This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Packet buffer protection - PA5220 vs PA5410

I've recently upgraded my firewall from a PA-5220 pair to a PA-5410 pair. The firewalls were on the same PanOS version (10.2.4-h2) and with the same configuration. This was the original configuration for PBP at the upgrade time:The 5220 wasn't logging any PBP intervention, as you can see here (there's some sporadic intervention by zone protectio...

Screenshot 2023-06-21 alle 13.32.49.png
Screenshot 2023-06-21 alle 13.14.05.jpg
Screenshot 2023-06-21 alle 13.14.44.jpg
Screenshot 2023-06-21 alle 13.47.53.png

Dual ISP failover - stuck UDP sessions

Hi, I've configured Dual ISP failover using a PBF and everything seems to failover from ISP1 to ISP2 just fine. My issue is after we have failed over to ISP2 and ISP1 comes back online, not all traffic flips back to ISP1. UDP sessions for devices that have a keep alive or heart beat seem to be the most problematic. Currently the SIP/RTP traffi...

PA-3220 after upgrade into 10.2.6

Experience applications flow issue, most of the sessions incomplete (i deleted all active sessions with no resolution), reboot, fail-over several times, no luck. I opened a ticket with Tech support for advance packet flow process analysis no resolution until this moment. The odd is, it is one of HA pair experience this issue Active/Passive setup...

elmgbar by L1 Bithead
  • 2337 Views
  • 5 replies
  • 0 Likes

DH group 15 not supported in phase 1 with IKE v1?

I need to migrate an old firewall to a PA-440 and came across an ancient IPsec where they have used DH group 15 for both phase 1 and 2. According to the docs for PanOS 10.2 DH 15 is now supported but the 440 whines about DH15 in phase 1 as I use IKE v1. DH15 in phase 2 seems OK. (Note: The cryptos are from the original setup, will change to more...

Resolved! License renewal

Please confirm if the expired PaloAlto licenses can be renewed? If “YES”, Please confirm which of the expired PaloAlto licenses can be renewed?

PanOS 11.1.0 Upgrade - Panorama Refuses to Commit or Push on a Multi-VSYS System

Hey Team,Has anyone encountered any problems performing the PanOS 11.1.0 Upgrade? I've encountered the following issue after an upgrade, where PanOS (Panorama) would not commit changes, much less push them to our devices. The configd.log file shows the following: 2023-12-09 16:36:16.778 +1100 DG-push(selective): Waiting for DG file to be writt...

not able to open support case

Hi, When I try to open support case error message coming up saying "Problem Category is missing". Although I select the product as PAN-OS while creating the case. BR, Alaa

aasaggaf by L0 Member
  • 848 Views
  • 1 replies
  • 0 Likes

Best upgrade practice with HA Pair ?

We are preparing to update this weekend to 10.2.7 to resolve the expiring root certificate issue. We have an HA pair that we want to failover while upgrading as to not disrupt service. While I have the upgrade path from the Palo documentation what I am not sure of is if I can fully upgrade the secondary, failover and then fully upgrade the prima...

Walt by L1 Bithead
  • 3707 Views
  • 1 replies
  • 0 Likes

Setting Up Double NAT over a site-to-site VPN

Hi, I've been trying to read up on if it is possible to set up what Cisco would call "Twice NAT" on Palo Alto, and while there seems to be a lot out there for really odd fringe cases, I'm struggling to find anything on what I think would be a really common scenario. So hopefully someone can help. We currently have 2 organizations that need t...

BGP failover not working as expected

Hi Our PA 220 is running 2 eBGP's with 2 CE (WAN) routers. Those 2 CE routers will run eBGP with respective ISP's. We control the routing through Local preference. Routes learned via primary CE 1 has LP of 500 Routes learned via secondary CE 2 has LP of 250 What happened was BGP went down between CE 1 and ISP. BGP didn't go down betwe...

Paloalto can't block hotspot shield.

Dear all, I am currently facing paloalto can't block and see hotspot shield app.Our organization do not want to use ssl decryption to block hotspot shield. Any other solutions to block hotsport shield without decryption ??? Thanks.

zm.tun by L1 Bithead
  • 10361 Views
  • 8 replies
  • 0 Likes

Panorama Upgrade

Hi Team, I am setting up a new Panorama. Where not even created the Device Groups and Templates yet. I need to upgrade the Panorama but i am not able to do that. I am able to reach internet but unable to fetch the softwares, is there anything that needs to be done to fetch the softwares? Regards, Sanjay S

Resolved! LACP MAC Movement and Doubts

Dear Folks, First time I'm deploying PAs with LACP active/passive for HA solutions. I have some doubts couldn't get enough information from Internet source. 1. In the event, if one firewall goes down, PC on SW1 goes down, how this mac and arp movement happening? Interestingly when I give show interface on PA's both FW1 & 2 sharin...

Ramakrishnan_3-1702285551757.png
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks