General Topics

Discussions

Sorted by:

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

SAML Configuration between Palo alto and WorkspaceOne

PAN-OS 10.1.8-h2:

I want to configure SAML for palo alto and Workspaceone I m getting an SSL handshake failed Failed to load URL on my linux machine when i log in and on the WS1 interface and put the token. and for my windows maching the global prote

...

What is error "management server failed to send phase 1 abort to client logrcvr" and "management server failed to send phase 1 client ssl VPN" ?

Hi All,.

PAN OS 4.1.11 and we are using user id feature,.. is this is due to bug in this release for "high management CPU utilization" ?

What is error "management server failed to send phase 1 abort to client logrcvr" and "management server failed to s

...

Resolved! LACP interface ethernet1/24 moved out of AE-group ae1

Hi Guys,

We are getting "LACP interface ethernet1/24 moved out of AE-group ae1" through syslog (emailed) multiple times in a day on PA 3410 running on PAN OS 10.2.3 in HA active/passive. The switch in use is Aruba 8320

Interesting the same msg is rec

...

Resolved! Palo Alto Layer 2 bridging

Any idea on when or if PAN is going to produce the functionality to do layer 2 bridging (example, traffic on vlan 300 would be directed to vlan 3000...etc? Right now the function only seems to be possible when in conjunction with a physical interface

...

Resolved! Palo Alto BGP routes from Azure

Palo 5220 running at the edge, using VPN tunnel to Azure virtual WAN running eBGP. Palo iBGP peered to switches, switches peered eBGP to Azure Express Route. My issue is VPN route is always installed in route table rather than express route, I assume

...

Enable DNS Cloud Security

Dear All,

I generated BPA Report for Panos 10.2.3 but I need to know how to enable it DNS Cloud Security ?

Best Practice Checks

DNS Cloud Security (Fail)

Configure DNS cloud security and set the action to Sinkhole and packet capture to a si

...

Resolved! New Panorama deployment - templates question

We have a new Panorama deployment. We are deploying the first pair of PA440 HA pair. The question I have is around templates and template stacks. Do we create individual template-stack for each and every site that we will deploy Palo Alto firewall

...

Use Cases Vlan re-tagging/VLAN-Translation - Supported by Layer 2 and Vwire Interfaces or just Layer 2?

Use Cases Vlan re-tagging - Supported by Layer 2 and Vwire Interfaces or just Layer 2?

Hello Live Community, good afternoon, thank you very much for the usual good vibes, comments, advice, collaboration, etc.

One question, in which Use cases do y

...

Palo Alto interfaces in Layer 2 - Portchannel - Log Monitor more details

Palo Alto interfaces Aggregate Ethernet mode Layer "2" - Log Monitor more details

Hello Live Community, good afternoon, I have a huge question regarding what I see in the log monitor of some firewalls with Layer 2 Portchannels with sub-interfaces t

...

Resolved! Virtual router not getting attached

2 Azure VMs managed from same panorama template. Adding a loopback interface and IP but virtual router getting attached to only in 1 VM. They are not in HA and are separate firewalls.

It won't even let delete it on this firewall. getting message be

...

Palo Alto Networks Approved

Newbie looking for some guidance

Hello everyone. I am new to Palo Alto firewalls. We have bought many new PA-440's and I am having trouble with my very first installation.

I have a site that is currently using a TP-Link AX1500 router.

Very simple setup.... ISPmodem----WANportOfA

...

Palo Alto Networks Approved

Resolved! System logs view option missing

Hi,

We have recently upgraded all our PA firewalls from 4.1.7 to 4.1.9. I no more see the system logs option. It used to be available earlier. I see the recent system logs on the Dashboard. How do I see system logs?

Palo Alto Networks Approved

Resolved! Auto Commit Fails and prevents 10.2.0 Installation on ESXI 6.5

Hi Guys,

Auto Commit Fails and prevents 10.2.0 Installation (upgrade from 10.1.x) on ESXI 6.5 on Active-Active FW where as the peer (on Active-Passive) had no issue.

My question is, as per https://docs.paloaltonetworks.com/compatibility-matrix/vm-ser

...

Palo Alto Networks Approved

Resolved! QoS cleartext match issue

We have setup similar to as below

I created/applied default QoS profiles on AE1 and AE5. However in order to be more granular I want to apply on individual subnets.

As in this example we want to use separate QoS profile for 10.129.0.0/16 subnet for

...