General Topics
Showing results for 
Search instead for 
Did you mean: 

The Enhanced LIVEcommunity Experience is finally here! Learn all about it.

General Topics

Forum Posts

Registration now open - Interactive Event!

Hi everyone, If you haven’t already seen, registration is now open for our first interactive event all about the Best Practice Assessment (BPA) tool! You will be able to connect with subject matter experts, share best practices, and learn how this to...

jdelio by Community Team Member
  • 0 replies

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 45 replies

Resolved! Bringing up all interfaces in ESXI enviroment

Hi, I followed the docs when setting up a Palo Alto in an ESXI environment. I created 9 port groups for the device and connected each interface on the Palo Alto to one of them. When the Palo Alto came up all of the interfaces as not configured. If I ...

golariu by L1 Bithead
  • 2 replies

SSL certificate expiring soon

I have a wildcard cert issued by godaddy which I use for inbound decryption on approx 10 dmz servers. it is set to expire soon and we've got a new cert. how can I seamlessly import it and not break the client connections as my server admins servers c...


Hi all, I have some problems with LACP. Sometimes, randomly, the interfaces move out of AE-group.I can see from log this error message: "receive PDU partner does not match local actor ".Below the file l2ctrld.log . 2019-09-17 23:19:54.588 +0200 ether...

Chango by L1 Bithead
  • 10 replies

VPN problem

Hii have a problem. i have configured vpn ikev2 ipsec. When test vpn with CLI command( test vpn ipsec tunnel [name]) vpn gets up. But when other side try to connect, vpn do not get up.Also when i check system logs this logs appears:'IKE phase-1 negot...

URAN_725 by L1 Bithead
  • 3 replies

Dynamic DNS and an SSL cert

How can I use dynamic DNS and SSL cert on the outside interface of the palo alto for global protect? I do not have a problem paying for something but I figured there is a way. I do not have a "server" at my home that is always on so I would need the ...

Application incomplete or Non Applicable

I have seen this so many times and I am wondering who you deal with it efficiently when making a rule. I see a standard port of like 443 or 8080 but with a rule that has application defined as SSL or web-browsing it doesn't hit the rule due to the ap...

Resolved! Different Response Page for https and RDP traffic

I have configured MFA with Radius.It is for https and RDP trafficWhen we access http site we get response page to put Radius Credentialsbut when we do RDP connection to server we get different response pageNeed to know how can i make same response pa...

MP18 by Cyber Elite
  • 2 replies

Resolved! Using PA220 as a "switch"

Hey all, i got a question that im not sure how to solve.This is my setup/what i want to do do. I got a L3 internet line on Ethernet1On eth2 i got a CAT2960L with vlans 10 and 20.On eth3 i got a CAT2960L with vlans 10 and 20. I got 2 2802i with mobili...

holten by L1 Bithead
  • 4 replies

Pa220 problem with random reboot

We are having 2 x PA220 with latest software and they are rebooting when we are using web management. I am fustrated, I opened support ticket (own premium support) and I have two options; to downgrade to 8.1.x or wait 2 months for bug fix (HTTPd proc...

Resolved! SQL Cluster Through PA Firewall

We have Palo Alto firewalls with version 8.0 and need to allow SQL Cluster synchronization from one zone to another. The servers are Windows 2016 with MS SQL 2016. I'm not a SQL expert but tasked with a firewall rule between these clusters. I appreci...

Resolved! Test TLD

We block the "unknown" category in web browsing. This recently became an issue when an application needed to be accessed by its IP address. If the user hacked his HOSTS file to set the name test.test.test to that IP address, he was able to get to the...


Palo Alto interfaces configuration

Tell me, please, if the device is not registered on the portal, will the firewall work? I connected PA-220 with PA-820 by patch-cord, but in the CLI I don't see the MAC addresses on these ports. Addresses from the same subnet.PA-220 Eth 1/1 config:PA...

pa220.JPG pa820.JPG
Top Liked Authors