This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Resolved! Honeypot - block IPs

We are looking at creating a Honeypot Website. The idea is to set it up with a much more restricted vulnerability profile so when hackers are scanning for certain vulnerabilities in the low and informational category their IP is blocked. The question I have is whether this is a global block, as in that IP would be blocked from hitting any extern...

craymond by L4 Transporter
  • 2897 Views
  • 2 replies
  • 0 Likes

Dual ISP VPN failover with single VR

Hi All, looking for some assistance to configure VPN failover for DR/BCP. I've attached a basic diagram below Currently, static route monitoring is set up on the outside interfaces of the firewalls at Site A, so if upstream from Site A ISP 1 fails Site A will use Site A ISP 2 to start forwarding traffic out.From Site A we have two VPN tunnels bu...

Screenshot 2022-06-28 at 15.52.22.png

Use Cases - Autotagging - Using Dynamic Groups

Hello Live Community, good afternoon, thanks for your time and comments. About automating and anticipating some possible blockages and denials using Dynamic Groups - Autotag can you support me and comment me with some use cases ? Also, if you have implemented it, has it brought you good results ? does it work as expected ? what is th...

Metgatz by L4 Transporter
  • 1898 Views
  • 1 replies
  • 0 Likes

Resolved! Prisma direct access to Azure

Hello, I connect from home via Prisma to on-prem. I have a few domain controllers setup for pre-logon etc. - what if my domain controllers were all offline or the firewall was offline - can i have a domain controller in Azure I have setup a site to site VPN from Azure to my firewall and can copy data across but dont know yet how to get my Pris...

ohareka by L1 Bithead
  • 3237 Views
  • 3 replies
  • 0 Likes

Resolved! what does "SWITCH" in hardware architecture mean?

One of my customers is using PA-3020 and thinking about replace. When I comparing following diagrams, I have one question. PA-3020 has dedicated "signature matching", "security processing", and "network processing" as below Compare to above, PA-400 has ONE dedicated processor with 3 features included. PA-3200 has THREE dedicated processo...

Image 004.png
Image 003.png
Image 001.png
Image 002.png
emr_1 by L5 Sessionator
  • 7277 Views
  • 3 replies
  • 2 Likes

PA850 10.0.8-h2 upgrade to latest

Hello, We have a customer with PA-850 running 10.0.8-h2 and they want to upgrade to latest. As this firewall is placed in totally isolated environment and the customer wont allow to connect internet on firewall. This firewall is in HA peer mode. Any guidelines to upgrade to latest OS for PA 850 as offline mode? Thanks in advanced

Resolved! Active / Active HA IPsec tunnel setup.

Hi, We have an Active/ Active firewall between 2 datacenters. We have configured a single tunnel on a floating IP that is Active in Datacenter A to a remote Partner. Firewall in DC A is currently in Active Secondary State, Firewall in DC B is currently in Active Primary state. The tunnel has both phases up on the firewall in DC A and only t...

zGomez_1-1681909533187.png
zGomez by L3 Networker
  • 4663 Views
  • 1 replies
  • 0 Likes

how can I stay up to date on the latest security trends and vulnerabilities to better protect my network?

Hi everyone, I'm new to network security and I'm wondering how I can stay informed about the latest security trends and vulnerabilities to better protect my network. Are there any particular resources you recommend, such as security newsletters, blogs, or online communities? Additionally, are there any best practices you would suggest for stayin...

gabriell by L0 Member
  • 1437 Views
  • 1 replies
  • 0 Likes

SYSTEM ALERT : critical : Out of memory condition detected, kill process 8000

We have two HA pair PA 5060 fw on PAN OS version 8.1.23, wherein the system logs, we see below OOM issue. Device up time is 352 days. SYSTEM ALERT : critical : Out of memory condition detected, kill process 8000 We have checked in the preferred releases for 8.1.* we don't see any publicly documented addressed OOM issues. We do see some i...

Enquiry regarding Palo Alto Firewall Model: PA-3250

Hi Palo Alto support, I would like to enquire the following questions pertaining our existing firewall. If our Palo Alto fw fails in the OS layer, does the traffic still passes through? If our Palo Alto fw fails in the hardware layer, does the traffic still passes through? When our Palo Alto fw boots up, deos the OS layer comes up first or et...

Resolved! Multiple Global Protect gateways on same firewall

I have a PA-3020 that will have two ISP connections. Primary ISP interface will be used for the Global Protect Portal and Primary Gateway using tunnel.1. Is it possible to have a second gateway using tunnel.2 on the same firewall using the secondary ISP interface? Also, if the Portal is only on the primary ISP interface and that connection is...

DNS Signature Lookup Timeout Error

I'm seeing quite a lot of messages logged in the syslog output from my PA VM-100 running PAN-OS 10.0.0: Aug 19 07:31:29 firewall-1 1,2020/08/19 07:31:29,007051000047085,SYSTEM,general,2560,2020/08/19 07:31:29,,general,,0,0,general,medium,"DNS signature lookup timed out",1461969,0x0,0,0,0,0,,firewall-1,0,0,1970-01-01T10:00:00.000+10:00What exactl...

Resolved! Wildfire-Content

Hi Guys, On Panorama - Device Deployment - Dynamic Updates, I see WildFire-Content and WildFire. Wildfire-Content: there are releases but they have never been downloaded nor installed. Wildfire: the releases downloaded and installed per schedule. On Panorama, what are the difference between Wild-Content and Wildfire? On the NGFW, there...

tinhnho by L3 Networker
  • 2225 Views
  • 2 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks