General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Ike -generic event : vendor id payload ignored

We are seeing continous ike genric event for vendor id payload ignored , tunnel is up traffic getting encrypted and decrypted.

what exactly does above error say.

Resolved! Given Tunnel Interface IP is wrong but still tunnel is up

I am seeing the Ip address give to the tunnel interface is wrong ( for the tunnel with AWS) , but tunnel came up and working without any issue.

Can anybody suggest on this. Would the IP address which we will give to the tunnel interface would not matt

...

Resolved! Behavior of the 3 possible options -SIP flow with TCP - SIP TCP cleartext

Hello good afternoon everyone LiveCommunity.

For an environment with TCP-SIP with the ALG disabled at App "SIP" level and/or with AppOverride, I would understand that these options should no longer generate any noise, problem or unwanted b

...

How to get/send DNS logs to on-prem SIEM -- DNS Proxy + DNS Security

Hello Community!

Wondering if anyone has this scenario / has experience with retrieving DNS security logs...

Remote Site Firewall setup:

- DNS Proxy Enabled (Rules direct internal domains to internal DNS servers across SDWAN, all other DNS request

...

SWITCHING PANORAMA VM FROM LEGACY MODE TO PANORAMA MODE failing

- We are trying to switch the Panorama device from Legacy mode to Panorama mode

SWITCHING PANORAMA VM FROM LEGACY MODE TO PANORAMA MODE

- https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPTzCAO

- Currently running on 8.1.x v

...

Resolved! Network Throughput Graphs are incoherent in PA-220

Hi,

We are experiencing an issue with the PA-220 network graphs displayed in one of our sites.

We know that the router in front of the firewall delivers a 90 Mbps (Megabit per second) max throughput. This measure has been verified extensively.

...

Resolved! Bring down IPsec tunnel manually

I am troubleshooting an issue where I need to bring down the IPsec tunnel manually, what is the best way to do this in GUI or CLI?

Thanks

Resolved! Unable to change password on LocalDB user, when added to AuthProfile

Hi People!

I'm using PanOS 10.2.2 on a PA-440. I have created a few LocalDB users and added them to a group. Then i've created an authentication profile and added this group to the allow list (also tried with "all"). Since these local users are also

...

IPsec tunnel on passive FW and Solarwinds alert

Hello,

We are currently running pair of 3260s in HA. When the IPsec tunnel goes down on primary FW, we get alerts from Solarwinds that both tunnels are down on primary and passive Firewalls. Is this normal condition? If so why would I receive alert on

...

Resolved! Why anti-virus default profile is read-only?

Hi, Why anti-virus default profile is read-only? cannot modify the settings for default profile using superuser account.

Anyone can please advise, thanks!

understand thermal check commands

Need help with understanding output for this.

show system state filter env.* | match thermal

env.s1.thermal.0: { 'alarm': False, 'avg': 55.000, 'desc': 6220 Core Temperature, 'hyst': 4.500, 'max': 95.000, 'min': 5.000, 'notified-avg': 55.000, 'samples

...

Resolved! Clone a Device Group?

Hi Guys,

I have Panorama with a few device groups; how do I clone one of them from GUI so I can do testing without impacting a production device group?

Thanks

Resolved! Is it possible to login to the passive device in HA without using mgmt port?

Hi.

Is it possible to login to the passive device in HA without using mgmt port?

Is console port only approach?

Is there no approach to login to the passive device in ha except mgt-port or cosole-port?

plese tell me...

Resolved! Only partial of template got pushed to the firewall.

Hi Guys,

I have a template in Paranoma and I pushed it down to a firewall, the firewall could only get 80% of the template. The Panorama didn't complain as there were no error messages after the push.

The firewall is currently missing interfaces'

...

Resolved! Unable to change hardware udp session offloading setting as false

Hello all,

I am using PA-440 on the PAN-OS 10.2.3-h4.

Due to performance degradation issues, hardware session offloading and hardware udp session offloading was changed to false through the following commands.

> configure # set deviceconfig setting ...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Ike -generic event : vendor id payload ignored

Resolved! Given Tunnel Interface IP is wrong but still tunnel is up

Resolved! Behavior of the 3 possible options -SIP flow with TCP - SIP TCP cleartext

How to get/send DNS logs to on-prem SIEM -- DNS Proxy + DNS Security

SWITCHING PANORAMA VM FROM LEGACY MODE TO PANORAMA MODE failing

Resolved! Network Throughput Graphs are incoherent in PA-220

Resolved! Bring down IPsec tunnel manually

Resolved! Unable to change password on LocalDB user, when added to AuthProfile

IPsec tunnel on passive FW and Solarwinds alert

Resolved! Why anti-virus default profile is read-only?

understand thermal check commands

Resolved! Clone a Device Group?

Resolved! Is it possible to login to the passive device in HA without using mgmt port?

Resolved! Only partial of template got pushed to the firewall.

Resolved! Unable to change hardware udp session offloading setting as false

Client-to-Site IKEv2 IPSec without GlobalProtect

GlobalProtect SAML Authentication Complete

how to generate an AWS Redis Auth code ?

How to validate Redis connection from vm-series on AWS ?

global counter tcp_case_2

Re: GlobalProtect 6.3.3

Re: GlobalProtect 6.3.3

Re: Support PAN-OS Software Release Guidance

Re: MFA external provider question

Re: GlobalProtect 6.3.3

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! Given Tunnel Interface IP is wrong but still tunnel is up

Resolved! Behavior of the 3 possible options -SIP flow with TCP - SIP TCP cleartext

Resolved! Network Throughput Graphs are incoherent in PA-220

Resolved! Bring down IPsec tunnel manually

Resolved! Unable to change password on LocalDB user, when added to AuthProfile

Resolved! Why anti-virus default profile is read-only?

Resolved! Clone a Device Group?

Resolved! Is it possible to login to the passive device in HA without using mgmt port?

Resolved! Only partial of template got pushed to the firewall.

Resolved! Unable to change hardware udp session offloading setting as false