This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4107 Views
  • 0 replies
  • 0 Likes

Authentication Fallback

Hello,So, we currently authenticate administrators to our PA's via Radius (TACACS). Is there a way to configure the PA's that it will only use the local DB / Administrators if Radius isn't available? Thanks!

mrsold by Not applicable
  • 12707 Views
  • 10 replies
  • 0 Likes

Rule hit count or unused rule in custom reports or CLI

There are no fields related to rule hit count or any way to identify unused rules in Panorama custom reports. Is there a way to get a consolidated view of unused rules across all device groups at once and not just through the policy page per device group?

x2aembre by L0 Member
  • 1983 Views
  • 2 replies
  • 0 Likes

PA5410 Version 10.2.4 not allow to set offload to true

HelloWe are detecting sporadic CPU spikes on a FW 5410 version 10.2.4 , the average is fine however, we observe sporadic spikes of 95% 96% ...100%. Before with the old FW model we did not have this problem and we have not changed any configuration. When I try to change the session offload to True it does not allow me to do so.admin@X> show se...

Alpalo by L4 Transporter
  • 2047 Views
  • 2 replies
  • 0 Likes

SNMP Looking for a Table on 5020's that shows VPN tunnel status

We have a VPN tunnel and would like to know if there is an SNMP table that can be polled for the status of the tunnel being up or down. We are aware there are traps that provide update when the tunnel goes down. However, we are looking to establish a timed monitoring check that requires polling an SNMP table that would contain that data Does...

runatyr by L0 Member
  • 1262 Views
  • 1 replies
  • 0 Likes

PAN-229942 fix version 10.1.12 and 11.2.0 release estimation date

Hi Support, we recently upgrade PAN-OS version 10.1.10-h1 but encounter issue error message "timed out while getting config lock" then we have confirm with Palo alto TAC engineering team that this issue cause by bug PAN-229942 and the fix version PAN-OS version 10.1.12, 11.2.0. but not sure the date of the release yet. Kindly please let us k...

Support account with personal email?

Purchased a 440 lab unit for my personal lab through my previous employer who is no longer in business (and inaccessible email) so I need to now register it with my own personal email but am having trouble. Trying to study for PCNSE after getting my PCNSA. I’ve seen it done for others in the past but I am not sure I am going about it the corre...

VK9H13 by L2 Linker
  • 1596 Views
  • 1 replies
  • 1 Likes

Upgrade VM-Series model - VM100 to VM300

Hello. I have as a goal to upgrade the palo alto firewall from VM100 to VM300. I am in a process of understanding the process, so I am wondering if I could get some assistance from this forum. Thank you in advance. Going through the guide Upgrade the VM-Series Model (paloaltonetworks.com) I see at STEP 2, under A point Make sure that you are...

alwi by L0 Member
  • 1768 Views
  • 1 replies
  • 0 Likes

Cloud Identity Engine

While attempting to synchronize an on-premises server with Cloud Identity Engine, we encountered the following error Confirm the domain name configured on the agent matches the Canonical Name of the domain controller to ensure Cloud Identity Engine can retrieve the NetBIOS name. A derived value (xyxyxyx) is used instead.Action: Change AD contr...

Screenshot 2023-05-24 221725.png
Screenshot 2023-05-24 221635.png

VPN Site-to-Site Private IP and Public IP

VPN Site-to-Site Private IP and Public IPGood afternoon everyone, is it possible to set up a Site-to-Site VPN between a site with a Palo Alto Private IP and a Palo Alto Public IP.Site Privado: PaloAlto---IpWan-192.168.1.254---Router/Modem--------Internet-------Site Publico:IPWan:190.100.100.200Thank you very much for your help and support, I rem...

Metgatz by L4 Transporter
  • 8517 Views
  • 7 replies
  • 0 Likes

SD-WAN Hub and Branch PANOS versions

Is there a requirement for PANOS version to match for SD-WAN or for the Hub site to be of a higher version of PANOS. Example: Hub is on version 10.2.4, Branch is on 10.2.6 Would there be any issue with this?

teaton by L0 Member
  • 1053 Views
  • 1 replies
  • 0 Likes

GP stops working when ecmp is enabled

We have Palo Alto firewall with three Internet links. One is a leased line and other two are ADSL links. I have configured ECMP on the two ADSL lines to load balance traffic on the two ADSL links. Global Protect is configured on the leased line. I have configured default route to all the three internet links in the firewall. I have configured th...

Dijesh by L1 Bithead
  • 4874 Views
  • 11 replies
  • 0 Likes

Resolved! Received Suspicious alerts "-- MARK --"

We are receiving suspicious alert from Palo Alto firewall on syslog server. how to stop receive these alerts. <46>Oct 24 05:50:14 PA-3020 -- MARK --<46>Oct 24 06:10:14 PA-3020 -- MARK --<46>Oct 24 06:50:14 PA-3020 -- MARK –

Karthi_N by L1 Bithead
  • 2398 Views
  • 2 replies
  • 0 Likes

Resolved! Self-Signed Certificate Issues

Hello everyone, I am trying to make a self-signed cert for use with Global-Protect in my lab. I go into Device, Certificates, Generate, give the cert a name, Root_GP_Cert, common name of 192.168.189.155 which is the WAN side IP Address. Click the Certificate Authority box and click ok. Then I click on Generate again, this time I use a differen...

GWynn by L3 Networker
  • 7942 Views
  • 2 replies
  • 0 Likes

Stateful Session rely on interface or Zone

Hi There, Currently, I'm testing redundancy for vWire pair. I have replicated the existing vWire and sub-interface configuration to another couple of interfaces. Now both the vWire pairs have identical configurations including the zone. I anticipated the stateful session to fail when the traffic switched from one vWire pair to another. But whe...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks