This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Resolved! Windows Defender is not getting replaced by Cortex XDR

We have experienced subjected issue on few VMs running on Windows server operating system. As per my usual experience, once we install Cortex XDR on a Windows machine, Windows defender is getting replaced by Cortex XDR right? But it is not happening in a few servers.

DS1465 by L1 Bithead
  • 2927 Views
  • 2 replies
  • 1 Likes

Licensing DNS Security

I am trying to register our DNS Security. I have the purchased Auth Code, but I cannot where to add it in the customer support portal. I tried to add it under PRODUCTS --> Assets. My part number is PAN-PA-5220-DNS-5YR.

PAN OS LDAP producing DCOM 10036 error on all servers

Seems not long after PAN OS upgrade to 10.1.3 we started seeing errors in our system event viewer logs for DCOM 10036 coming from our account that we use for LDAP on our PAN OS. They all reference the IP of our PAN OS as the originator. The logs are full of this error sometimes 3 or 4 times on the hour. Normally, I dont pay a lot of attention...

SRashedi by L0 Member
  • 16641 Views
  • 4 replies
  • 0 Likes

HA timers value - Monitor Fail Hold Up Time - Additional Master Hold Up Time - Doubts

Hello Live Community, good evening, thanks a lot for your time and colaboration. I have a question regarding the value of "HA timer - Additional Master Hold Up Time" by default is 500 ms. In the documentation it indicates that this is an additional value to the "Monitor Fail Hold Up Time (ms)" that is to say, how many examples are an Interface...

Metgatz by L4 Transporter
  • 2355 Views
  • 2 replies
  • 0 Likes

SSL Decryption - replacing Forward Trust Certificate not working for IOS devices

Hi All, The Forward Trust certificate on a PA-820 firewall pair was expiring, so we issued a new SubCA certificate from the Windows ADCS root CA server and updated it on the firewall. The certificate was imported with a 2048bit key and there is a password on the key. Since switching over to the new certificate for forward trust (SSL Decryption),...

Ben-Price by L4 Transporter
  • 9205 Views
  • 6 replies
  • 0 Likes

Response Page not displayed when using security policy to deny URL category

Hi There, I have configured a security policy to block a URL category using the Service/URL Category method and my action is deny. This works and the category is denied, however the block response page is not displayed. Instead i get "This site can’t be reached" and "ERR_CONNECTION_RESET". When i block the same category using the URL Filtering S...

nailing up an ipsec vpn?

I have a site to site ipsec vpn between two Palo firewalls. A always initiates the tunnel to B. Is there a way i can make A always keep the tunnel up even when interesting traffic is not present?

Interzone default deny rule with logging is allowing traffic and shows up in traffic logs

We have a PA-3220 which is running in 10.2.4 Pan OS, we observed something really weird in the traffic logs this morning which shows 'ms-rdp' connections allowing through the default interzone deny rule which we re-verified again to see it is still set to 'deny' and no one really touched the rule. This is really freaking us out? Any insight on w...

Akhil_B by L2 Linker
  • 9706 Views
  • 7 replies
  • 0 Likes

IPSec Child-SA rekey negotiation fails

Our customer encounter intermittent connectivity issue with IPSec IKEv1 during phase 2 rekey of IPSec Child-SA. We open case with the IPSec peer device vendor, they mention that PAN is not sending message to R2011 (IPSec peer) for deleting the SA when the SA negotiation fails. Summary of issue: On IPsec PA-850 peer device log, it shows IKE ph...

Configure L2 service on Active-Active Mode

I'am using PAN-PA-3220 We want to setup this model with: 1. HA (active-active) 2. Interface configuration using Layer 2 configuration Is it possible to done it?. as when I try to create Layer 2 configuration. It always pop out error "Layer 2 unable to configure due to HA in active-active mode. Can help to suggest or any ways to do it? *ps: c...

Hazzuan by L0 Member
  • 1558 Views
  • 1 replies
  • 0 Likes

SSO not working properly

I have just setup SSO in our new eng panorama. When I tested it initially it gave me the error message "Error Displaying SAML error response page". I reached out to our team and it was noticed that the new saml app had fewer claims and attributes than the already existing saml app for our prod panorama. So we modified the settings of the new sam...

Bumenang by L1 Bithead
  • 4577 Views
  • 1 replies
  • 1 Likes

Resolved! Moving some connections to the New PA

We have this setup for one site ------Dis sw--------------Edge switch stack of 3 ----------40 users we need to move few users behind the PA . what can be best design for this as we only need to have 5 to 10 users behind the PA 850.? Should we connect small switch to the existing stack of switch ?

MP18 by Cyber Elite
  • 7927 Views
  • 15 replies
  • 0 Likes

Certificate delete

Hi i have a problem certificate delete. But sow error Failed to delete Certificate - CaptivePortal. ° CaptivePortal cannot be deleted because of references from: i look to to ssl/tls service profile list not show profiles. plase help mee

btadmin by L1 Bithead
  • 2278 Views
  • 6 replies
  • 0 Likes

Resolved! Configuring multiple DHCP scopes via single layer 3 interface

Hi All, I am running PanOS 10.1.0 vm image. Devices are connected as mentioned below. Firewall E1/2 ---> L3 switch ---> Vlan 10, Vlan 20 I would really appreciate if some can tell me how to configure two DHCP scopes for Vlan 10 and Vlan 20 in PA firewall because once I configured one scope under E1/2 , for second scope E1/2 is not appearin...

gayansasamarakoon_0-1634935691287.png
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks