General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

redistribute static routes including next hop as next VR in ospf

we have two VR1. Default :eth1/1 - 10.1.1.0/24 L3_LAN Zoneeth1/2 - 10.1.2.0/24 L3_DMZ zoneeth1/3 - internet 2.New_VRtunnel interface tunnel.1_global protect tunneleth1/4 - Branch Core ------- PA ------------------Branch routerWe want to enable ospf in New_VR . As per requirement DMZ subnet of default VR and GP ip pool should redistribute via ...

auto commit issues after upgrade to 10.x

Hi, We started to experience auto commit finishing delay on our PA-5220 after the upgrade to 10.x. We have a pair of HA PA-5220 in active/passive mode, we never had an auto commit issue before in previous updates, reboots of the firewalls. We have upgraded numerous times before from 8.x all the way to 10.x. In our recent upgrade to 10.1.x, t...

Upgrade of 5260

Dear Team,I have upgraded PA-5260 from 10.0.12 to 10.1.9-h3 and faced weird, issues after the upgrade the customers monitoring system has generated some errors like this >> "device 'slot-1 data processor' status is 'down' "" we have checked and slot1- dp1 these are up but the error in their monitoring system is still alive, can some one as...

Resolved! VPN Traffic not match configured policy hitting default trust to Untrust

Need some assistance with A S2S VPN - We have configured a Similar tunnel from another site to destination 3rd party peer and it's working. The 2nd site is configured the same as the working one. What I cant figure out is the tunnel is up, both tunnel interfaces are up. The Virtual router has static routes to desti primary with metric of 10 and ...

Manual Gateway Selection in GP

Hi Team, We are unable to select the Gateway manually in GP may i know how to set this up? Users needs to get the option to select the Gateway manually. This is quite urgent please help. Regards, Sanjay S

RFC1006 protocol over TCP

Hi has anyone heard of this protocol, give simple example of how it works AND whether or not it's supported by Palo Alto ?

IPSec VPN tunnel question, Proxy-ID and peer IP same?

I am creating a static routing IPSec VPN tunnel with a 3rd party. The 3rd party wishes to NAT their hosts to their peer IP, which means the remote peer IP will be the same as the proxy-ID IP. How do I support this?

URL Category rule works on some firewalls but not others

We are using a rule to permit traffic for Cisco licensing using URL Categories. The rule is applied via template, so all of the firewalls get the same rule. The only variable is the source IP/host. This rule works on most of the firewalls (all are PA850) but fails on some. The traffic does not match the rule and is blocked by the default rule.

PA-220s randomly crashing

We are having a large number of our PA-220s randomly crashing. No critical system logs are see shortly before the crash, the device just goes down and they are logs of dataplane starting up like 30 minutes later. Our other models are fine, its only the 220s we are having issues with. We have had a critical TAC ticket for the last few days and it...

Need help! Specific subnet cannot access my internal resource

Hi Team, I just need an advise. I have this setup as attached but I have this mystery that's been bugging me for days now. There is only one subnet which cannot access my internal resource. I ran the filter and global counter and there are specific counters I noticed. Can someone enlighten me on this? Regards, Renz

Resolved! PAN_OS 10.0.0 upgrade issue

i am going to upgrade pan-os from 9.1.14-h4—>10.0.0–>10.0.11-h1–>10.1.0–>10.1.6-h6 for my pa 3260 device.But when the Pan-os upgraded to 10.0.0, i waited for two hours and the global protect client can connect the portal and gateway, but it can't access any network include Paloalto host ip, internal network and external network. i...

Resolved! Layer 3 between 2 buildings

Hi everyone, I have 2 buildings; they are about 40 miles apart. I'd like to set up a layer 3 connection (OSPF) between 2 buildings. The fiber connection is provided by the ISP and is ready. I have a couple of questions: Is it a good practice to use virtual wire ports between 2 routers A and B for layer 3? We own all the equipment but not th...

Resolved! DNS setup best practice

Hi All , I am planning to use FQDN based address for security policy . Any best practice to follow . As we have concern related to FQDN dns cache on firewall . And if we are connecting to cloud ( using hybrid setup) any specific recommendation for that as well . Thanks

Concurrent Policy Installation

Could someone help me from which PAN-OS version can we do Concurrent Policy installation ? For example : Admin A and Admin B can push 2 different Access Policy to 2 different Clusters ?

PAN HA with different SFPs

Hi Guys quick question.. planning a pair of PA 5420's in HA - the plan was for each to have a 40gb QSFP+ module. however on our secondary core switch we are unable to source a 40gb sfp in time. So.. as a temp solution, will HA work if we have a 40GB QSFP+ module on FW1 connecting to 40GB sfp on Core1 and a 10GB SFP on the FW2 connecting to 10g...

Discussions