL shown as pornhub.com. but when I am checking my ip in URL test, It is showing Unknown. URL. Someone can help how palo alto catego...

Resolved! HSBI and HA

Folks, I would like understand the difference between HSBI and HA1, HA1B, HA2, HA2B As per my understanding HA1 for control & HA1B for backup link HA2 for data & HA2B for backup link control carries heartbeats and communication Dara traffic carries Ip table, arp table, session table? Is that correct? For state full session sync up ...

Resolved! Panorama SDWAN commit "Failed plugin validation"

I've gone through the full beacon modules and went through instructions here on how to setup SDWAN in my lab (so I think I'm configuring it correctly): https://docs.paloaltonetworks.com/sd-wan/2-2/sd-wan-admin/configure-sd-wan When I get to the part where I add SDWAN devices I get the error at the bottom. I am at a loss, I've tried too many di...

Will-78 by L1 Bithead
  • 6041 Views
  • 1 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks