This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Global Protect Authentication with Okta Radius + LDAP Group Mapping

Recently stood up a GP Portal and Gateway for the company that I work for. At the moment, I just have a radius-auth-profile setup to point to our internal OKTA MFA Agent which works fine, however, I also need to read and identify Security Groups using AD so I can place users in specific GP permissions (split tunnel, no-split tunnel, ACLs, Depart...

SNMP Trap Monitoring

Hello, We were wondering about the feasibility of configuring SNMP traps for some of our Firewalls instead of using SNMP polling. Currently we're using SNMP polling to monitor information like : - Interface status - Interface bandwidth- Temperature - CPU Management and Data- Log Rate - Sessions- HA cluster In your documentation SNMP Monitoring...

Khassam by L1 Bithead
  • 5126 Views
  • 5 replies
  • 0 Likes

Resolved! How to escape a line feed in login banner via CLI?

What is the escape character/ sequence for LF or CR/LF in cli mode?Via web interface it is possible to create a multiline login banner with line breaks that looks like the example below.line 1 testline 2 loginline 3 bannerThis shows up tidy during login via cli and webinterface$ ssh -l admin 192.168.1.1line 1 testline 2 loginline 3 bannerPasswor...

panwmod by L0 Member
  • 10414 Views
  • 8 replies
  • 0 Likes

Resolved! New user creation error

Hey everyone, wanted to ask for some help, I created a new user with wrong email for SSO, is there a way to eliminate this user it is not showing under manage users so I was wondering where I can edit that. Thanks

arces01 by L0 Member
  • 2454 Views
  • 3 replies
  • 0 Likes

Issue with routing possibly?

Needing a little help. I have a PA 5220 within a secure enclave (so no connection to the internet). I can ping a gateway in another enclave without any issue but when I ping the network beyond that gateway I get no reply. My GW external interface and their GW external interface are on the same subnet and their internal network and my internal ne...

NFS sessions undecided after fail-over

Situation:NFS Client src:828 dst: 2049 --> PAN 7050 HA Cluster --> NFS Server (NFS Session is up and connected without issue) Palo alto cluster fail-over occurs (upgrade/issue - doesn't matter) NFS Client src:828 dst:2049 -->PAN (Session is marked as "undecided" and dropping the syn packets)The timer continues to reset on the session on...

Failed to delete certificate - Invalid Location / Permission Denied

Hardware: PA220 Version: 10.1.5-h1 I'm trying to use a certificate that appears to be having issues. I first noticed the issue when I attempted to create a certificate profile using a trust root CA. When I try to create the profile, it fails to create and has error message "CA -> *CA NAME* is invalid -> CA is invalid". I then went to e...

Resolved! Adding IP's on Policies on panorama

Hi All, Needing your suggestions i'm adding a list of ip addresses on policy that I created on branch and when I push it I got an error on NAT ISP 1, NAT is not a problem I knw because everything is working correctly. I notice that this has been added on dublin site so what I mean is there is a policy on dublin site then there is policy on bra...

weezy by L3 Networker
  • 1887 Views
  • 2 replies
  • 0 Likes

Layer 3 sub interfaces on Hyper-V

Hi all, I am trying to get Palo Alto VM series (10.2.3) to work with layer 3 sub interfaces on Hyper-V (2022).I configured interface/subinterface from the documentation (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRkCAK)I also tried it with removing the ip.adr 192.168.4.252/24I also tried setting the vSwitch to tr...

pa_subinterface.png

Resolved! Implementing Applications Over Services

We recently completed a migration and I am in clean up mode. I would like to utilize applications but we do some no decryptions exceptions rules that bypass decryption. I am concerned that without decrypting, the rule will break and traffic won't flow. What is a safe way to begin transitioning from services to applications?

Access PA-440 MGMT Interface via Cisco Switch

Hi Guys, I am working with below scenario and would like some help. As shown in diagram: A cisco switch IE3400 is connected with PA-440 with trunk connection and also one of the interface of switch is connected to MGMT port of PA-440. There are multiple VLANs in the network but I showed only the relevant in this case. Cisco Switch has Vlan 10...

Janmejay_Dave_1-1687412475430.png

Ensuring Accuracy: Introducing the Audit Date Stamp on LIVEcommunity

LIVEcommunity recently introduced a new feature to help you know when content has been reviewed for accuracy: the Audit Date Stamp. With this latest enhancement, you can now easily identify when an article has been audited, confirming that the information is current, screenshots are up-to-date, and any solutions or use cases function as expec...

JayGolf_0-1686676207668.jpeg
JayGolf by Community Team Member
  • 1704 Views
  • 1 replies
  • 1 Likes

Resolved! Packet drop in the Firewall

Recently, we did a Migration activity, From the Juniper SRX to Palo Alto. After successful Migration, we can notice that one drop over the PA firewall.We did troubleshooting from our end and in the global counter can see below error with drops flow_fpga_ingress_exception_err 1865 19 drop flow offload Packets dropped: receive ingres...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks