This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4258 Views
  • 0 replies
  • 0 Likes

Resolved! how can i create a PBF rule to send traffic to a http/https proxy?

when i'm trying to set up the rule, where the next hop is the IP of the proxy - i get an error that this IP "does not match subnets defined on the PBF interface" - which is correct, it's on different subnet. What are my options? Do i have to have the proxy on the same subnet as the interface?

Resolved! Confused about QoS on Palo, need some assistance.

My understanding is that QoS only really applies to egress. The issue I faced this week was with Apple updates killing the ingress and impacting sip trunks. Egress didn't appear to be an issue. Now with that said, would applying QoS within our Palos help in any way when it comes to the sip trunks if the issue is with ingress being saturated? ...

Resolved! HTTPS Traffic Not Returning Via IPSec Tunnels

I have a customer who is using PAN appliances and we have a valid IPSec tunnel to a cloud provider. Traffic is fine for SSH and ICMP traffic in both directions. However, when we send HTTPS traffic across the tunnel the firewall logs suggest no bytes received and nothing past the SYN going out (we see no ACK etc.). From the client perspective it ...

Panorama Push Error

Hi Guys, We are trying to push configuration from Panorama HW to AWS Firewall but getting below error upon following the devsrv we see below: I am wondering what is "Unable to execute eproxy script. Error (512) " and how to go on resolving as it is not throwing any specific error msg to relate to an issue. Many Thanks, @BPry @kiwi

Pras_1-1695279652977.png
Pras_2-1695279721946.png
Pras by L4 Transporter
  • 3489 Views
  • 5 replies
  • 0 Likes

SSL inbound inspection certificate issue

I am trying to configure SSL inbound inspection for one of the application in our environment. I am not sure if the certificates that are being provided are correct and need some guidance for the same. Steps done: > Server team generated CSR in pkcs12 format and sent the same to our companies internal CA for signing. > Certs provided ...

Sukhmeet by L1 Bithead
  • 1369 Views
  • 1 replies
  • 0 Likes

One Global Protect Portal and Two Global Protect Gateways in One Firewall

Is this possible, One Global Protect Portal and Two Global Protect Gateways in One Firewall? For the second gateway, I'm planning to use a loopback interface with private IP that have a NAT public IP. The first gateway is the production VPN configured with on-demand, and MFA authentication The second gateway will be used to test the always on. W...

Generated custom reports have different results

Hello, I have a PA-3250 with version 9.1.11-h3. I have generated the August monthly reports on 9/13 and 9/16. I noticed the report generated on 9/13 has less traffic than 9/16. Could someone tell me the theory or reason why did this happend ? Thanks.   

20230920-1.PNG
20230920-2.PNG

Resolved! Disable USB Port on Firewall

Hi, Can we disable physical USB port on the Firewall? I didn't find how to disable this usb interface on the firewall. or is there any documentation how to disable this? Thanks, Denny

Resolved! PAN-SA-2023-0004 - GlobalProtect fix being worked on for this vulnerability?

https://security.paloaltonetworks.com/PAN-SA-2023-0004 This bulletin states that there is no fix for the GP Client. Does anyone know if they are working on one? The idea of locking down completely the local LAN could prove difficult and after a discussion with GoDaddy (our cert provider) they state they will not issue a cert with an IP addre...

Agent User ID problem

Hi everyoneI have a problem whith user ID agnet on Windows 2012 Server.I have a errorError - Failed to add mapping (x.x.x.x) - () - in x.x.x.x mains adress IP.Appears many times. Do you have any idea what is the reason this error ?? Regards Przemek

Active-passive HA with BGP to 2 ISPs, BFD + graceful restart

Hi, Anyone ever configured BGP + BFD + Graceful restart, trying to do this setup but not sure if there is any timers to ensure below. Can't find anywhere on any knowledge base. 1. when ISP link go down - BFD ensure seconds failover, ISP gateways are on same subnets attached through switches to Palo 2. when firewall failover - the BGP sessions s...

PetGoh1 by L1 Bithead
  • 9200 Views
  • 3 replies
  • 0 Likes

PA firewalls and HA across different GEO locations

Hi Support, We have Client in Cork want to know about the FW HA across Different Location. What are requirements for having fw cluster spread across different GEO locations (latency, delay, etc)?Is this recommended at all by PA? If yes, what kind of link is required for HA connectivity (L3, L2)? We have some ideas of spreading current firewall c...

NavidAlam by L3 Networker
  • 10996 Views
  • 5 replies
  • 0 Likes

Resolved! Panorama connectivity check failed for xxxx. Reason: TCP channel setup failed, reverting configuration

- We ran into an issue where the commits from Panorama were failing with error: • . Performing panorama connectivity check (attempt 1 of 1)• . Panorama connectivity check failed for xxxx. Reason: TCP channel setup failed, reverting configuration• . Configuration reverted successfully - We checked No validation errors while the commit failed- run...

  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks