This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4254 Views
  • 0 replies
  • 0 Likes

PBF Rules being ignored

I have setup several PBFs to force traffic to use a specific egress interface for monitoring that particular path. I then setup a ping monitor on one of the servers, Source Address 192.168.200.15, to ping several different Destination Addresses (DA). The SA is the same for each 'monitor' but the DA is different. The PBF is then setup to forwa...

rmcrae by L3 Networker
  • 4322 Views
  • 3 replies
  • 0 Likes

Resolved! Confused about HA Path Monitoring recovery (Preemptive loop)

Hello,So this is a document: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhJCASWhich states:When a link or path monitoring (or both) failure condition is detected by the HA daemon on the Active device, it moves in non-functional state.When the monitoring state is restored, the non-functional nodes moves into passiv...

Active Directory Users & Computers slow over GlobalProtect

We are experience an issue that I am curious if anyone else has encountered. When any of us IT folk are VPN'd in via GlobalProtect (tested on different internet connections, hardwired and wifi) whenever we open up MSFT Management Console Active Directories Users & Computers, it takes about 5-7 minutes to open. I can see the traffic in our t...

ShippG by L1 Bithead
  • 52776 Views
  • 30 replies
  • 0 Likes

New Area for Engineering Blogs on LIVEcommunity!

We are excited to announce a new Engineering Blogs section on LIVEcommunity, exclusively curated by Palo Alto Networks engineers! This dedicated area will be home to technical posts about Palo Alto Networks innovations to build scalable and reliable systems, products, and features for our customer's cybersecurity solutions. In our inaugural po...

jennaqualls by Community Team Member
  • 2902 Views
  • 2 replies
  • 3 Likes

Resolved! Seeing error on commit: Management Server failed to send ID request to client device.

Seeing error on commit: Management Server failed to send ID request to client device. ResolutionRestart both management and device server. Run the following commands:> debug software restart device-server> debug software restart management-server Are these commands disruptive and used in production without impact?

New RCE on GlobalProtect if you didnt change the master key

Hello All, I saw the below on twitter... I wrote a tool to check master key configuration on palo alto firewalls and so far I haven't run into any instances of people actually changing the master key from p1a2l3o4a5l6t7o8 gist.github.com check if a PAN firewall is using the default master key when globalprotect is enabled check i...

OtakarKlier_0-1659529373594.png

URL Filtering wrong categorization

Hi Members, Whenever the users try to access our Internal server, The traffic is blocked in URL filtering category as adult. Can Someone help me how the palo alto categorize my ip address as Adult category the URL shown as pornhub.com. but when I am checking my ip in URL test, It is showing Unknown. URL. Someone can help how palo alto catego...

Resolved! HSBI and HA

Folks, I would like understand the difference between HSBI and HA1, HA1B, HA2, HA2B As per my understanding HA1 for control & HA1B for backup link HA2 for data & HA2B for backup link control carries heartbeats and communication Dara traffic carries Ip table, arp table, session table? Is that correct? For state full session sync up ...

Resolved! Panorama SDWAN commit "Failed plugin validation"

I've gone through the full beacon modules and went through instructions here on how to setup SDWAN in my lab (so I think I'm configuring it correctly): https://docs.paloaltonetworks.com/sd-wan/2-2/sd-wan-admin/configure-sd-wan When I get to the part where I add SDWAN devices I get the error at the bottom. I am at a loss, I've tried too many di...

Will-78 by L1 Bithead
  • 6103 Views
  • 1 replies
  • 0 Likes

Resolved! Commit failed - failed to send phase 1 to client logrcvr

Hello,Since this morning I'm not able to commit any change from my panorama to my firewallsHere is the message error that I receive:Details:. Management server failed to send phase 1 to client logrcvr. Management server failed to send phase 1 abort to client logrcvr. Commit failedI tried some debug command like "debug software restart log-receiv...

baloise by Not applicable
  • 18325 Views
  • 9 replies
  • 0 Likes

Failing to download GlobalProtect Client

I can run Dynamic Updates, but am unable to perform a GP download. "Getting Failed to download due to server error. Please try again later."This is for a passive node in an HA setup. It is a new PAN and this is keeping me from having it go live. Is there a way to download the GP package from the running PAN and upload it to the passive one?PA...

Global protect Always On - External connections

Global protect Always On - External connections Hello LIVE community! I hope you are well. I have had to configure Global Protect on several occasions but I have a question that I am being asked in this case: Is it possible in S.O windows to use the Always On, filtering that only connects to GP when it detects the connection i...

Metgatz by L4 Transporter
  • 3359 Views
  • 4 replies
  • 0 Likes

Resolved! Blocking Google Drive

Hey guys,I'm trying to block Google Drive. I've tried a variety of things: URL Filtering for online-storage (which works for Dropbox, icloud etc). But Google Drive still works...I researched and found quite a few forum posts on the topic and see that decryption is most likely required in order to see the traffic in order to block it. Is there a ...

Public Web Server, Secondary IP Address, and Loopback Interface

We have a VM-100 running 9.0.3.xfr to do some testing. This is currently setup on AWS, and we are trying to support traffic for multiple public web server's being sent through the firewall. There are the three standard zones and network interfaces (Untrusted, Trusted, and Management). The Untrusted has a public IP (Elastic IP) and internal su...

cdpeek by L0 Member
  • 6290 Views
  • 2 replies
  • 0 Likes
  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks