This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4456 Views
  • 0 replies
  • 0 Likes

Resolved! Import of SSL-TLS-cert failed. Mismatched public and private keys.

We are adding a new Web Server certificate for portal validation in our brand new firewall. We created the CSR in the Firewall and exported it to sign it with GoDaddy CA. Once we download the bundle from GoDaddy we extracted the root, intermediate, and server certificate in Base64 format.We can import the root and intermediate without any proble...

JorgeOrtega_0-1644162873316.png
JorgeOrtega_1-1644162904504.png

Can't create DNS Proxy using Panorama

ISSUEWhen try to configure DNS Proxy with panorama after commit we get next message error:dns-proxy -> xxxxx-> server-profile 'yyyyy' is not a valid referencedns-proxy -> LAN_speedup -> server-profile is invalid xxxxx ->dns proxy configuredyyyyy ->server dns profile created RESOLUTIONThe DNS server profile was added as a featur...

Marivi by L2 Linker
  • 8482 Views
  • 6 replies
  • 2 Likes

Resolved! Upgrade V9 to V10 issue

We have a number of 3020's coming to EOL and running max version 9.. We have purchased new PA-450's to replace these but they can only run on min version 10. When I load the config from 3020 to 450 commit fails as part of the config is either no longer viable or in the wrong place. I have been able to edit certain bits but not sure what else m...

Mick_Ball by L7 Applicator
  • 3563 Views
  • 4 replies
  • 0 Likes

Can not Login PA-HDF - Deploy Trial VM-Series OVA

I downloaded and deployed the Trial PA-VM for Private Cloud (vSphere7.0), but I could not log in using admin/admin at the "PA-HDF Login:" prompt.I searched the Community for similar issues, but could not find a specific solution. I am having trouble transitioning to the screen for entering the key to enter maintenance mode quickly enough.Could y...

dozor_mki_0-1690188881504.png

UserID WinRM-HTTPS and Kerberos

I tried generating a self signed certificate on the firewall and installed this on the domain controller and assigned it to WinRM-HTTPS. This worked but I can’t figure out why it’s rejecting the certificate from our internal CA.

s0lselcia by L4 Transporter
  • 1777 Views
  • 2 replies
  • 0 Likes

Certificate SSL Self Signed Expired GP SSL-TLS Profile Global Protect

Hello Live Community, how are you doing? I have the following doubt and concern If I have a PA configured with a Self Signed SSL certificate for Global Protect use, SSL/TLS profile for GP, and that certificate is is close to expiring. All the workstations that have the global protect client, have the certificate installed, so that it is re...

Metgatz by L4 Transporter
  • 4863 Views
  • 3 replies
  • 0 Likes

I'm planning to upgrade my Palo Alto firewall from version 9.0 to 10.1. Are there any critical points to consider before proceeding with the upgrade?

Hello I'm currently planning to upgrade my Palo Alto Networks firewall from version 9.0 to 10.1. As this is a critical operation, I want to ensure a smooth transition without any disruptions to our network and security policies. Before proceeding with the upgrade, I'd like to seek advice and insights from the community on the best practices to f...

VM Firewall Setup

Hi All, I am configuring the VM Firewall. I will not be able to manage the Firewall with the Mgmt Interface as customer has restricted only internet access and MPLS access. So decided to manage it via MPLS interface. There are 3 network adapters in ESXi host as per KB. 1 - Mgmt 2 - eth1/1 3 - eth1/2 Initially i configured eth1/1 with the /29 s...

Software upgrades hotfixes

1) I am planning to upgrade to 11.0.1 but I also see a 11.0.1-h2 - which one should I upgrade to (I'm on currently on 10.2.3) ? 2) On the support pages under software updates I'm filtered on 'PAN-OS for VM-Series'. Will this give me correct installation files for AWS EC2 ?

daz12 by L1 Bithead
  • 2881 Views
  • 3 replies
  • 0 Likes

Best way to aggregate multiple internet lines

I have 5 internet lines in my company, and currently I am aggregating them using the Firewall, using ECMP technique. the 5 internet lines have a different bandwidth (different speeds). the weighted round robing seems be the best way to go as I have an internet lines with different speed and I want to assign more traffic to the higher bandwidt...

Vencola by L0 Member
  • 2060 Views
  • 1 replies
  • 0 Likes

show system logdb-quota missing globalprotect stats

I wanted to use the "show system logdb-quota" CLI command on our Panorama VM to determine the retention days for GlobalProtect and it appears to be missing in this command. Is there another that can give you the number of days properly? I only get system, config, hip-reports and appstat returned when I issue that command. I seem to be running...

files are occupying under traps.

files are occupying under traps. [root@xyz opt]# du -sh * |grep G5.9G traps[root@xyz opt]# pwd/opt[root@xyz opt]# cd traps[root@xyz traps]# du -sh * |grep G4.7G ecl[root@xyz traps]# du -sh * |grep M80M bin479M download25M glibc67M lib11M lib3216M local_analysis256M ltee23M persist74M python230M shared_packages[root@xyz traps]# pwd/opt/traps[root...

Resolved! Migration from HA pair PA-3220 running PanOS 9.1.16 to HA pair of PA-1420 running 11.0.2

Hello, as the Subject' saying, i'm facing this issue - what is the recommended procedure? While I'm considering upgrading my 3220 pair to 10.1.10 prior to migration (I'm not that keen to go all the way to 10.2.4) and i'd prefer to avoid the upgrade process entirely if possible - so the Subject still stands. As it is now, my setup is running 5...

Manu_P by L2 Linker
  • 3335 Views
  • 2 replies
  • 0 Likes

HTTP/1.1 404 object not found

Hi Team, HTTP/1.1 404 object not found We are seeing this error when the traffic is passing through the Palo. When we bypass palo it works absolutely fine. May i know what could be causing this? Regards, Sanjay S

  • 24377 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks