This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

PA-5400, 3400 series DP memory check

Dear Team, For existing firewall models, I can check the DP's memory through the 'tail follow yes dp-log dp-monitor.log' command. However, new devices(PA-3400, PA-5400) do not have a dp-log path itself. Is there a way to check dp memory on new firewall models?

Resolved! Ha config not in sync

Hi Guys. I have a Palo 220 in HA A/P managed by the panorama. The customer made mgmt IP change and Added a Zone but then ever since the config is out of Sync Between the HA pairs. So all the articles are referenced, request high-availability sync-to-remote running-config' has been performed from both passive and active fw, force committed, pushe...

Pras by L4 Transporter
  • 4183 Views
  • 4 replies
  • 0 Likes

HSCI Link flapping

Hey all, I had to RMA one of my PA-3220s and rebuilt my HA just recently. After getting everything up to 9.1.11-h3 my HSCI link just doesn't stay up between the two 3220s. One side has green HSCI links, but the other side is dark. -Replaced fiber jumper/cable -Tested fiber jumper/cable and it's functional -Swapped SFPs. I'm using Cisco 10G SR ...

DNS Sink Hole Data Base

Hello Gentlemen, Could you please tell me where I can locate the DNS SinkHole database? I need to use it to determine whether a specific website is operating properly. Any suggestions on where I could look for that? Under DNS Sinkhole activities, all I can see are categories only. Thank you.

Code On Firewall Not Mine

Hello, I ran a config audit today and found some uncommitted code that was not mine. Is it possible that a dynamic update had some uncommitted code in the config? Thanks MJF

Problem with export&push config to newly added firewall in panorama

Hello, We are trying to add new firewall to panorama . We follow the steps from the instruction for adding HA cluster to Panorama. But when we get to the step with export&push device config we get an error: Validation Error: plugins unexpected here vsys is invalid Software version of panorama and firewalls is 11.0.1-h2 We tried sev...

stef by L2 Linker
  • 2192 Views
  • 4 replies
  • 0 Likes

GlobalProtect SAML Metadata

Hi Experts, I have configured Azure SAML SSO for GlobalProtect. When I try to export Metadata from PaloAlto FW for global-protect service, there is a mandatory section to select which virtual system. But in my case, there is no virtual system to select from. I am not sure what's the issue. Any idea what's going on? Thanks for your help in advance!

SAML metadata.PNG

Unable to connect to sysd

Hi I am trying to install PanOS 10.2.5 into Eve-ng. When i go to login i get the following error I am running 8.1 no problem and have tried multiple images. I see in some websites to ignore the error but i cant even log in. Any help would be greatly appreciated.

mzedalis_0-1697652044520.png
mzedalis by L0 Member
  • 3762 Views
  • 1 replies
  • 0 Likes

Panorama Minimum Requirements for AWS Deployment

Hi all, I am new to Panorama management, and I am specing out a new deployment for a client. 1 - VM PA in AWS 1 - PA 440 for Office We want to manage the VM and 440 PA with Panorama. Looking at the AWS deployment documentation https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/set-up-panorama/set-up-the-panorama-virtual-applian...

sethcd by L0 Member
  • 4332 Views
  • 3 replies
  • 0 Likes

Policy-Based IPsec VPN Failover

Hello everyone, I have a case, where we have configured two site-to-site VPN connections to our partner's primary and backup datacenters. Both tunnels are policy-based IPsec VPNs with Proxy-IDs configured and both use the same local/remote inner IP addresses. This is a single ISP/single virtual router environment. For example this is a sample ...

Flang3r by L2 Linker
  • 15101 Views
  • 15 replies
  • 0 Likes

Use of HA2 and HA3 port Active-Active-Active

Hello,We have changed PA-5220(10.1.6-h6) by the PA-3420(10.2.5) , and we have detected that much more traffic is being sent by the HA2 and HA3 ports. Being unbalanced, it saturates a port of HA2 and may cause an error in the synchronization of sessions. Does anyone know how to check this or know the reason why this is happening? Thanks

Alpalo by L4 Transporter
  • 2072 Views
  • 1 replies
  • 0 Likes

Resolved! add a name to an address object in an address group xml api paloalto

I'm trying to add an address object to an address group, but it won't let me add it. I get this error: <response status="error" code="12"><msg><line><![CDATA[ "nameAddressGroup" -> static 'nameAddressObject' is not a valid reference]]></line><line><![CDATA[ "nameAddressGroup" -> static is invalid]]&...

AlexMC by L0 Member
  • 2041 Views
  • 2 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks