This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4430 Views
  • 0 replies
  • 0 Likes

Stale SIP Sessions

Hello all, We seem to have an issue with sip sessions being stuck in the session monitor for weeks and sometimes months. There have been instances, albeit extremely rare, where it prevented new sessions from being formed on a sip trunk we were testing (it's being moved off of the firewall for production). Once I cleared the stuck session we we...

stalesessions.png
stalesessionssip.png
ClintL by L2 Linker
  • 19221 Views
  • 11 replies
  • 0 Likes

Android Samsung update doesn't work

Hello everyone, I can't solve the problem of updating Samsung smartphones running Android connected to the company Wi-Fi network.I created a custom rule for mobile phone updates, but it still doesn't work. Everything is set to allow in the monitoring, but it still doesn't work.I have run several tests, minimizing the rule configuration, but it s...

G.Geraci by L0 Member
  • 2506 Views
  • 4 replies
  • 0 Likes

FortiGate 501E & FG1101F equivalent Palo Alto model (below PA-5000)

Hello, I am planning to migrate from Fortinet to Palo Alto. Current firewall: FortiGate 501E Edge & DC Current Firewall: FortiGate 1001F Edge & DC Deployment: Enterprise edge All security features enabled (IPS, App-ID, URL filtering) I am looking for the closest Palo Alto equivalent model, Which model would you recommend and why? T...

Resolved! About PAN-301496

Attention: Global TPM team, Hi, I found PAN-301496 in PAN-OS 12.1.4 Addressed Issues.https://docs.paloaltonetworks.com/ngfw/release-notes/12-1/pan-os-12-1-4-known-and-addressed-issues/pan-os-12-1-4-addressed-issues Is this issue fix in PAN-OS 11.2? Best regards,MasaW

MasaW by L2 Linker
  • 3981 Views
  • 2 replies
  • 0 Likes

Resolved! Outlook and mapi-over-http

Hello team, Today, I had problems connecting Outlook 2019 to Exchange Online. After analyzing: it turned out that my PA suddenly started dropping the Mapi-over-http application, which it didn't need previously. What could be causing this behavior?

Resolved! MANDATORY ACTION REQUIRED: Device Certificate Enforcement affects PA-440

Hi everyone, We have a pair of PA-440 and when we login to the dashbaord we are greeted with a notification on the Device Certificate enforcement (I have attached a screenshot of the warning). When I have gone through the Customer advisory they clearly stated that the PA-4xx series are not affected by this enforcement. Now we do have the f...

Food for Thought - Data Redistribution during HA Failover - User-ID

Hi All, I thought I would share something that gave me grief this week. Background Firewall A and firewall B are in an HA pair. Both firewalls are configured to connect to a User-ID agent sitting on a Windows host within the environment. Firewall A is configured as the data redistribution agent to redistribute User-ID information to oth...

nohash4u by L3 Networker
  • 3101 Views
  • 2 replies
  • 0 Likes

Resolved! PA 220

Got a question. I'm seeing a red light on ALM ( icon) on our PA 220. I did some research and it says that ALM (Application and Threat Content Updates) indicator of a Palo Alto 220 firewall, it typically indicates that there is an issue with the firewall's ability to download or install the latest content updates as per our Local IT the netw...

weezy by L3 Networker
  • 3326 Views
  • 2 replies
  • 0 Likes

Resolved! IKEV2 Errors in Log

On my PA-500 and PA-820's when I have a IKEV2 tunnel I tend to see this alot. Both of these are running 8.0.10 'IKEv2 SA negotiation is failed. received notify type TS_UNACCEPTABLE Trying to figure out what is causing this. Anyone have any ideas

gzygadlo by L1 Bithead
  • 50779 Views
  • 6 replies
  • 0 Likes

Windows-Remote-Management & Implicit Use of Web-Browsing

I need your help with understanding this. We've got a rule that was intermittently working. We built a rule around the use of "windows-remote-management" which is using the standard port of 5985/tcp. The rule is a service "application-default" rule. When we look through the logs we see that some of the traffic that should be matching this...

Brandon_Wertz_0-1766598734776.png

CVE-2025-14847 MongoDB Server Bulnerability

A MongoDB vulnerability (CVE-2025-14847) was recently disclosed. We would like to verify whether Palo Alto Networks NGFW and any other Palo Alto Networks solutions are affected by this vulnerability, and if so, what mitigations or updates are recommended.

JunSuLee by L0 Member
  • 2322 Views
  • 1 replies
  • 1 Likes

Trying the DNSProxy feature for Static Response

Hie, Situation - Wanted to kaminsky the DNS Responses for my client from the FWComplication - None of the dig are responded Need your help on this? Client Requests for Promise/Spoofed IP keviv@keviv-VMware-Virtual-Platform:~$ ifconfig ens37ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.21.21 netmask 255.255.255.0 ...

ocpfn4 by L0 Member
  • 429 Views
  • 0 replies
  • 0 Likes

Cloud NGFW Credits issue

Hello All,I recently purchased Cloud NGFW for azure and purchased paloalto credits as well.my Azure NGFW shows as PAYG ( Pay us you go) instead of showing license with my credit.is it possible to change my PAYG license to credit based.

M.vyas by L0 Member
  • 3307 Views
  • 6 replies
  • 0 Likes
  • 24374 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks