This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

One Global Protect Portal and Two Global Protect Gateways in One Firewall

Is this possible, One Global Protect Portal and Two Global Protect Gateways in One Firewall? For the second gateway, I'm planning to use a loopback interface with private IP that have a NAT public IP. The first gateway is the production VPN configured with on-demand, and MFA authentication The second gateway will be used to test the always on. W...

Generated custom reports have different results

Hello, I have a PA-3250 with version 9.1.11-h3. I have generated the August monthly reports on 9/13 and 9/16. I noticed the report generated on 9/13 has less traffic than 9/16. Could someone tell me the theory or reason why did this happend ? Thanks.   

20230920-1.PNG
20230920-2.PNG

Resolved! Disable USB Port on Firewall

Hi, Can we disable physical USB port on the Firewall? I didn't find how to disable this usb interface on the firewall. or is there any documentation how to disable this? Thanks, Denny

Resolved! PAN-SA-2023-0004 - GlobalProtect fix being worked on for this vulnerability?

https://security.paloaltonetworks.com/PAN-SA-2023-0004 This bulletin states that there is no fix for the GP Client. Does anyone know if they are working on one? The idea of locking down completely the local LAN could prove difficult and after a discussion with GoDaddy (our cert provider) they state they will not issue a cert with an IP addre...

Agent User ID problem

Hi everyoneI have a problem whith user ID agnet on Windows 2012 Server.I have a errorError - Failed to add mapping (x.x.x.x) - () - in x.x.x.x mains adress IP.Appears many times. Do you have any idea what is the reason this error ?? Regards Przemek

Active-passive HA with BGP to 2 ISPs, BFD + graceful restart

Hi, Anyone ever configured BGP + BFD + Graceful restart, trying to do this setup but not sure if there is any timers to ensure below. Can't find anywhere on any knowledge base. 1. when ISP link go down - BFD ensure seconds failover, ISP gateways are on same subnets attached through switches to Palo 2. when firewall failover - the BGP sessions s...

PetGoh1 by L1 Bithead
  • 8907 Views
  • 3 replies
  • 0 Likes

PA firewalls and HA across different GEO locations

Hi Support, We have Client in Cork want to know about the FW HA across Different Location. What are requirements for having fw cluster spread across different GEO locations (latency, delay, etc)?Is this recommended at all by PA? If yes, what kind of link is required for HA connectivity (L3, L2)? We have some ideas of spreading current firewall c...

NavidAlam by L3 Networker
  • 10879 Views
  • 5 replies
  • 0 Likes

Resolved! Panorama connectivity check failed for xxxx. Reason: TCP channel setup failed, reverting configuration

- We ran into an issue where the commits from Panorama were failing with error: • . Performing panorama connectivity check (attempt 1 of 1)• . Panorama connectivity check failed for xxxx. Reason: TCP channel setup failed, reverting configuration• . Configuration reverted successfully - We checked No validation errors while the commit failed- run...

Firewall integration to Panorama with initial/default device Post-Rules

Hello, firstly, apologies for the long winded background info to explain my requirements !! I've a large project with hundreds of Firewalls to deploy. All initial base-configuration and Panorama-integration will be completed via the use of various specific templates, template-stacks and parent/child/grand-child device groups, achieved via auto...

GlobalProtect on Mac 13.4.1 ("msgtype = hip" rather than "msgtype = portal")

I'm looking over the log files of a Mac (v13.4.1) that cannot connect using GlobalProtect (v6.1.1-5). I'm comparing it to another Mac running the same OS which works, and in the PanGPS.log files I'm seeing this difference: Working: Line 53: P10741-T259 07/19/2023 15:37:40:147 Debug( 759): CPanMSService::Init connect timeout 5, received timeout...

Management Interface down

Hello, i have the problem that I have two PA-445 as HA clusters where the management interface does not have an uplink.I've already tried several cables and switches, but unfortunately I can't get an uplink on the interface.There is no spanning tree on the switches, all ports are active.Type: 1000T, Mode Auto, Flow disabled.Switch port: VLAN 1...

Resolved! Negate Deny Rule

Hi All, I have a negate rule on the firewall Souce Address - 10.1.1.1(Negate) Destination Address- Any Service- https Action- Deny Does it mean that it will allow 10.1.1.1 and deny everything or does it mean that it will deny everything and then I need to create an accept rule to allow 10.1.1.1. Will 10.1.1.1 be allowed through this negate...

Ujbal89 by L0 Member
  • 1550 Views
  • 1 replies
  • 0 Likes

Resolved! Secure Renegotiation in PANOS 9x?

I'm seeing some posts stating that Secure Renegotiation is not supported on the Palo Alto platform. Is this still true for the latest release, v9.x? If so, how is it enabled?

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks