General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Firewall Config Templates(network) not showing up in Panorama

Yesterday we had to reboot one of our firewalls that is managed by the panorama. After the reboot, we noticed that half the config is no longer showing in the panorama. Everything appears to be ok locally on the firewall (panorama pushed config and i

...

Resolved! Can SAML Azure be used in an authentication sequence?

Some users need to be authenticated using MFA with SAML and azure, and some others need to be authenticated using SSO.

Can this be done using an authentication sequence?

Ike -generic event : vendor id payload ignored

We are seeing continous ike genric event for vendor id payload ignored , tunnel is up traffic getting encrypted and decrypted.

what exactly does above error say.

Resolved! Given Tunnel Interface IP is wrong but still tunnel is up

I am seeing the Ip address give to the tunnel interface is wrong ( for the tunnel with AWS) , but tunnel came up and working without any issue.

Can anybody suggest on this. Would the IP address which we will give to the tunnel interface would not matt

...

Resolved! Behavior of the 3 possible options -SIP flow with TCP - SIP TCP cleartext

Hello good afternoon everyone LiveCommunity.

For an environment with TCP-SIP with the ALG disabled at App "SIP" level and/or with AppOverride, I would understand that these options should no longer generate any noise, problem or unwanted b

...

How to get/send DNS logs to on-prem SIEM -- DNS Proxy + DNS Security

Hello Community!

Wondering if anyone has this scenario / has experience with retrieving DNS security logs...

Remote Site Firewall setup:

- DNS Proxy Enabled (Rules direct internal domains to internal DNS servers across SDWAN, all other DNS request

...

SWITCHING PANORAMA VM FROM LEGACY MODE TO PANORAMA MODE failing

- We are trying to switch the Panorama device from Legacy mode to Panorama mode

SWITCHING PANORAMA VM FROM LEGACY MODE TO PANORAMA MODE

- https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPTzCAO

- Currently running on 8.1.x v

...

Resolved! Network Throughput Graphs are incoherent in PA-220

Hi,

We are experiencing an issue with the PA-220 network graphs displayed in one of our sites.

We know that the router in front of the firewall delivers a 90 Mbps (Megabit per second) max throughput. This measure has been verified extensively.

...

Resolved! Bring down IPsec tunnel manually

I am troubleshooting an issue where I need to bring down the IPsec tunnel manually, what is the best way to do this in GUI or CLI?

Thanks

Resolved! Unable to change password on LocalDB user, when added to AuthProfile

Hi People!

I'm using PanOS 10.2.2 on a PA-440. I have created a few LocalDB users and added them to a group. Then i've created an authentication profile and added this group to the allow list (also tried with "all"). Since these local users are also

...

IPsec tunnel on passive FW and Solarwinds alert

Hello,

We are currently running pair of 3260s in HA. When the IPsec tunnel goes down on primary FW, we get alerts from Solarwinds that both tunnels are down on primary and passive Firewalls. Is this normal condition? If so why would I receive alert on

...

Resolved! Why anti-virus default profile is read-only?

Hi, Why anti-virus default profile is read-only? cannot modify the settings for default profile using superuser account.

Anyone can please advise, thanks!

understand thermal check commands

Need help with understanding output for this.

show system state filter env.* | match thermal

env.s1.thermal.0: { 'alarm': False, 'avg': 55.000, 'desc': 6220 Core Temperature, 'hyst': 4.500, 'max': 95.000, 'min': 5.000, 'notified-avg': 55.000, 'samples

...

Resolved! Clone a Device Group?

Hi Guys,

I have Panorama with a few device groups; how do I clone one of them from GUI so I can do testing without impacting a production device group?

Thanks

Resolved! Is it possible to login to the passive device in HA without using mgmt port?

Hi.

Is it possible to login to the passive device in HA without using mgmt port?

Is console port only approach?

Is there no approach to login to the passive device in ha except mgt-port or cosole-port?

plese tell me...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Firewall Config Templates(network) not showing up in Panorama

Resolved! Can SAML Azure be used in an authentication sequence?

Ike -generic event : vendor id payload ignored

Resolved! Given Tunnel Interface IP is wrong but still tunnel is up

Resolved! Behavior of the 3 possible options -SIP flow with TCP - SIP TCP cleartext

How to get/send DNS logs to on-prem SIEM -- DNS Proxy + DNS Security

SWITCHING PANORAMA VM FROM LEGACY MODE TO PANORAMA MODE failing

Resolved! Network Throughput Graphs are incoherent in PA-220

Resolved! Bring down IPsec tunnel manually

Resolved! Unable to change password on LocalDB user, when added to AuthProfile

IPsec tunnel on passive FW and Solarwinds alert

Resolved! Why anti-virus default profile is read-only?

understand thermal check commands

Resolved! Clone a Device Group?

Resolved! Is it possible to login to the passive device in HA without using mgmt port?

Global Protect - split tunnel catching too much

A palo alto command doesn't stay after reboot?

Where did the critical issues page move?

Zero-Trust Strategy for Prisma

Undetected APP dependency?

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Re: Undetected APP dependency?

Re: Query on URL category change

Re: IPSec VPN not getting any response from peer

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! Can SAML Azure be used in an authentication sequence?

Resolved! Given Tunnel Interface IP is wrong but still tunnel is up

Resolved! Behavior of the 3 possible options -SIP flow with TCP - SIP TCP cleartext

Resolved! Network Throughput Graphs are incoherent in PA-220

Resolved! Bring down IPsec tunnel manually

Resolved! Unable to change password on LocalDB user, when added to AuthProfile

Resolved! Why anti-virus default profile is read-only?

Resolved! Clone a Device Group?

Resolved! Is it possible to login to the passive device in HA without using mgmt port?